Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I think my laptop is infected by virus idk, pls help me. [Closed]

Virus malware malware removal trojan microsoft word software issue antivirus installation

  • This topic is locked This topic is locked

#1
jasmallari12

jasmallari12

    New Member

  • Member
  • Pip
  • 5 posts

Hi, I'm currently having trouble on my laptop. Whenever I opened it, it will automatically open a folder. Plus, there is a pop message that says "the application cannot start"

I was also trying to install an antivirus software which is the AVAST, unfortunately my laptop won't allow me to run the app.

It will try to run, but eventually it'll get disrupted with a message, "We are sorry but there seems to be a problem connecting to Avast servers! Check your internet connection and run the installer again". I already tried the offline installation of the software but I got the same error. I also tried other antivirus software with no luck :( . I also got another problem opening my Microsoft Word app, it always crushed.

I have Windows 7 by the way.

 

Here is the scan results of FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.02.2019 01
Ran by customer (administrator) on CUSTOMER-PC (26-02-2019 21:45:52)
Running from C:\Users\customer\Downloads
Loaded Profiles: customer (Available Profiles: customer)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Program Files (x86)\CryptoTab Browser\Application\browser.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) [File not signed] C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\CryptoTabCrashHandler.exe
(CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\CryptoTabCrashHandler64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Borislav Surbat -> MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391096 2019-01-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505840 2019-01-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1781760 2017-04-13] (Smadsoft) [File not signed]
HKLM-x32\...\Run: [CryptoTab Browser] => C:\Program Files (x86)\CryptoTab Browser\Application\browser.exe [1867304 2019-02-15] (CRYPTOCOMPANY OÜ -> The Chromium and CryptoTab Browser Authors)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [uTorrent] => "C:\Users\customer\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [C:/Program Files (x86)/Media Freeware/Free Youtube To MP3 Downloader/Free Youtube to Mp3 Downloader.exe] => C:\Program Files (x86)\Media Freeware\Free Youtube To MP3 Downloader\Free Youtube to Mp3 Downloader.exe
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [Opera Browser Assistant] => C:\Users\customer\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2558495 2019-02-21] (Opera Software AS -> Opera Software) [File not signed]
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [735336 2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-12] (Borislav Surbat -> MyCity)
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\MountPoints2: {e9c5f2a4-38ec-11e9-aab7-3859f9d06b3b} - G:\SETUP.EXE
HKLM\Software\Microsoft\Active Setup\Installed Components: [{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}] -> C:\Program Files (x86)\CryptoTab Browser\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-25] (CRYPTOCOMPANY OÜ -> The Chromium and CryptoTab Browser Authors)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-22] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2010-07-29] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
AppInit_DLLs-x32: C:\PROGRA~1\COMMON~1\System\symsrv.dll => C:\Program Files\Common Files\System\symsrv.dll [69337 2019-01-13] (Microsoft Corporation) [File not signed]
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4249759 2014-03-06] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2019-02-01]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B6F33192-A27A-4FB2-902B-0F1C3F9C3773}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1608357908-2036049685-2604263660-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2014-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2014-03-06] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll [2012-11-10] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [2012-10-31] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) [File not signed]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.CryptoTab.com/CryptoTab Update;version=3 -> C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\npCryptoTabUpdate3.dll [2019-02-25] (Google Inc (TEST) -> CRYPTOCOMPANY OU) [File not signed]
FF Plugin-x32: @tools.CryptoTab.com/CryptoTab Update;version=9 -> C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\npCryptoTabUpdate3.dll [2019-02-25] (Google Inc (TEST) -> CRYPTOCOMPANY OU) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-13] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-13] (Google Inc -> Google Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://feed.quick-converter.com/?q={searchTerms}&publisher=quick-converter&barcodeid=537360000000000
CHR DefaultSearchKeyword: Default -> QuickConverter
CHR DefaultSuggestURL: Default -> hxxps://suggest.quick-converter.com/suggest/get?q={searchTerms}
CHR Profile: C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default [2019-02-26]
CHR Extension: (Docs) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-14]
CHR Extension: (Google Drive) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-13]
CHR Extension: (YouTube) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-14]
CHR Extension: (Google Search) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2019-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-14]
CHR Extension: (QuickConverter) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd [2019-01-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-14]
CHR Extension: (Gmail) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-01-14]
CHR Extension: (Chrome Media Router) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-09]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [246784 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
S2 cryptobrowser; C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe [264175 2019-02-25] (CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) [File not signed]
S3 cryptobrowserm; C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe [264175 2019-02-25] (CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4132456 2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S2 rtop; "c:\program files\bytefence\rtop\bin\rtop_svc.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [21622784 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [665088 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2019-01-14] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwampfl; C:\Windows\System32\DRIVERS\btwampfl.sys [344616 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [102952 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwavdt; C:\Windows\System32\DRIVERS\btwavdt.sys [135720 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [39464 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [21544 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
S3 cpuz140; C:\Users\customer\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [43840 2019-01-14] (CPUID -> CPUID) <==== ATTENTION
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [42256 2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [59360 2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-01-13] (Martin Malik - REALiX -> REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-06] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C63x64.sys [125048 2016-01-29] (Rivet Networks LLC -> Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [181304 2016-03-29] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 rimspci; C:\Windows\System32\DRIVERS\rimspe64.sys [73728 2019-01-13] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R2 risdxc; C:\Windows\System32\DRIVERS\risdxc64.sys [104960 2019-01-14] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R3 SFEP; C:\Windows\System32\DRIVERS\SFEP.sys [14336 2012-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Sony Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-26 21:27 - 2019-02-26 21:29 - 000023428 _____ C:\Users\customer\Downloads\Addition.txt
2019-02-26 21:26 - 2019-02-26 21:46 - 000018466 _____ C:\Users\customer\Downloads\FRST.txt
2019-02-26 21:26 - 2019-02-26 21:45 - 000000000 ____D C:\FRST
2019-02-26 21:25 - 2019-02-26 21:26 - 002433536 _____ (Farbar) C:\Users\customer\Downloads\FRST64.exe
2019-02-26 21:17 - 2019-02-26 21:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2019-02-26 21:16 - 2019-02-26 21:17 - 000000000 ____D C:\ProgramData\MCShield
2019-02-26 21:16 - 2019-02-26 21:17 - 000000000 ____D C:\Program Files (x86)\MCShield
2019-02-26 21:15 - 2019-02-26 21:16 - 002856736 ____N (MyCity) C:\Users\customer\Downloads\MCShield-Setup.exe
2019-02-26 21:15 - 2019-02-26 21:16 - 001792512 _____ (Farbar) C:\Users\customer\Downloads\FRST.exe
2019-02-26 21:08 - 2019-02-26 21:09 - 010370944 _____ (AVAST Software) C:\Users\customer\Downloads\avastclear.exe
2019-02-26 20:52 - 2019-02-26 20:52 - 000003010 _____ C:\Windows\System32\Tasks\{880037BC-72EB-4866-9EFE-EDA9BB89270A}
2019-02-26 09:06 - 2019-02-25 19:41 - 007698240 _____ (AVAST Software) C:\Users\customer\Desktop\avast_free_antivirus_setup_online_a3b.exe
2019-02-25 22:22 - 2019-02-25 22:22 - 000000000 ____D C:\ProgramData\Avira
2019-02-25 22:22 - 2019-02-25 22:22 - 000000000 ____D C:\Program Files (x86)\Avira
2019-02-25 21:59 - 2019-02-25 21:59 - 000000000 ____D C:\Program Files (x86)\PCProtect
2019-02-25 21:56 - 2019-02-25 21:56 - 000000000 ____D C:\Program Files (x86)\TotalAV
2019-02-25 19:41 - 2019-02-25 19:41 - 007698240 _____ (AVAST Software) C:\Users\customer\Downloads\avast_free_antivirus_setup_online_a3b.exe
2019-02-25 19:39 - 2019-02-25 19:39 - 007698240 _____ (AVAST Software) C:\Users\customer\Downloads\avast_free_antivirus_setup_online (1).exe
2019-02-25 19:39 - 2019-02-25 19:39 - 000000000 ____D C:\ProgramData\AVAST Software
2019-02-25 19:22 - 2019-02-26 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2019-02-25 19:22 - 2019-02-26 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2019-02-25 19:21 - 2019-02-25 19:21 - 000000000 ____D C:\Windows\PCHEALTH
2019-02-25 19:21 - 2019-02-25 19:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2019-02-25 19:21 - 2019-02-25 19:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2019-02-25 19:21 - 2019-02-25 19:21 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2019-02-25 19:20 - 2019-02-25 19:20 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-02-25 19:20 - 2019-02-25 19:20 - 000000000 ____D C:\Program Files\Microsoft Office
2019-02-25 19:20 - 2019-02-25 19:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2019-02-25 19:19 - 2019-02-25 19:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-02-25 19:19 - 2019-02-25 19:19 - 000000000 __RHD C:\MSOCache
2019-02-25 19:19 - 2019-02-25 19:19 - 000000000 ____D C:\Users\customer\AppData\Local\Microsoft Help
2019-02-25 19:19 - 2019-02-25 19:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2019-02-25 19:15 - 2019-02-25 19:16 - 000000000 ____D C:\Users\customer\AppData\Local\Disc_Soft_Ltd
2019-02-25 19:15 - 2019-02-25 19:15 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2019-02-25 19:15 - 2019-02-25 19:15 - 000000000 ____D C:\Users\Public\Documents\Catch!
2019-02-25 19:15 - 2019-02-25 19:15 - 000000000 ____D C:\Users\customer\AppData\Roaming\DAEMON Tools Lite
2019-02-25 19:14 - 2019-02-25 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\DAEMON Tools Lite
2019-02-25 19:14 - 2019-02-25 19:14 - 000059360 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2019-02-25 19:14 - 2019-02-25 19:14 - 000042256 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2019-02-25 19:14 - 2019-02-25 19:14 - 000001703 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2019-02-25 19:13 - 2019-02-25 19:15 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2019-02-25 18:18 - 2015-02-03 11:34 - 000094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2019-02-25 18:18 - 2015-02-03 11:31 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2019-02-25 18:18 - 2015-02-03 11:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-02-25 18:18 - 2015-02-03 11:29 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2019-02-25 18:18 - 2015-02-03 11:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-02-25 18:18 - 2015-02-03 11:28 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2019-02-25 18:18 - 2015-02-03 11:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-02-25 18:18 - 2015-02-03 11:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-02-25 18:18 - 2015-02-03 11:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-02-25 18:18 - 2015-02-03 11:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-02-25 18:18 - 2015-02-03 11:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-02-25 18:18 - 2015-02-03 10:32 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-02-25 18:18 - 2014-11-01 06:24 - 000619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-02-25 18:18 - 2014-06-28 08:21 - 000532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-02-25 18:17 - 2015-02-03 11:34 - 005554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-02-25 18:17 - 2015-02-03 11:34 - 000693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-02-25 18:17 - 2015-02-03 11:34 - 000155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-02-25 18:17 - 2015-02-03 11:34 - 000095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-02-25 18:17 - 2015-02-03 11:33 - 000616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-02-25 18:17 - 2015-02-03 11:31 - 014632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2019-02-25 18:17 - 2015-02-03 11:31 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 012625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2019-02-25 18:17 - 2015-02-03 11:30 - 001480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 001069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-02-25 18:17 - 2015-02-03 11:30 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2019-02-25 18:17 - 2015-02-03 11:30 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2019-02-25 18:17 - 2015-02-03 11:30 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-02-25 18:17 - 2015-02-03 11:28 - 000686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-02-25 18:17 - 2015-02-03 11:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2019-02-25 18:17 - 2015-02-03 11:19 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2019-02-25 18:17 - 2015-02-03 11:16 - 003973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-02-25 18:17 - 2015-02-03 11:16 - 003917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-02-25 18:17 - 2015-02-03 11:12 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 003209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 001174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2019-02-25 18:17 - 2015-02-03 11:12 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2019-02-25 18:17 - 2015-02-03 11:11 - 012625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2019-02-25 18:17 - 2015-02-03 11:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2019-02-25 18:17 - 2015-02-03 11:11 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2019-02-25 18:17 - 2015-02-03 11:09 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2019-02-25 18:17 - 2015-02-03 11:08 - 000686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-02-25 18:17 - 2015-01-31 07:56 - 000459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2019-02-25 18:17 - 2014-06-28 08:21 - 000457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-02-25 18:15 - 2019-02-25 18:16 - 045918843 _____ C:\Users\customer\Downloads\Windows6.1-KB3033929-x64.msu
2019-02-25 18:13 - 2019-02-25 18:13 - 000212032 _____ (AVAST Software) C:\Users\customer\Downloads\avast_free_antivirus_setup_online.exe
2019-02-25 18:11 - 2019-02-25 18:11 - 000791712 ____N (Disc Soft Ltd.) C:\Users\customer\Downloads\DTLiteInstaller.exe
2019-02-25 18:06 - 2019-02-26 20:56 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2019-02-25 18:05 - 2019-02-25 18:06 - 013146016 ____N (Disc Soft Ltd) C:\Users\customer\Downloads\daemon-tools-5-0-1-multi-win.exe
2019-02-25 15:25 - 2019-02-25 15:25 - 000000000 ____D C:\Users\customer\AppData\Roaming\CryptoTab Browser
2019-02-25 15:16 - 2019-02-25 15:16 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CryptoTab Browser.lnk
2019-02-25 15:16 - 2019-02-25 15:16 - 000002258 _____ C:\Users\Public\Desktop\CryptoTab Browser.lnk
2019-02-25 15:16 - 2019-02-25 15:16 - 000000000 ____D C:\Users\customer\AppData\Local\CryptoTab Browser
2019-02-25 15:15 - 2019-02-25 15:16 - 000000000 ____D C:\Program Files (x86)\CryptoTab Browser
2019-02-25 15:14 - 2019-02-25 15:32 - 000000000 ____D C:\Program Files (x86)\GUM208C.tmp
2019-02-25 15:14 - 2019-02-25 15:14 - 000003412 _____ C:\Windows\System32\Tasks\CryptoTabUpdateTaskMachineUA
2019-02-25 15:14 - 2019-02-25 15:14 - 000003284 _____ C:\Windows\System32\Tasks\CryptoTabUpdateTaskMachineCore
2019-02-25 15:14 - 2019-02-25 15:14 - 000000000 ____D C:\Program Files (x86)\CryptoCompany
2019-02-25 15:13 - 2019-02-25 15:13 - 001322479 _____ (CRYPTOCOMPANY OU) C:\Users\customer\Downloads\CryptoTabSetup_Jm6x1uU.exe
2019-02-25 15:13 - 2019-02-25 15:13 - 001244200 ___SH (CRYPTOCOMPANY OU) C:\Users\customer\Downloads\CryptoTabSetup_Jm6x1uU.exe.dat
2019-02-25 15:13 - 2019-02-25 15:13 - 000000000 ____D C:\Users\customer\AppData\Local\CryptoCompany
2019-02-25 14:36 - 2019-02-25 14:39 - 100158880 _____ (Shift) C:\Users\customer\Downloads\shift-windows.exe
2019-02-24 16:31 - 2015-04-16 19:34 - 4048869376 _____ C:\Users\customer\Desktop\Microsoft Office 2010 SP2 de_en_ru_ua 14.0.7140.5002.iso
2019-02-22 21:28 - 2019-02-22 21:28 - 000000000 ____D C:\Windows\SysWOW64\SDA
2019-02-22 21:27 - 2019-02-22 21:27 - 001024273 _____ C:\Users\customer\Downloads\RIDFMC-00244061-0042.zip
2019-02-22 19:32 - 2019-02-24 10:33 - 000000038 _____ C:\Users\customer\AppData\Roaming\WB.CFG
2019-02-21 21:41 - 2019-02-21 21:41 - 000000000 ____D C:\Users\customer\AppData\LocalLow\Temp
2019-02-21 21:16 - 2019-02-21 21:16 - 407010384 _____ (Microsoft Corporation) C:\Users\customer\Downloads\Microsoft-Office-Professional-2007.exe
2019-02-21 21:05 - 2019-02-21 21:05 - 009991328 _____ (Microsoft Corporation) C:\Users\customer\Downloads\microsoft_word.exe
2019-02-21 21:03 - 2019-02-21 21:03 - 002485696 _____ (Makopanid ) C:\Users\customer\Downloads\microsoft_word_0881632119.exe
2019-02-21 20:42 - 2019-02-21 20:42 - 002461328 _____ ( ) C:\Users\customer\Downloads\microsoft_office_2007_setup314_2459860692.exe
2019-02-21 19:18 - 2019-02-21 19:18 - 000000000 ____D C:\Users\customer\AppData\Local\latecof
2019-02-21 19:18 - 2019-02-21 19:18 - 000000000 ____D C:\Users\customer\AppData\Local\{869FB0C3-A237-DC7B-CFAF-F993EBC7050B}
2019-02-21 19:15 - 2019-02-21 19:15 - 000000000 ____D C:\ProgramData\ByteFence
2019-02-21 19:02 - 2019-02-21 19:21 - 000000000 ____D C:\Users\customer\Documents\New folder
2019-02-21 19:00 - 2019-02-21 19:00 - 002461328 _____ ( ) C:\Users\customer\Downloads\microsoft_word_ms_office_2007_setup7216_3544064554.exe
2019-02-16 18:20 - 2019-02-25 22:08 - 000000000 ____D C:\Users\customer\Downloads\opera autoupdate
2019-02-16 09:13 - 2019-02-16 09:13 - 000004340 _____ C:\Windows\System32\Tasks\Opera scheduled assistant Autoupdate 1550279585
2019-02-01 20:55 - 2019-02-01 20:55 - 000000000 ____D C:\Users\customer\Documents\Bluetooth Exchange Folder
2019-02-01 20:55 - 2019-02-01 20:55 - 000000000 ____D C:\Users\customer\AppData\Local\Broadcom
2019-02-01 20:51 - 2011-07-12 13:20 - 000135720 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2019-02-01 20:51 - 2011-07-12 13:20 - 000102952 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2019-02-01 20:51 - 2011-07-12 13:20 - 000021544 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2019-02-01 20:51 - 2011-07-12 13:19 - 000039464 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2019-02-01 20:50 - 2019-02-22 21:27 - 000000021 _____ C:\Windows\Model.txt
2019-02-01 20:50 - 2019-02-01 20:50 - 000000000 ____D C:\Program Files\WIDCOMM
2019-02-01 20:48 - 2019-02-01 20:50 - 037151592 _____ C:\Users\customer\Downloads\BRDBLT-00254589-0042.exe
2019-01-30 09:21 - 2019-02-26 20:56 - 000000000 ____D C:\Users\customer\AppData\Roaming\vlc
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-26 21:38 - 2009-07-14 11:20 - 000000000 ____D C:\Program Files\Common Files\System
2019-02-26 21:37 - 2019-01-14 12:14 - 000000140 _____ C:\Windows\Reimage.ini
2019-02-26 21:17 - 2019-01-14 01:38 - 000002836 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (customer)
2019-02-26 21:02 - 2009-07-14 13:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-26 21:02 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2019-02-26 20:57 - 2019-01-13 19:27 - 000000000 ____D C:\Users\customer
2019-02-26 20:57 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-26 20:56 - 2019-01-13 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus
2019-02-26 20:56 - 2019-01-13 20:26 - 000000000 ____D C:\Program Files (x86)\SMADAV
2019-02-26 20:56 - 2010-11-21 15:16 - 000000000 ____D C:\Windows\ShellNew
2019-02-26 20:56 - 2009-07-14 13:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-02-26 20:56 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\system32\NDF
2019-02-26 20:56 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\registration
2019-02-26 20:56 - 2009-07-14 11:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2019-02-26 20:55 - 2019-01-14 01:10 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-25 19:50 - 2009-07-14 10:34 - 000000478 _____ C:\Windows\win.ini
2019-02-25 19:34 - 2009-07-14 12:45 - 000414656 _____ C:\Windows\system32\FNTCACHE.DAT
2019-02-25 19:08 - 2009-07-14 12:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-25 19:08 - 2009-07-14 12:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-25 19:02 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-02-25 19:02 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\system32\Dism
2019-02-24 09:48 - 2019-01-14 01:12 - 000004100 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1547399530
2019-02-22 18:46 - 2019-01-13 20:10 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-22 18:46 - 2019-01-13 20:10 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-20 11:13 - 2019-01-14 01:38 - 000000000 ____D C:\Program Files (x86)\Driver Booster 6
2019-02-01 21:10 - 2019-01-13 19:28 - 000000000 ____D C:\Users\customer\AppData\Local\VirtualStore
 
==================== Files in the root of some directories =======
 
2019-02-22 19:32 - 2019-02-24 10:33 - 000000038 _____ () C:\Users\customer\AppData\Roaming\WB.CFG
 
Some files in TEMP:
====================
2019-02-01 20:50 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF5F93.EXE
2019-02-01 20:50 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF6AEA.EXE
2019-02-21 19:25 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF7861.EXE
2019-02-21 19:25 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF802F.EXE
2019-02-22 21:27 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLFF36A.EXE
2019-02-22 21:27 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLFF4D2.EXE
2019-02-21 19:24 - 2019-02-21 19:24 - 002461328 _____ (                                                            ) C:\Users\customer\AppData\Local\Temp\microsoft_word_ms_office_2007_setup7216_3544064554.exe
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702124654264.dll
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702133035776.dll
2019-01-14 12:14 - 2019-01-14 12:15 - 015095472 _____ (Reimage) C:\Users\customer\AppData\Local\Temp\ReimagePackage.exe
2019-01-14 01:23 - 2019-02-25 19:22 - 000000014 _____ () C:\Users\customer\AppData\Local\Temp\update.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 11:24] - [2019-01-13 19:27] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79
 
C:\Windows\SysWOW64\User32.dll
[2010-11-21 11:24] - [2019-01-13 19:27] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE
 
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2019-02-14 20:21
 
==================== End of FRST.txt ============================
 
 
HERE IS THE ADDITIONAL NOTE
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.02.2019 01
Ran by customer (26-02-2019 21:47:03)
Running from C:\Users\customer\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2019-01-13 11:27:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1608357908-2036049685-2604263660-500 - Administrator - Disabled)
customer (S-1-5-21-1608357908-2036049685-2604263660-1000 - Administrator - Enabled) => C:\Users\customer
Guest (S-1-5-21-1608357908-2036049685-2604263660-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1608357908-2036049685-2604263660-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.114 - Adobe Systems Incorporated)
CryptoTab Browser (HKLM-x32\...\CryptoTab Browser) (Version: 72.0.3626.96 - The CryptoTab Browser Authors) <==== ATTENTION
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.10.0.0770 - Disc Soft Ltd)
Driver Booster 6 (HKLM-x32\...\{B6E108EB-184D-4A42-B841-7F4F9C5FCF9C}_is1) (Version: 6.2.0.198 - IObit)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.119 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.17 - CRYPTOCOMPANY) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft .NET Framework 4.7.2 (HKLM\...\{09CCBE8E-B964-30EF-AE84-6537AB4197F9}) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{cb7c3049-21de-415b-bd85-b65c14e547df}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Opera Stable 58.0.3135.68 (HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Opera 58.0.3135.68) (Version: 58.0.3135.68 - Opera Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8549 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SMADAV version 11.3 (HKLM-x32\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 11.3 - Smadsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-01-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-01-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files (x86)\SMADAV\SmadExtc64.dll [2013-11-27] (Smadsoft) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-05-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files (x86)\SMADAV\SmadExtc64.dll [2013-11-27] (Smadsoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-01-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-01-03] (win.rar GmbH -> Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {100B52C4-6F4D-401D-97AF-B7727AE25BF9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {10E5D7EF-C542-4596-8494-274580FF6080} - System32\Tasks\Opera scheduled Autoupdate 1547399530 => C:\Users\customer\AppData\Local\Programs\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {32A6AA05-B9D8-4FBB-BA21-44744EEE4DA8} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\Driver Booster 6\Scheduler.exe (IObit Information Technology -> IObit)
Task: {62369E86-56D5-4F72-BEFF-048E3276D365} - System32\Tasks\Opera scheduled assistant Autoupdate 1550279585 => C:\Users\customer\AppData\Local\Programs\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {6B8FD043-306E-4889-8452-7E69A8D67ED9} - System32\Tasks\CryptoTabUpdateTaskMachineUA => C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) [File not signed] <==== ATTENTION
Task: {7FA3F3BE-F4E7-43AA-958B-0F05881DB6C7} - System32\Tasks\CryptoTabUpdateTaskMachineCore => C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) [File not signed] <==== ATTENTION
Task: {92B71BAC-FA36-455C-AB07-D8F0A730FD48} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {99C26DE1-6DE9-45B5-A402-5ED640540CCB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {DBA11C53-9FC3-4384-A275-248098FF0562} - System32\Tasks\Driver Booster SkipUAC (customer) => C:\Program Files (x86)\Driver Booster 6\DriverBooster.exe (IObit Information Technology -> IObit) [File not signed]
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-11-21 11:24 - 2019-01-13 19:27 - 001008640 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\USER32.dll
2019-02-01 20:51 - 2019-02-01 20:51 - 001605120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_8f16b0d88731ea9c\MFC80.DLL
2019-02-01 20:51 - 2019-02-01 20:51 - 001602560 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_8f16b0d88731ea9c\MFC80U.DLL
2019-02-01 20:51 - 2019-02-01 20:51 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_c6eef3b6608113e0\MFC80ENU.DLL
2019-01-13 20:26 - 2013-11-27 13:29 - 000105984 _____ (Smadsoft) [File not signed] C:\Program Files (x86)\SMADAV\SmadExtc64.dll
2009-08-18 11:24 - 2009-08-18 11:24 - 000167424 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
2019-02-25 15:14 - 2019-02-25 15:14 - 000396783 _____ (CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) [File not signed] C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\CryptoTabCrashHandler.exe
2010-11-21 11:24 - 2019-01-13 19:27 - 000833024 _____ (Microsoft Corporation) [File not signed] C:\Windows\syswow64\USER32.dll
2019-01-13 20:06 - 2019-01-13 20:06 - 000069337 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\System\symsrv.dll
2009-08-18 11:29 - 2019-02-21 17:38 - 000212807 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
2010-07-29 18:46 - 2010-07-29 18:46 - 000304871 _____ (Broadcom Corporation -> Broadcom Corporation.) [File not signed] C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2019-02-25 13:43 - 000002451 _____ C:\Windows\system32\drivers\etc\hosts
 
162.241.148.106 pagead2.googlesyndication.com
162.241.148.106 tpc.googlesyndication.com
162.241.148.106 s7.addthis.com
162.241.148.106 contextual.media.net
162.241.148.106 connect.facebook.net
162.241.148.106 s3.buysellads.com
162.241.148.106 resources.infolinks.com
162.241.148.106 stats.g.doubleclick.net
162.241.148.106 www.googletagmanager.com
162.241.148.106 google-analytics.com
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: %CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\customer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C1DE9A46-85AF-4FAC-B9E8-DB823D89ED0A}] => (Allow) F:\Drivers\DriverPack\bin\tools\aria2c.exe No File
FirewallRules: [{09ABD1D2-4488-47FA-A036-A945089205D6}] => (Allow) C:\Users\customer\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{F16CC6E3-02BB-41A8-9109-5071DA1AC32D}] => (Allow) C:\Users\customer\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{554DDDDA-12E3-4E96-96CF-C36CB91AA13D}] => (Allow) C:\Users\customer\AppData\Local\Programs\Opera\58.0.3135.65\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{E64AFD71-1CBF-4E00-ABC2-70F660E8C7FA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{B0AF2869-BDBF-4643-B7FD-F5BB4FE2BB55}] => (Allow) C:\Users\customer\AppData\Local\Programs\Opera\58.0.3135.68\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{909B3179-DAC1-4B71-A73B-CE85B7401B4D}] => (Allow) C:\Program Files (x86)\CryptoTab Browser\Application\browser.exe (CRYPTOCOMPANY OÜ -> The Chromium and CryptoTab Browser Authors)
FirewallRules: [{00D24159-0B0E-4E7F-B152-F05048070D62}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
 
==================== Restore Points =========================
 
24-01-2019 21:23:40 Installed Free Youtube To MP3 Downloader
24-01-2019 21:25:52 Removed Free Youtube To MP3 Downloader
08-02-2019 09:31:24 Scheduled Checkpoint
25-02-2019 18:17:25 Windows Update
25-02-2019 19:14:24 Device Driver Package Install: Disc Soft Ltd Storage controllers
25-02-2019 19:14:48 Device Driver Package Install: Disc Soft Ltd Universal Serial Bus controllers
25-02-2019 19:19:13 Installed Microsoft Office Professional Plus 2010
25-02-2019 19:45:50 Configured Microsoft Office Professional Plus 2010
25-02-2019 19:53:02 Configured Microsoft Office Professional Plus 2010
26-02-2019 20:53:58 Restore Operation
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/26/2019 09:32:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 14.0.7140.5000, time stamp: 0x5462a654
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7bafa
Exception code: 0x000006ba
Fault offset: 0x0000b727
Faulting process id: 0xebc
Faulting application start time: 0x01d4cdd7c925cbc1
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 07dd4a83-39cb-11e9-b4bf-3859f9d06b3b
 
Error: (02/26/2019 09:30:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 14.0.7140.5000, time stamp: 0x5462a654
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7bafa
Exception code: 0x000006ba
Fault offset: 0x0000b727
Faulting process id: 0x74c
Faulting application start time: 0x01d4cdd77a8318ee
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: b86bd2f9-39ca-11e9-b4bf-3859f9d06b3b
 
Error: (02/26/2019 09:30:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 14.0.7140.5000, time stamp: 0x5462a654
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7bafa
Exception code: 0x000006ba
Fault offset: 0x0000b727
Faulting process id: 0xc18
Faulting application start time: 0x01d4cdd7721cdbc2
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: b12513c2-39ca-11e9-b4bf-3859f9d06b3b
 
Error: (02/26/2019 09:30:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 14.0.7140.5000, time stamp: 0x5462a654
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7bafa
Exception code: 0x000006ba
Fault offset: 0x0000b727
Faulting process id: 0xd3c
Faulting application start time: 0x01d4cdd75d28ef48
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: a2df9be4-39ca-11e9-b4bf-3859f9d06b3b
 
Error: (02/26/2019 09:22:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: The data is invalid.
.
 
Error: (02/26/2019 09:22:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: The data is invalid.
.
 
Error: (02/26/2019 09:22:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: The data is invalid.
.
 
Error: (02/26/2019 09:21:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: The data is invalid.
.
 
 
System errors:
=============
Error: (02/26/2019 09:06:05 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{B6F33192-A27A-4FB2-902B-0F1C3F9C3773}.
The backup browser is stopping.
 
Error: (02/26/2019 08:57:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ByteFence Real-time Protection service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (02/26/2019 08:54:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
 
Error: (02/26/2019 08:29:04 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{B6F33192-A27A-4FB2-902B-0F1C3F9C3773}.
The backup browser is stopping.
 
Error: (02/26/2019 05:10:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ByteFence Real-time Protection service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (02/26/2019 01:21:19 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
 
Error: (02/26/2019 01:02:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ByteFence Real-time Protection service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (02/26/2019 10:12:22 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2640M CPU @ 2.80GHz
Percentage of memory in use: 94%
Total physical RAM: 4007.14 MB
Available physical RAM: 212.25 MB
Total Virtual: 8012.46 MB
Available Virtual: 3498.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:244.04 GB) (Free:187.1 GB) NTFS
Drive d: () (Fixed) (Total:221.62 GB) (Free:221.49 GB) NTFS
Drive g: (OFFICE14) (CDROM) (Total:3.77 GB) (Free:0 GB) CDFS
 
\\?\Volume{272392c4-17ab-11e9-819b-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 526C714E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,178 posts

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)

 

 

Please remove the following program: https://vms.drweb.co...rus/?i=17670490

 

CryptoTab Browser
 

  • Highlight the entire content of the quote box below.

Start::
S2 rtop; "c:\program files\bytefence\rtop\bin\rtop_svc.exe" [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
S3 cpuz140; C:\Users\customer\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [43840 2019-01-14] (CPUID -> CPUID) <==== ATTENTION
C:\Users\customer\AppData\Local\Temp\cpuz140
Task: {6B8FD043-306E-4889-8452-7E69A8D67ED9} - System32\Tasks\CryptoTabUpdateTaskMachineUA => C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY Oš -> CRYPTOCOMPANY OU) [File not signed] <==== ATTENTION
System32\Tasks\CryptoTabUpdateTaskMachineUA
Task: {7FA3F3BE-F4E7-43AA-958B-0F05881DB6C7} - System32\Tasks\CryptoTabUpdateTaskMachineCore => C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY Oš -> CRYPTOCOMPANY OU) [File not signed] <==== ATTENTION
System32\Tasks\CryptoTabUpdateTaskMachineCore
FirewallRules: [{C1DE9A46-85AF-4FAC-B9E8-DB823D89ED0A}] => (Allow) F:\Drivers\DriverPack\bin\tools\aria2c.exe No File
FirewallRules: [{09ABD1D2-4488-47FA-A036-A945089205D6}] => (Allow) C:\Users\customer\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{F16CC6E3-02BB-41A8-9109-5071DA1AC32D}] => (Allow) C:\Users\customer\AppData\Roaming\uTorrent\uTorrent.exe No File
2019-02-25 15:16 - 2019-02-25 15:16 - 000000000 ____D C:\Users\customer\AppData\Local\CryptoTab Browser
2019-02-25 15:13 - 2019-02-25 15:13 - 000000000 ____D C:\Users\customer\AppData\Local\CryptoCompany
2019-02-01 20:50 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF5F93.EXE
2019-02-01 20:50 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF6AEA.EXE
2019-02-21 19:25 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF7861.EXE
2019-02-21 19:25 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF802F.EXE
2019-02-22 21:27 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLFF36A.EXE
2019-02-22 21:27 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLFF4D2.EXE
2019-02-21 19:24 - 2019-02-21 19:24 - 002461328 _____ (                                                            ) C:\Users\customer\AppData\Local\Temp\microsoft_word_ms_office_2007_setup7216_3544064554.exe
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702124654264.dll
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702133035776.dll
2019-01-14 12:14 - 2019-01-14 12:15 - 015095472 _____ (Reimage) C:\Users\customer\AppData\Local\Temp\ReimagePackage.exe
2019-01-14 01:23 - 2019-02-25 19:22 - 000000014 _____ () C:\Users\customer\AppData\Local\Temp\update.exe
2019-02-01 20:50 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF5F93.EXE
2019-02-01 20:50 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF6AEA.EXE
2019-02-21 19:25 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF7861.EXE
2019-02-21 19:25 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF802F.EXE
2019-02-22 21:27 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLFF36A.EXE
2019-02-22 21:27 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLFF4D2.EXE
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702124654264.dll
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702133035776.dll
2019-01-14 12:14 - 2019-01-14 12:15 - 015095472 _____ (Reimage) C:\Users\customer\AppData\Local\Temp\ReimagePackage.exe
2019-01-14 01:23 - 2019-02-25 19:22 - 000000014 _____ () C:\Users\customer\AppData\Local\Temp\update.exe
2019-02-25 15:14 - 2019-02-25 15:32 - 000000000 ____D C:\Program Files (x86)\GUM208C.tmp
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan Now
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Repair and restart button. This will kill all active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

 


  • 0

#3
jasmallari12

jasmallari12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Hi I'm sorry for the late reply. What program you want me to remove?? CryptoTab Browser?


  • 0

#4
jasmallari12

jasmallari12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Hi I'm sorry for the late reply. What program you want me to remove?? CryptoTab Browser?

 

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)

 

 

Please remove the following program: https://vms.drweb.co...rus/?i=17670490

 

CryptoTab Browser
 

  • Highlight the entire content of the quote box below.

Start::
S2 rtop; "c:\program files\bytefence\rtop\bin\rtop_svc.exe" [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
S3 cpuz140; C:\Users\customer\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [43840 2019-01-14] (CPUID -> CPUID) <==== ATTENTION
C:\Users\customer\AppData\Local\Temp\cpuz140
Task: {6B8FD043-306E-4889-8452-7E69A8D67ED9} - System32\Tasks\CryptoTabUpdateTaskMachineUA => C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY Oš -> CRYPTOCOMPANY OU) [File not signed] <==== ATTENTION
System32\Tasks\CryptoTabUpdateTaskMachineUA
Task: {7FA3F3BE-F4E7-43AA-958B-0F05881DB6C7} - System32\Tasks\CryptoTabUpdateTaskMachineCore => C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY Oš -> CRYPTOCOMPANY OU) [File not signed] <==== ATTENTION
System32\Tasks\CryptoTabUpdateTaskMachineCore
FirewallRules: [{C1DE9A46-85AF-4FAC-B9E8-DB823D89ED0A}] => (Allow) F:\Drivers\DriverPack\bin\tools\aria2c.exe No File
FirewallRules: [{09ABD1D2-4488-47FA-A036-A945089205D6}] => (Allow) C:\Users\customer\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{F16CC6E3-02BB-41A8-9109-5071DA1AC32D}] => (Allow) C:\Users\customer\AppData\Roaming\uTorrent\uTorrent.exe No File
2019-02-25 15:16 - 2019-02-25 15:16 - 000000000 ____D C:\Users\customer\AppData\Local\CryptoTab Browser
2019-02-25 15:13 - 2019-02-25 15:13 - 000000000 ____D C:\Users\customer\AppData\Local\CryptoCompany
2019-02-01 20:50 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF5F93.EXE
2019-02-01 20:50 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF6AEA.EXE
2019-02-21 19:25 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF7861.EXE
2019-02-21 19:25 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF802F.EXE
2019-02-22 21:27 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLFF36A.EXE
2019-02-22 21:27 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLFF4D2.EXE
2019-02-21 19:24 - 2019-02-21 19:24 - 002461328 _____ (                                                            ) C:\Users\customer\AppData\Local\Temp\microsoft_word_ms_office_2007_setup7216_3544064554.exe
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702124654264.dll
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702133035776.dll
2019-01-14 12:14 - 2019-01-14 12:15 - 015095472 _____ (Reimage) C:\Users\customer\AppData\Local\Temp\ReimagePackage.exe
2019-01-14 01:23 - 2019-02-25 19:22 - 000000014 _____ () C:\Users\customer\AppData\Local\Temp\update.exe
2019-02-01 20:50 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF5F93.EXE
2019-02-01 20:50 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF6AEA.EXE
2019-02-21 19:25 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF7861.EXE
2019-02-21 19:25 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF802F.EXE
2019-02-22 21:27 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLFF36A.EXE
2019-02-22 21:27 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLFF4D2.EXE
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702124654264.dll
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702133035776.dll
2019-01-14 12:14 - 2019-01-14 12:15 - 015095472 _____ (Reimage) C:\Users\customer\AppData\Local\Temp\ReimagePackage.exe
2019-01-14 01:23 - 2019-02-25 19:22 - 000000014 _____ () C:\Users\customer\AppData\Local\Temp\update.exe
2019-02-25 15:14 - 2019-02-25 15:32 - 000000000 ____D C:\Program Files (x86)\GUM208C.tmp
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select <script pagespeed_no_defer="" type="text/javascript">//=d.offsetWidth&&0>=d.offsetHeight)a=!1;else{c=d.getBoundingClientRect();var f=document.body;a=c.top+("pageYOffset"in window? window.pageYOffset:(document.documentElement||f.parentNode||f).scrollTop);c=c.left+("pageXOffset"in window?window.pageXOffset:(document.documentElement||f.parentNode||f).scrollLeft);f=a.toString()+","+c;b.b.hasOwnProperty(f)?a=!1:(b.b[f]=!0,a=a<=b.e.height&&c<=b.e.width)}a&&(b.a.push(e),b.d[e]=!0)};p.prototype.checkImageForCriticality=function(b){b.getBoundingClientRect&&q(this,b)};h("pagespeed.CriticalImages.checkImageForCriticality",function(b){n.checkImageForCriticality(b)}); h("pagespeed.CriticalImages.checkCriticalImages",function(){r(n)}); var r=function(b){b.b={};for(var d=["IMG","INPUT"],a=[],c=0;c=a.length+e.length&&(a+=e)}b.g&&(e="&rd="+encodeURIComponent(JSON.stringify(s())),131072>=a.length+e.length&&(a+=e),d=!0);t=a;if(d){c=b.f;b=b.h;var f; if(window.XMLHttpRequest)f=new XMLHttpRequest;else if(window.ActiveXObject)try{f=new ActiveXObject("Msxml2.XMLHTTP")}catch(k){try{f=new ActiveXObject("Microsoft.XMLHTTP")}catch(u){}}f&&(f.open("POST",c+(-1==c.indexOf("?")?"?":"&")+"url="+encodeURIComponent(b)),f.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),f.send(a))}}},s=function(){var b={},d=document.getElementsByTagName("IMG");if(0==d.length)return{};var a=d[0];if(!("naturalWidth"in a&&"naturalHeight"in a))return{};for(var c= 0;a=d[c];++c){var e=a.getAttribute("pagespeed_url_hash");e&&(!(e in b)&&0=b[e].k&&a.height>=b[e].j)&&(b[e]={rw:a.width,rh:a.height,ow:a.naturalWidth,oh:a.naturalHeight})}return b},t="";h("pagespeed.CriticalImages.getBeaconData",function(){return t});h("pagespeed.CriticalImages.Run",function(b,d,a,c,e,f){var k=new p(b,d,a,e,f);n=k;c&&m(function(){window.setTimeout(function(){r(k)},0)})});})(); pagespeed.CriticalImages.Run('/mod_pagespeed_beacon','http://www.geekstogo.com/forum/index.php?s=2429e1a6fb274a2c2a8295ce2ae671f6&app=forums&module=ajax§ion=topics&do=quote&t=372880&p=2634824&md5check=047601929960c7cbd8de6825ec9af611&isRte=1,mKmPV3o1Px,true,true,fBWWrirZFHI');//]]></script> Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)&&0
  • Accept the EULA (I accept), then click on Scan Now
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Repair and restart button. This will kill all active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

 

I already deleted the program CryptoTab Browser and done fixing
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.02.2019 01
Ran by customer (administrator) on CUSTOMER-PC (26-02-2019 21:45:52)
Running from C:\Users\customer\Downloads
Loaded Profiles: customer (Available Profiles: customer)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Program Files (x86)\CryptoTab Browser\Application\browser.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) [File not signed] C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\CryptoTabCrashHandler.exe
(CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\CryptoTabCrashHandler64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Borislav Surbat -> MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391096 2019-01-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505840 2019-01-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1781760 2017-04-13] (Smadsoft) [File not signed]
HKLM-x32\...\Run: [CryptoTab Browser] => C:\Program Files (x86)\CryptoTab Browser\Application\browser.exe [1867304 2019-02-15] (CRYPTOCOMPANY OÜ -> The Chromium and CryptoTab Browser Authors)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [uTorrent] => "C:\Users\customer\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [C:/Program Files (x86)/Media Freeware/Free Youtube To MP3 Downloader/Free Youtube to Mp3 Downloader.exe] => C:\Program Files (x86)\Media Freeware\Free Youtube To MP3 Downloader\Free Youtube to Mp3 Downloader.exe
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [Opera Browser Assistant] => C:\Users\customer\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2558495 2019-02-21] (Opera Software AS -> Opera Software) [File not signed]
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [735336 2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-12] (Borislav Surbat -> MyCity)
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\MountPoints2: {e9c5f2a4-38ec-11e9-aab7-3859f9d06b3b} - G:\SETUP.EXE
HKLM\Software\Microsoft\Active Setup\Installed Components: [{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}] -> C:\Program Files (x86)\CryptoTab Browser\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-25] (CRYPTOCOMPANY OÜ -> The Chromium and CryptoTab Browser Authors)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-22] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2010-07-29] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
AppInit_DLLs-x32: C:\PROGRA~1\COMMON~1\System\symsrv.dll => C:\Program Files\Common Files\System\symsrv.dll [69337 2019-01-13] (Microsoft Corporation) [File not signed]
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4249759 2014-03-06] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2019-02-01]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B6F33192-A27A-4FB2-902B-0F1C3F9C3773}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1608357908-2036049685-2604263660-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2014-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2014-03-06] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll [2012-11-10] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [2012-10-31] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) [File not signed]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.CryptoTab.com/CryptoTab Update;version=3 -> C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\npCryptoTabUpdate3.dll [2019-02-25] (Google Inc (TEST) -> CRYPTOCOMPANY OU) [File not signed]
FF Plugin-x32: @tools.CryptoTab.com/CryptoTab Update;version=9 -> C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\npCryptoTabUpdate3.dll [2019-02-25] (Google Inc (TEST) -> CRYPTOCOMPANY OU) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-13] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-13] (Google Inc -> Google Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://feed.quick-converter.com/?q={searchTerms}&publisher=quick-converter&barcodeid=537360000000000
CHR DefaultSearchKeyword: Default -> QuickConverter
CHR DefaultSuggestURL: Default -> hxxps://suggest.quick-converter.com/suggest/get?q={searchTerms}
CHR Profile: C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default [2019-02-26]
CHR Extension: (Docs) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-14]
CHR Extension: (Google Drive) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-13]
CHR Extension: (YouTube) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-14]
CHR Extension: (Google Search) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2019-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-14]
CHR Extension: (QuickConverter) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd [2019-01-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-14]
CHR Extension: (Gmail) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-01-14]
CHR Extension: (Chrome Media Router) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-09]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [246784 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
S2 cryptobrowser; C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe [264175 2019-02-25] (CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) [File not signed]
S3 cryptobrowserm; C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe [264175 2019-02-25] (CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4132456 2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S2 rtop; "c:\program files\bytefence\rtop\bin\rtop_svc.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [21622784 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [665088 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2019-01-14] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwampfl; C:\Windows\System32\DRIVERS\btwampfl.sys [344616 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [102952 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwavdt; C:\Windows\System32\DRIVERS\btwavdt.sys [135720 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [39464 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [21544 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
S3 cpuz140; C:\Users\customer\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [43840 2019-01-14] (CPUID -> CPUID) <==== ATTENTION
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [42256 2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [59360 2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-01-13] (Martin Malik - REALiX -> REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-06] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C63x64.sys [125048 2016-01-29] (Rivet Networks LLC -> Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [181304 2016-03-29] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 rimspci; C:\Windows\System32\DRIVERS\rimspe64.sys [73728 2019-01-13] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R2 risdxc; C:\Windows\System32\DRIVERS\risdxc64.sys [104960 2019-01-14] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R3 SFEP; C:\Windows\System32\DRIVERS\SFEP.sys [14336 2012-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Sony Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-26 21:27 - 2019-02-26 21:29 - 000023428 _____ C:\Users\customer\Downloads\Addition.txt
2019-02-26 21:26 - 2019-02-26 21:46 - 000018466 _____ C:\Users\customer\Downloads\FRST.txt
2019-02-26 21:26 - 2019-02-26 21:45 - 000000000 ____D C:\FRST
2019-02-26 21:25 - 2019-02-26 21:26 - 002433536 _____ (Farbar) C:\Users\customer\Downloads\FRST64.exe
2019-02-26 21:17 - 2019-02-26 21:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2019-02-26 21:16 - 2019-02-26 21:17 - 000000000 ____D C:\ProgramData\MCShield
2019-02-26 21:16 - 2019-02-26 21:17 - 000000000 ____D C:\Program Files (x86)\MCShield
2019-02-26 21:15 - 2019-02-26 21:16 - 002856736 ____N (MyCity) C:\Users\customer\Downloads\MCShield-Setup.exe
2019-02-26 21:15 - 2019-02-26 21:16 - 001792512 _____ (Farbar) C:\Users\customer\Downloads\FRST.exe
2019-02-26 21:08 - 2019-02-26 21:09 - 010370944 _____ (AVAST Software) C:\Users\customer\Downloads\avastclear.exe
2019-02-26 20:52 - 2019-02-26 20:52 - 000003010 _____ C:\Windows\System32\Tasks\{880037BC-72EB-4866-9EFE-EDA9BB89270A}
2019-02-26 09:06 - 2019-02-25 19:41 - 007698240 _____ (AVAST Software) C:\Users\customer\Desktop\avast_free_antivirus_setup_online_a3b.exe
2019-02-25 22:22 - 2019-02-25 22:22 - 000000000 ____D C:\ProgramData\Avira
2019-02-25 22:22 - 2019-02-25 22:22 - 000000000 ____D C:\Program Files (x86)\Avira
2019-02-25 21:59 - 2019-02-25 21:59 - 000000000 ____D C:\Program Files (x86)\PCProtect
2019-02-25 21:56 - 2019-02-25 21:56 - 000000000 ____D C:\Program Files (x86)\TotalAV
2019-02-25 19:41 - 2019-02-25 19:41 - 007698240 _____ (AVAST Software) C:\Users\customer\Downloads\avast_free_antivirus_setup_online_a3b.exe
2019-02-25 19:39 - 2019-02-25 19:39 - 007698240 _____ (AVAST Software) C:\Users\customer\Downloads\avast_free_antivirus_setup_online (1).exe
2019-02-25 19:39 - 2019-02-25 19:39 - 000000000 ____D C:\ProgramData\AVAST Software
2019-02-25 19:22 - 2019-02-26 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2019-02-25 19:22 - 2019-02-26 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2019-02-25 19:21 - 2019-02-25 19:21 - 000000000 ____D C:\Windows\PCHEALTH
2019-02-25 19:21 - 2019-02-25 19:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2019-02-25 19:21 - 2019-02-25 19:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2019-02-25 19:21 - 2019-02-25 19:21 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2019-02-25 19:20 - 2019-02-25 19:20 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-02-25 19:20 - 2019-02-25 19:20 - 000000000 ____D C:\Program Files\Microsoft Office
2019-02-25 19:20 - 2019-02-25 19:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2019-02-25 19:19 - 2019-02-25 19:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-02-25 19:19 - 2019-02-25 19:19 - 000000000 __RHD C:\MSOCache
2019-02-25 19:19 - 2019-02-25 19:19 - 000000000 ____D C:\Users\customer\AppData\Local\Microsoft Help
2019-02-25 19:19 - 2019-02-25 19:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2019-02-25 19:15 - 2019-02-25 19:16 - 000000000 ____D C:\Users\customer\AppData\Local\Disc_Soft_Ltd
2019-02-25 19:15 - 2019-02-25 19:15 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2019-02-25 19:15 - 2019-02-25 19:15 - 000000000 ____D C:\Users\Public\Documents\Catch!
2019-02-25 19:15 - 2019-02-25 19:15 - 000000000 ____D C:\Users\customer\AppData\Roaming\DAEMON Tools Lite
2019-02-25 19:14 - 2019-02-25 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\DAEMON Tools Lite
2019-02-25 19:14 - 2019-02-25 19:14 - 000059360 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2019-02-25 19:14 - 2019-02-25 19:14 - 000042256 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2019-02-25 19:14 - 2019-02-25 19:14 - 000001703 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2019-02-25 19:13 - 2019-02-25 19:15 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2019-02-25 18:18 - 2015-02-03 11:34 - 000094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2019-02-25 18:18 - 2015-02-03 11:31 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2019-02-25 18:18 - 2015-02-03 11:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-02-25 18:18 - 2015-02-03 11:29 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2019-02-25 18:18 - 2015-02-03 11:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-02-25 18:18 - 2015-02-03 11:28 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2019-02-25 18:18 - 2015-02-03 11:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-02-25 18:18 - 2015-02-03 11:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-02-25 18:18 - 2015-02-03 11:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-02-25 18:18 - 2015-02-03 11:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-02-25 18:18 - 2015-02-03 11:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-02-25 18:18 - 2015-02-03 10:32 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-02-25 18:18 - 2014-11-01 06:24 - 000619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-02-25 18:18 - 2014-06-28 08:21 - 000532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-02-25 18:17 - 2015-02-03 11:34 - 005554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-02-25 18:17 - 2015-02-03 11:34 - 000693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-02-25 18:17 - 2015-02-03 11:34 - 000155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-02-25 18:17 - 2015-02-03 11:34 - 000095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-02-25 18:17 - 2015-02-03 11:33 - 000616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-02-25 18:17 - 2015-02-03 11:31 - 014632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2019-02-25 18:17 - 2015-02-03 11:31 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 012625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2019-02-25 18:17 - 2015-02-03 11:30 - 001480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 001069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-02-25 18:17 - 2015-02-03 11:30 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2019-02-25 18:17 - 2015-02-03 11:30 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2019-02-25 18:17 - 2015-02-03 11:30 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-02-25 18:17 - 2015-02-03 11:28 - 000686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-02-25 18:17 - 2015-02-03 11:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2019-02-25 18:17 - 2015-02-03 11:19 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2019-02-25 18:17 - 2015-02-03 11:16 - 003973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-02-25 18:17 - 2015-02-03 11:16 - 003917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-02-25 18:17 - 2015-02-03 11:12 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 003209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 001174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2019-02-25 18:17 - 2015-02-03 11:12 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2019-02-25 18:17 - 2015-02-03 11:11 - 012625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2019-02-25 18:17 - 2015-02-03 11:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2019-02-25 18:17 - 2015-02-03 11:11 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2019-02-25 18:17 - 2015-02-03 11:09 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2019-02-25 18:17 - 2015-02-03 11:08 - 000686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-02-25 18:17 - 2015-01-31 07:56 - 000459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2019-02-25 18:17 - 2014-06-28 08:21 - 000457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-02-25 18:15 - 2019-02-25 18:16 - 045918843 _____ C:\Users\customer\Downloads\Windows6.1-KB3033929-x64.msu
2019-02-25 18:13 - 2019-02-25 18:13 - 000212032 _____ (AVAST Software) C:\Users\customer\Downloads\avast_free_antivirus_setup_online.exe
2019-02-25 18:11 - 2019-02-25 18:11 - 000791712 ____N (Disc Soft Ltd.) C:\Users\customer\Downloads\DTLiteInstaller.exe
2019-02-25 18:06 - 2019-02-26 20:56 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2019-02-25 18:05 - 2019-02-25 18:06 - 013146016 ____N (Disc Soft Ltd) C:\Users\customer\Downloads\daemon-tools-5-0-1-multi-win.exe
2019-02-25 15:25 - 2019-02-25 15:25 - 000000000 ____D C:\Users\customer\AppData\Roaming\CryptoTab Browser
2019-02-25 15:16 - 2019-02-25 15:16 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CryptoTab Browser.lnk
2019-02-25 15:16 - 2019-02-25 15:16 - 000002258 _____ C:\Users\Public\Desktop\CryptoTab Browser.lnk
2019-02-25 15:16 - 2019-02-25 15:16 - 000000000 ____D C:\Users\customer\AppData\Local\CryptoTab Browser
2019-02-25 15:15 - 2019-02-25 15:16 - 000000000 ____D C:\Program Files (x86)\CryptoTab Browser
2019-02-25 15:14 - 2019-02-25 15:32 - 000000000 ____D C:\Program Files (x86)\GUM208C.tmp
2019-02-25 15:14 - 2019-02-25 15:14 - 000003412 _____ C:\Windows\System32\Tasks\CryptoTabUpdateTaskMachineUA
2019-02-25 15:14 - 2019-02-25 15:14 - 000003284 _____ C:\Windows\System32\Tasks\CryptoTabUpdateTaskMachineCore
2019-02-25 15:14 - 2019-02-25 15:14 - 000000000 ____D C:\Program Files (x86)\CryptoCompany
2019-02-25 15:13 - 2019-02-25 15:13 - 001322479 _____ (CRYPTOCOMPANY OU) C:\Users\customer\Downloads\CryptoTabSetup_Jm6x1uU.exe
2019-02-25 15:13 - 2019-02-25 15:13 - 001244200 ___SH (CRYPTOCOMPANY OU) C:\Users\customer\Downloads\CryptoTabSetup_Jm6x1uU.exe.dat
2019-02-25 15:13 - 2019-02-25 15:13 - 000000000 ____D C:\Users\customer\AppData\Local\CryptoCompany
2019-02-25 14:36 - 2019-02-25 14:39 - 100158880 _____ (Shift) C:\Users\customer\Downloads\shift-windows.exe
2019-02-24 16:31 - 2015-04-16 19:34 - 4048869376 _____ C:\Users\customer\Desktop\Microsoft Office 2010 SP2 de_en_ru_ua 14.0.7140.5002.iso
2019-02-22 21:28 - 2019-02-22 21:28 - 000000000 ____D C:\Windows\SysWOW64\SDA
2019-02-22 21:27 - 2019-02-22 21:27 - 001024273 _____ C:\Users\customer\Downloads\RIDFMC-00244061-0042.zip
2019-02-22 19:32 - 2019-02-24 10:33 - 000000038 _____ C:\Users\customer\AppData\Roaming\WB.CFG
2019-02-21 21:41 - 2019-02-21 21:41 - 000000000 ____D C:\Users\customer\AppData\LocalLow\Temp
2019-02-21 21:16 - 2019-02-21 21:16 - 407010384 _____ (Microsoft Corporation) C:\Users\customer\Downloads\Microsoft-Office-Professional-2007.exe
2019-02-21 21:05 - 2019-02-21 21:05 - 009991328 _____ (Microsoft Corporation) C:\Users\customer\Downloads\microsoft_word.exe
2019-02-21 21:03 - 2019-02-21 21:03 - 002485696 _____ (Makopanid ) C:\Users\customer\Downloads\microsoft_word_0881632119.exe
2019-02-21 20:42 - 2019-02-21 20:42 - 002461328 _____ ( ) C:\Users\customer\Downloads\microsoft_office_2007_setup314_2459860692.exe
2019-02-21 19:18 - 2019-02-21 19:18 - 000000000 ____D C:\Users\customer\AppData\Local\latecof
2019-02-21 19:18 - 2019-02-21 19:18 - 000000000 ____D C:\Users\customer\AppData\Local\{869FB0C3-A237-DC7B-CFAF-F993EBC7050B}
2019-02-21 19:15 - 2019-02-21 19:15 - 000000000 ____D C:\ProgramData\ByteFence
2019-02-21 19:02 - 2019-02-21 19:21 - 000000000 ____D C:\Users\customer\Documents\New folder
2019-02-21 19:00 - 2019-02-21 19:00 - 002461328 _____ ( ) C:\Users\customer\Downloads\microsoft_word_ms_office_2007_setup7216_3544064554.exe
2019-02-16 18:20 - 2019-02-25 22:08 - 000000000 ____D C:\Users\customer\Downloads\opera autoupdate
2019-02-16 09:13 - 2019-02-16 09:13 - 000004340 _____ C:\Windows\System32\Tasks\Opera scheduled assistant Autoupdate 1550279585
2019-02-01 20:55 - 2019-02-01 20:55 - 000000000 ____D C:\Users\customer\Documents\Bluetooth Exchange Folder
2019-02-01 20:55 - 2019-02-01 20:55 - 000000000 ____D C:\Users\customer\AppData\Local\Broadcom
2019-02-01 20:51 - 2011-07-12 13:20 - 000135720 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2019-02-01 20:51 - 2011-07-12 13:20 - 000102952 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2019-02-01 20:51 - 2011-07-12 13:20 - 000021544 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2019-02-01 20:51 - 2011-07-12 13:19 - 000039464 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2019-02-01 20:50 - 2019-02-22 21:27 - 000000021 _____ C:\Windows\Model.txt
2019-02-01 20:50 - 2019-02-01 20:50 - 000000000 ____D C:\Program Files\WIDCOMM
2019-02-01 20:48 - 2019-02-01 20:50 - 037151592 _____ C:\Users\customer\Downloads\BRDBLT-00254589-0042.exe
2019-01-30 09:21 - 2019-02-26 20:56 - 000000000 ____D C:\Users\customer\AppData\Roaming\vlc
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-26 21:38 - 2009-07-14 11:20 - 000000000 ____D C:\Program Files\Common Files\System
2019-02-26 21:37 - 2019-01-14 12:14 - 000000140 _____ C:\Windows\Reimage.ini
2019-02-26 21:17 - 2019-01-14 01:38 - 000002836 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (customer)
2019-02-26 21:02 - 2009-07-14 13:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-26 21:02 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2019-02-26 20:57 - 2019-01-13 19:27 - 000000000 ____D C:\Users\customer
2019-02-26 20:57 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-26 20:56 - 2019-01-13 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus
2019-02-26 20:56 - 2019-01-13 20:26 - 000000000 ____D C:\Program Files (x86)\SMADAV
2019-02-26 20:56 - 2010-11-21 15:16 - 000000000 ____D C:\Windows\ShellNew
2019-02-26 20:56 - 2009-07-14 13:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-02-26 20:56 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\system32\NDF
2019-02-26 20:56 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\registration
2019-02-26 20:56 - 2009-07-14 11:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2019-02-26 20:55 - 2019-01-14 01:10 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-25 19:50 - 2009-07-14 10:34 - 000000478 _____ C:\Windows\win.ini
2019-02-25 19:34 - 2009-07-14 12:45 - 000414656 _____ C:\Windows\system32\FNTCACHE.DAT
2019-02-25 19:08 - 2009-07-14 12:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-25 19:08 - 2009-07-14 12:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-25 19:02 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-02-25 19:02 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\system32\Dism
2019-02-24 09:48 - 2019-01-14 01:12 - 000004100 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1547399530
2019-02-22 18:46 - 2019-01-13 20:10 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-22 18:46 - 2019-01-13 20:10 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-20 11:13 - 2019-01-14 01:38 - 000000000 ____D C:\Program Files (x86)\Driver Booster 6
2019-02-01 21:10 - 2019-01-13 19:28 - 000000000 ____D C:\Users\customer\AppData\Local\VirtualStore
 
==================== Files in the root of some directories =======
 
2019-02-22 19:32 - 2019-02-24 10:33 - 000000038 _____ () C:\Users\customer\AppData\Roaming\WB.CFG
 
Some files in TEMP:
====================
2019-02-01 20:50 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF5F93.EXE
2019-02-01 20:50 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF6AEA.EXE
2019-02-21 19:25 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF7861.EXE
2019-02-21 19:25 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF802F.EXE
2019-02-22 21:27 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLFF36A.EXE
2019-02-22 21:27 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLFF4D2.EXE
2019-02-21 19:24 - 2019-02-21 19:24 - 002461328 _____ (                                                            ) C:\Users\customer\AppData\Local\Temp\microsoft_word_ms_office_2007_setup7216_3544064554.exe
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702124654264.dll
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702133035776.dll
2019-01-14 12:14 - 2019-01-14 12:15 - 015095472 _____ (Reimage) C:\Users\customer\AppData\Local\Temp\ReimagePackage.exe
2019-01-14 01:23 - 2019-02-25 19:22 - 000000014 _____ () C:\Users\customer\AppData\Local\Temp\update.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 11:24] - [2019-01-13 19:27] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79
 
C:\Windows\SysWOW64\User32.dll
[2010-11-21 11:24] - [2019-01-13 19:27] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE
 
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2019-02-14 20:21
 
==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.02.2019 01
Ran by customer (administrator) on CUSTOMER-PC (26-02-2019 21:45:52)
Running from C:\Users\customer\Downloads
Loaded Profiles: customer (Available Profiles: customer)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Program Files (x86)\CryptoTab Browser\Application\browser.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) [File not signed] C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\CryptoTabCrashHandler.exe
(CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\CryptoTabCrashHandler64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Borislav Surbat -> MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391096 2019-01-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505840 2019-01-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1781760 2017-04-13] (Smadsoft) [File not signed]
HKLM-x32\...\Run: [CryptoTab Browser] => C:\Program Files (x86)\CryptoTab Browser\Application\browser.exe [1867304 2019-02-15] (CRYPTOCOMPANY OÜ -> The Chromium and CryptoTab Browser Authors)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [uTorrent] => "C:\Users\customer\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [C:/Program Files (x86)/Media Freeware/Free Youtube To MP3 Downloader/Free Youtube to Mp3 Downloader.exe] => C:\Program Files (x86)\Media Freeware\Free Youtube To MP3 Downloader\Free Youtube to Mp3 Downloader.exe
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [Opera Browser Assistant] => C:\Users\customer\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2558495 2019-02-21] (Opera Software AS -> Opera Software) [File not signed]
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [735336 2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-12] (Borislav Surbat -> MyCity)
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\MountPoints2: {e9c5f2a4-38ec-11e9-aab7-3859f9d06b3b} - G:\SETUP.EXE
HKLM\Software\Microsoft\Active Setup\Installed Components: [{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}] -> C:\Program Files (x86)\CryptoTab Browser\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-25] (CRYPTOCOMPANY OÜ -> The Chromium and CryptoTab Browser Authors)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-22] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2010-07-29] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
AppInit_DLLs-x32: C:\PROGRA~1\COMMON~1\System\symsrv.dll => C:\Program Files\Common Files\System\symsrv.dll [69337 2019-01-13] (Microsoft Corporation) [File not signed]
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4249759 2014-03-06] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2019-02-01]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B6F33192-A27A-4FB2-902B-0F1C3F9C3773}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1608357908-2036049685-2604263660-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2014-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2014-03-06] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll [2012-11-10] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [2012-10-31] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) [File not signed]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.CryptoTab.com/CryptoTab Update;version=3 -> C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\npCryptoTabUpdate3.dll [2019-02-25] (Google Inc (TEST) -> CRYPTOCOMPANY OU) [File not signed]
FF Plugin-x32: @tools.CryptoTab.com/CryptoTab Update;version=9 -> C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\npCryptoTabUpdate3.dll [2019-02-25] (Google Inc (TEST) -> CRYPTOCOMPANY OU) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-13] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-13] (Google Inc -> Google Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://feed.quick-converter.com/?q={searchTerms}&publisher=quick-converter&barcodeid=537360000000000
CHR DefaultSearchKeyword: Default -> QuickConverter
CHR DefaultSuggestURL: Default -> hxxps://suggest.quick-converter.com/suggest/get?q={searchTerms}
CHR Profile: C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default [2019-02-26]
CHR Extension: (Docs) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-14]
CHR Extension: (Google Drive) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-13]
CHR Extension: (YouTube) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-14]
CHR Extension: (Google Search) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2019-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-14]
CHR Extension: (QuickConverter) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd [2019-01-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-14]
CHR Extension: (Gmail) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-01-14]
CHR Extension: (Chrome Media Router) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-09]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [246784 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
S2 cryptobrowser; C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe [264175 2019-02-25] (CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) [File not signed]
S3 cryptobrowserm; C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe [264175 2019-02-25] (CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4132456 2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S2 rtop; "c:\program files\bytefence\rtop\bin\rtop_svc.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [21622784 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [665088 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2019-01-14] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwampfl; C:\Windows\System32\DRIVERS\btwampfl.sys [344616 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [102952 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwavdt; C:\Windows\System32\DRIVERS\btwavdt.sys [135720 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [39464 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [21544 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
S3 cpuz140; C:\Users\customer\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [43840 2019-01-14] (CPUID -> CPUID) <==== ATTENTION
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [42256 2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [59360 2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-01-13] (Martin Malik - REALiX -> REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-06] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C63x64.sys [125048 2016-01-29] (Rivet Networks LLC -> Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [181304 2016-03-29] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 rimspci; C:\Windows\System32\DRIVERS\rimspe64.sys [73728 2019-01-13] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R2 risdxc; C:\Windows\System32\DRIVERS\risdxc64.sys [104960 2019-01-14] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R3 SFEP; C:\Windows\System32\DRIVERS\SFEP.sys [14336 2012-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Sony Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-26 21:27 - 2019-02-26 21:29 - 000023428 _____ C:\Users\customer\Downloads\Addition.txt
2019-02-26 21:26 - 2019-02-26 21:46 - 000018466 _____ C:\Users\customer\Downloads\FRST.txt
2019-02-26 21:26 - 2019-02-26 21:45 - 000000000 ____D C:\FRST
2019-02-26 21:25 - 2019-02-26 21:26 - 002433536 _____ (Farbar) C:\Users\customer\Downloads\FRST64.exe
2019-02-26 21:17 - 2019-02-26 21:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2019-02-26 21:16 - 2019-02-26 21:17 - 000000000 ____D C:\ProgramData\MCShield
2019-02-26 21:16 - 2019-02-26 21:17 - 000000000 ____D C:\Program Files (x86)\MCShield
2019-02-26 21:15 - 2019-02-26 21:16 - 002856736 ____N (MyCity) C:\Users\customer\Downloads\MCShield-Setup.exe
2019-02-26 21:15 - 2019-02-26 21:16 - 001792512 _____ (Farbar) C:\Users\customer\Downloads\FRST.exe
2019-02-26 21:08 - 2019-02-26 21:09 - 010370944 _____ (AVAST Software) C:\Users\customer\Downloads\avastclear.exe
2019-02-26 20:52 - 2019-02-26 20:52 - 000003010 _____ C:\Windows\System32\Tasks\{880037BC-72EB-4866-9EFE-EDA9BB89270A}
2019-02-26 09:06 - 2019-02-25 19:41 - 007698240 _____ (AVAST Software) C:\Users\customer\Desktop\avast_free_antivirus_setup_online_a3b.exe
2019-02-25 22:22 - 2019-02-25 22:22 - 000000000 ____D C:\ProgramData\Avira
2019-02-25 22:22 - 2019-02-25 22:22 - 000000000 ____D C:\Program Files (x86)\Avira
2019-02-25 21:59 - 2019-02-25 21:59 - 000000000 ____D C:\Program Files (x86)\PCProtect
2019-02-25 21:56 - 2019-02-25 21:56 - 000000000 ____D C:\Program Files (x86)\TotalAV
2019-02-25 19:41 - 2019-02-25 19:41 - 007698240 _____ (AVAST Software) C:\Users\customer\Downloads\avast_free_antivirus_setup_online_a3b.exe
2019-02-25 19:39 - 2019-02-25 19:39 - 007698240 _____ (AVAST Software) C:\Users\customer\Downloads\avast_free_antivirus_setup_online (1).exe
2019-02-25 19:39 - 2019-02-25 19:39 - 000000000 ____D C:\ProgramData\AVAST Software
2019-02-25 19:22 - 2019-02-26 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2019-02-25 19:22 - 2019-02-26 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2019-02-25 19:21 - 2019-02-25 19:21 - 000000000 ____D C:\Windows\PCHEALTH
2019-02-25 19:21 - 2019-02-25 19:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2019-02-25 19:21 - 2019-02-25 19:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2019-02-25 19:21 - 2019-02-25 19:21 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2019-02-25 19:20 - 2019-02-25 19:20 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-02-25 19:20 - 2019-02-25 19:20 - 000000000 ____D C:\Program Files\Microsoft Office
2019-02-25 19:20 - 2019-02-25 19:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2019-02-25 19:19 - 2019-02-25 19:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-02-25 19:19 - 2019-02-25 19:19 - 000000000 __RHD C:\MSOCache
2019-02-25 19:19 - 2019-02-25 19:19 - 000000000 ____D C:\Users\customer\AppData\Local\Microsoft Help
2019-02-25 19:19 - 2019-02-25 19:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2019-02-25 19:15 - 2019-02-25 19:16 - 000000000 ____D C:\Users\customer\AppData\Local\Disc_Soft_Ltd
2019-02-25 19:15 - 2019-02-25 19:15 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2019-02-25 19:15 - 2019-02-25 19:15 - 000000000 ____D C:\Users\Public\Documents\Catch!
2019-02-25 19:15 - 2019-02-25 19:15 - 000000000 ____D C:\Users\customer\AppData\Roaming\DAEMON Tools Lite
2019-02-25 19:14 - 2019-02-25 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\DAEMON Tools Lite
2019-02-25 19:14 - 2019-02-25 19:14 - 000059360 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2019-02-25 19:14 - 2019-02-25 19:14 - 000042256 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2019-02-25 19:14 - 2019-02-25 19:14 - 000001703 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2019-02-25 19:13 - 2019-02-25 19:15 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2019-02-25 18:18 - 2015-02-03 11:34 - 000094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2019-02-25 18:18 - 2015-02-03 11:31 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2019-02-25 18:18 - 2015-02-03 11:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-02-25 18:18 - 2015-02-03 11:29 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2019-02-25 18:18 - 2015-02-03 11:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-02-25 18:18 - 2015-02-03 11:28 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2019-02-25 18:18 - 2015-02-03 11:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-02-25 18:18 - 2015-02-03 11:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-02-25 18:18 - 2015-02-03 11:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-02-25 18:18 - 2015-02-03 11:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-02-25 18:18 - 2015-02-03 11:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-02-25 18:18 - 2015-02-03 10:32 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-02-25 18:18 - 2014-11-01 06:24 - 000619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-02-25 18:18 - 2014-06-28 08:21 - 000532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-02-25 18:17 - 2015-02-03 11:34 - 005554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-02-25 18:17 - 2015-02-03 11:34 - 000693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-02-25 18:17 - 2015-02-03 11:34 - 000155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-02-25 18:17 - 2015-02-03 11:34 - 000095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-02-25 18:17 - 2015-02-03 11:33 - 000616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-02-25 18:17 - 2015-02-03 11:31 - 014632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2019-02-25 18:17 - 2015-02-03 11:31 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 012625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2019-02-25 18:17 - 2015-02-03 11:30 - 001480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 001069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-02-25 18:17 - 2015-02-03 11:30 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2019-02-25 18:17 - 2015-02-03 11:30 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2019-02-25 18:17 - 2015-02-03 11:30 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-02-25 18:17 - 2015-02-03 11:28 - 000686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-02-25 18:17 - 2015-02-03 11:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2019-02-25 18:17 - 2015-02-03 11:19 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2019-02-25 18:17 - 2015-02-03 11:16 - 003973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-02-25 18:17 - 2015-02-03 11:16 - 003917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-02-25 18:17 - 2015-02-03 11:12 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 003209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 001174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2019-02-25 18:17 - 2015-02-03 11:12 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2019-02-25 18:17 - 2015-02-03 11:11 - 012625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2019-02-25 18:17 - 2015-02-03 11:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2019-02-25 18:17 - 2015-02-03 11:11 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2019-02-25 18:17 - 2015-02-03 11:09 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2019-02-25 18:17 - 2015-02-03 11:08 - 000686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-02-25 18:17 - 2015-01-31 07:56 - 000459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2019-02-25 18:17 - 2014-06-28 08:21 - 000457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-02-25 18:15 - 2019-02-25 18:16 - 045918843 _____ C:\Users\customer\Downloads\Windows6.1-KB3033929-x64.msu
2019-02-25 18:13 - 2019-02-25 18:13 - 000212032 _____ (AVAST Software) C:\Users\customer\Downloads\avast_free_antivirus_setup_online.exe
2019-02-25 18:11 - 2019-02-25 18:11 - 000791712 ____N (Disc Soft Ltd.) C:\Users\customer\Downloads\DTLiteInstaller.exe
2019-02-25 18:06 - 2019-02-26 20:56 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2019-02-25 18:05 - 2019-02-25 18:06 - 013146016 ____N (Disc Soft Ltd) C:\Users\customer\Downloads\daemon-tools-5-0-1-multi-win.exe
2019-02-25 15:25 - 2019-02-25 15:25 - 000000000 ____D C:\Users\customer\AppData\Roaming\CryptoTab Browser
2019-02-25 15:16 - 2019-02-25 15:16 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CryptoTab Browser.lnk
2019-02-25 15:16 - 2019-02-25 15:16 - 000002258 _____ C:\Users\Public\Desktop\CryptoTab Browser.lnk
2019-02-25 15:16 - 2019-02-25 15:16 - 000000000 ____D C:\Users\customer\AppData\Local\CryptoTab Browser
2019-02-25 15:15 - 2019-02-25 15:16 - 000000000 ____D C:\Program Files (x86)\CryptoTab Browser
2019-02-25 15:14 - 2019-02-25 15:32 - 000000000 ____D C:\Program Files (x86)\GUM208C.tmp
2019-02-25 15:14 - 2019-02-25 15:14 - 000003412 _____ C:\Windows\System32\Tasks\CryptoTabUpdateTaskMachineUA
2019-02-25 15:14 - 2019-02-25 15:14 - 000003284 _____ C:\Windows\System32\Tasks\CryptoTabUpdateTaskMachineCore
2019-02-25 15:14 - 2019-02-25 15:14 - 000000000 ____D C:\Program Files (x86)\CryptoCompany
2019-02-25 15:13 - 2019-02-25 15:13 - 001322479 _____ (CRYPTOCOMPANY OU) C:\Users\customer\Downloads\CryptoTabSetup_Jm6x1uU.exe
2019-02-25 15:13 - 2019-02-25 15:13 - 001244200 ___SH (CRYPTOCOMPANY OU) C:\Users\customer\Downloads\CryptoTabSetup_Jm6x1uU.exe.dat
2019-02-25 15:13 - 2019-02-25 15:13 - 000000000 ____D C:\Users\customer\AppData\Local\CryptoCompany
2019-02-25 14:36 - 2019-02-25 14:39 - 100158880 _____ (Shift) C:\Users\customer\Downloads\shift-windows.exe
2019-02-24 16:31 - 2015-04-16 19:34 - 4048869376 _____ C:\Users\customer\Desktop\Microsoft Office 2010 SP2 de_en_ru_ua 14.0.7140.5002.iso
2019-02-22 21:28 - 2019-02-22 21:28 - 000000000 ____D C:\Windows\SysWOW64\SDA
2019-02-22 21:27 - 2019-02-22 21:27 - 001024273 _____ C:\Users\customer\Downloads\RIDFMC-00244061-0042.zip
2019-02-22 19:32 - 2019-02-24 10:33 - 000000038 _____ C:\Users\customer\AppData\Roaming\WB.CFG
2019-02-21 21:41 - 2019-02-21 21:41 - 000000000 ____D C:\Users\customer\AppData\LocalLow\Temp
2019-02-21 21:16 - 2019-02-21 21:16 - 407010384 _____ (Microsoft Corporation) C:\Users\customer\Downloads\Microsoft-Office-Professional-2007.exe
2019-02-21 21:05 - 2019-02-21 21:05 - 009991328 _____ (Microsoft Corporation) C:\Users\customer\Downloads\microsoft_word.exe
2019-02-21 21:03 - 2019-02-21 21:03 - 002485696 _____ (Makopanid ) C:\Users\customer\Downloads\microsoft_word_0881632119.exe
2019-02-21 20:42 - 2019-02-21 20:42 - 002461328 _____ ( ) C:\Users\customer\Downloads\microsoft_office_2007_setup314_2459860692.exe
2019-02-21 19:18 - 2019-02-21 19:18 - 000000000 ____D C:\Users\customer\AppData\Local\latecof
2019-02-21 19:18 - 2019-02-21 19:18 - 000000000 ____D C:\Users\customer\AppData\Local\{869FB0C3-A237-DC7B-CFAF-F993EBC7050B}
2019-02-21 19:15 - 2019-02-21 19:15 - 000000000 ____D C:\ProgramData\ByteFence
2019-02-21 19:02 - 2019-02-21 19:21 - 000000000 ____D C:\Users\customer\Documents\New folder
2019-02-21 19:00 - 2019-02-21 19:00 - 002461328 _____ ( ) C:\Users\customer\Downloads\microsoft_word_ms_office_2007_setup7216_3544064554.exe
2019-02-16 18:20 - 2019-02-25 22:08 - 000000000 ____D C:\Users\customer\Downloads\opera autoupdate
2019-02-16 09:13 - 2019-02-16 09:13 - 000004340 _____ C:\Windows\System32\Tasks\Opera scheduled assistant Autoupdate 1550279585
2019-02-01 20:55 - 2019-02-01 20:55 - 000000000 ____D C:\Users\customer\Documents\Bluetooth Exchange Folder
2019-02-01 20:55 - 2019-02-01 20:55 - 000000000 ____D C:\Users\customer\AppData\Local\Broadcom
2019-02-01 20:51 - 2011-07-12 13:20 - 000135720 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2019-02-01 20:51 - 2011-07-12 13:20 - 000102952 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2019-02-01 20:51 - 2011-07-12 13:20 - 000021544 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2019-02-01 20:51 - 2011-07-12 13:19 - 000039464 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2019-02-01 20:50 - 2019-02-22 21:27 - 000000021 _____ C:\Windows\Model.txt
2019-02-01 20:50 - 2019-02-01 20:50 - 000000000 ____D C:\Program Files\WIDCOMM
2019-02-01 20:48 - 2019-02-01 20:50 - 037151592 _____ C:\Users\customer\Downloads\BRDBLT-00254589-0042.exe
2019-01-30 09:21 - 2019-02-26 20:56 - 000000000 ____D C:\Users\customer\AppData\Roaming\vlc
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-26 21:38 - 2009-07-14 11:20 - 000000000 ____D C:\Program Files\Common Files\System
2019-02-26 21:37 - 2019-01-14 12:14 - 000000140 _____ C:\Windows\Reimage.ini
2019-02-26 21:17 - 2019-01-14 01:38 - 000002836 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (customer)
2019-02-26 21:02 - 2009-07-14 13:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-26 21:02 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2019-02-26 20:57 - 2019-01-13 19:27 - 000000000 ____D C:\Users\customer
2019-02-26 20:57 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-26 20:56 - 2019-01-13 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus
2019-02-26 20:56 - 2019-01-13 20:26 - 000000000 ____D C:\Program Files (x86)\SMADAV
2019-02-26 20:56 - 2010-11-21 15:16 - 000000000 ____D C:\Windows\ShellNew
2019-02-26 20:56 - 2009-07-14 13:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-02-26 20:56 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\system32\NDF
2019-02-26 20:56 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\registration
2019-02-26 20:56 - 2009-07-14 11:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2019-02-26 20:55 - 2019-01-14 01:10 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-25 19:50 - 2009-07-14 10:34 - 000000478 _____ C:\Windows\win.ini
2019-02-25 19:34 - 2009-07-14 12:45 - 000414656 _____ C:\Windows\system32\FNTCACHE.DAT
2019-02-25 19:08 - 2009-07-14 12:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-25 19:08 - 2009-07-14 12:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-25 19:02 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-02-25 19:02 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\system32\Dism
2019-02-24 09:48 - 2019-01-14 01:12 - 000004100 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1547399530
2019-02-22 18:46 - 2019-01-13 20:10 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-22 18:46 - 2019-01-13 20:10 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-20 11:13 - 2019-01-14 01:38 - 000000000 ____D C:\Program Files (x86)\Driver Booster 6
2019-02-01 21:10 - 2019-01-13 19:28 - 000000000 ____D C:\Users\customer\AppData\Local\VirtualStore
 
==================== Files in the root of some directories =======
 
2019-02-22 19:32 - 2019-02-24 10:33 - 000000038 _____ () C:\Users\customer\AppData\Roaming\WB.CFG
 
Some files in TEMP:
====================
2019-02-01 20:50 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF5F93.EXE
2019-02-01 20:50 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF6AEA.EXE
2019-02-21 19:25 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF7861.EXE
2019-02-21 19:25 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF802F.EXE
2019-02-22 21:27 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLFF36A.EXE
2019-02-22 21:27 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLFF4D2.EXE
2019-02-21 19:24 - 2019-02-21 19:24 - 002461328 _____ (                                                            ) C:\Users\customer\AppData\Local\Temp\microsoft_word_ms_office_2007_setup7216_3544064554.exe
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702124654264.dll
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702133035776.dll
2019-01-14 12:14 - 2019-01-14 12:15 - 015095472 _____ (Reimage) C:\Users\customer\AppData\Local\Temp\ReimagePackage.exe
2019-01-14 01:23 - 2019-02-25 19:22 - 000000014 _____ () C:\Users\customer\AppData\Local\Temp\update.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 11:24] - [2019-01-13 19:27] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79
 
C:\Windows\SysWOW64\User32.dll
[2010-11-21 11:24] - [2019-01-13 19:27] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE
 
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2019-02-14 20:21
 
==================== End of FRST.txt ============================

  • 0

#5
jasmallari12

jasmallari12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Here is the copy of the last step from running ADW 
 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build:    01-30-2019
# Database: 2019-02-21.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    03-01-2019
# Duration: 00:00:03
# OS:       Windows 7 Ultimate
# Cleaned:  43
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\Users\customer\AppData\Roaming\IObit\Advanced SystemCare
Deleted       C:\ProgramData\ByteFence
Deleted       C:\Program Files (x86)\Driver Identifier
Deleted       C:\Users\customer\AppData\Roaming\driveridentifier
Deleted       C:\Users\customer\AppData\Roaming\DRPSu
Deleted       C:\Program Files (x86)\TotalAV
Deleted       C:\Program Files (x86)\PCProtect
 
***** [ Files ] *****
 
Deleted       C:\Users\customer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Driver Booster.lnk
Deleted       C:\Users\customer\Downloads\ReimageRepair.exe
Deleted       C:\Windows\Reimage.ini
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
Deleted       C:\Windows\System32\Tasks\Driver Booster Scheduler
 
***** [ Registry ] *****
 
Deleted       HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
Deleted       HKLM\Software\Classes\driveruploader
Deleted       HKCU\Software\drpsu
Deleted       HKLM\Software\Wow6432Node\drpsu
Deleted       HKLM\Software\drpsu
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\drp.su
Deleted       HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\browser.exe
Deleted       HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\REI_AxControl.DLL
Deleted       HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted       HKLM\Software\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted       HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted       HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted       HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted       HKLM\Software\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted       HKLM\Software\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32A6AA05-B9D8-4FBB-BA21-44744EEE4DA8}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
Deleted       HKCU\Software\Reimage
Deleted       HKLM\Software\Reimage
Deleted       HKLM\Software\Classes\REI_AxControl.ReiEngine.1
Deleted       HKLM\Software\Classes\REI_AxControl.ReiEngine
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\browser.exe
Deleted       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\browser.exe
Deleted       HKLM\Software\Wow6432Node\{DAF8B7E5-449D-4180-8281-10E536E597F2}
 
***** [ Chromium (and derivatives) ] *****
 
Deleted       Quick Converter
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [5062 octets] - [01/03/2019 21:10:07]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,178 posts

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)

 

 

Please remove the following program: https://vms.drweb.co...rus/?i=17670490

 

CryptoTab Browser
 

  • Highlight the entire content of the quote box below.

Start::
S2 rtop; "c:\program files\bytefence\rtop\bin\rtop_svc.exe" [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
S3 cpuz140; C:\Users\customer\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [43840 2019-01-14] (CPUID -> CPUID) <==== ATTENTION
C:\Users\customer\AppData\Local\Temp\cpuz140
Task: {6B8FD043-306E-4889-8452-7E69A8D67ED9} - System32\Tasks\CryptoTabUpdateTaskMachineUA => C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY Oš -> CRYPTOCOMPANY OU) [File not signed] <==== ATTENTION
System32\Tasks\CryptoTabUpdateTaskMachineUA
Task: {7FA3F3BE-F4E7-43AA-958B-0F05881DB6C7} - System32\Tasks\CryptoTabUpdateTaskMachineCore => C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY Oš -> CRYPTOCOMPANY OU) [File not signed] <==== ATTENTION
System32\Tasks\CryptoTabUpdateTaskMachineCore
FirewallRules: [{C1DE9A46-85AF-4FAC-B9E8-DB823D89ED0A}] => (Allow) F:\Drivers\DriverPack\bin\tools\aria2c.exe No File
FirewallRules: [{09ABD1D2-4488-47FA-A036-A945089205D6}] => (Allow) C:\Users\customer\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{F16CC6E3-02BB-41A8-9109-5071DA1AC32D}] => (Allow) C:\Users\customer\AppData\Roaming\uTorrent\uTorrent.exe No File
2019-02-25 15:16 - 2019-02-25 15:16 - 000000000 ____D C:\Users\customer\AppData\Local\CryptoTab Browser
2019-02-25 15:13 - 2019-02-25 15:13 - 000000000 ____D C:\Users\customer\AppData\Local\CryptoCompany
2019-02-01 20:50 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF5F93.EXE
2019-02-01 20:50 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF6AEA.EXE
2019-02-21 19:25 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF7861.EXE
2019-02-21 19:25 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF802F.EXE
2019-02-22 21:27 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLFF36A.EXE
2019-02-22 21:27 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLFF4D2.EXE
2019-02-21 19:24 - 2019-02-21 19:24 - 002461328 _____ (                                                            ) C:\Users\customer\AppData\Local\Temp\microsoft_word_ms_office_2007_setup7216_3544064554.exe
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702124654264.dll
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702133035776.dll
2019-01-14 12:14 - 2019-01-14 12:15 - 015095472 _____ (Reimage) C:\Users\customer\AppData\Local\Temp\ReimagePackage.exe
2019-01-14 01:23 - 2019-02-25 19:22 - 000000014 _____ () C:\Users\customer\AppData\Local\Temp\update.exe
2019-02-01 20:50 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF5F93.EXE
2019-02-01 20:50 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF6AEA.EXE
2019-02-21 19:25 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF7861.EXE
2019-02-21 19:25 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF802F.EXE
2019-02-22 21:27 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLFF36A.EXE
2019-02-22 21:27 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLFF4D2.EXE
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702124654264.dll
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702133035776.dll
2019-01-14 12:14 - 2019-01-14 12:15 - 015095472 _____ (Reimage) C:\Users\customer\AppData\Local\Temp\ReimagePackage.exe
2019-01-14 01:23 - 2019-02-25 19:22 - 000000014 _____ () C:\Users\customer\AppData\Local\Temp\update.exe
2019-02-25 15:14 - 2019-02-25 15:32 - 000000000 ____D C:\Program Files (x86)\GUM208C.tmp
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select <script pagespeed_no_defer="" type="text/javascript">//=d.offsetWidth&&0>=d.offsetHeight)a=!1;else{c=d.getBoundingClientRect();var f=document.body;a=c.top+("pageYOffset"in window? window.pageYOffset:(document.documentElement||f.parentNode||f).scrollTop);c=c.left+("pageXOffset"in window?window.pageXOffset:(document.documentElement||f.parentNode||f).scrollLeft);f=a.toString()+","+c;b.b.hasOwnProperty(f)?a=!1:(b.b[f]=!0,a=a<=b.e.height&&c<=b.e.width)}a&&(b.a.push(e),b.d[e]=!0)};p.prototype.checkImageForCriticality=function(b){b.getBoundingClientRect&&q(this,b)};h("pagespeed.CriticalImages.checkImageForCriticality",function(b){n.checkImageForCriticality(b)}); h("pagespeed.CriticalImages.checkCriticalImages",function(){r(n)}); var r=function(b){b.b={};for(var d=["IMG","INPUT"],a=[],c=0;c=a.length+e.length&&(a+=e)}b.g&&(e="&rd="+encodeURIComponent(JSON.stringify(s())),131072>=a.length+e.length&&(a+=e),d=!0);t=a;if(d){c=b.f;b=b.h;var f; if(window.XMLHttpRequest)f=new XMLHttpRequest;else if(window.ActiveXObject)try{f=new ActiveXObject("Msxml2.XMLHTTP")}catch(k){try{f=new ActiveXObject("Microsoft.XMLHTTP")}catch(u){}}f&&(f.open("POST",c+(-1==c.indexOf("?")?"?":"&")+"url="+encodeURIComponent(b)),f.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),f.send(a))}}},s=function(){var b={},d=document.getElementsByTagName("IMG");if(0==d.length)return{};var a=d[0];if(!("naturalWidth"in a&&"naturalHeight"in a))return{};for(var c= 0;a=d[c];++c){var e=a.getAttribute("pagespeed_url_hash");e&&(!(e in b)&&0=b[e].k&&a.height>=b[e].j)&&(b[e]={rw:a.width,rh:a.height,ow:a.naturalWidth,oh:a.naturalHeight})}return b},t="";h("pagespeed.CriticalImages.getBeaconData",function(){return t});h("pagespeed.CriticalImages.Run",function(b,d,a,c,e,f){var k=new p(b,d,a,e,f);n=k;c&&m(function(){window.setTimeout(function(){r(k)},0)})});})(); pagespeed.CriticalImages.Run('/mod_pagespeed_beacon','http://www.geekstogo.com/forum/index.php?s=ecd0dfef55e79e1097720149dd3eb3a9&app=forums&module=ajax§ion=topics&do=quote&t=372880&p=2634824&md5check=5a9547eb0374a507d8a7c3443a7224d0&isRte=1,mKmPV3o1Px,true,true,t8GPxAEd7jY');//]]></script> Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)&&0
  • Accept the EULA (I accept), then click on Scan Now
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Repair and restart button. This will kill all active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

 

The logs submitted did not include the Fixlog.txt.

 

The FRST.txt and Addition.txt are old logs. Please post the Fixlog.txt and additionally, a set of new FRST.txt and Addition.txt logs.


  • 0

#7
jasmallari12

jasmallari12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Whenever I run the FRST. and click Fix. It will end up restarting the laptop. How will I be able to see the logs?
  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,178 posts
The logs are saved next to frst64.exe.
  • 0

#9
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,178 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: Virus, malware, malware removal, trojan, microsoft word, software issue, antivirus, installation

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP