Hi I'm sorry for the late reply. What program you want me to remove?? CryptoTab Browser?
Hi
Welcome
I'll be helping you with your computer.
Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.
Please take note of the guidelines for this fix:
- Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
- First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
- Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
- Please read ALL instructions carefully and perform the steps fully and in the order they are written.
- If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
- Continue to read and follow my instructions until I tell you that your machine is clean.
- If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
- Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary.
Let's begin...
Please remove the following program: https://vms.drweb.co...rus/?i=17670490
CryptoTab Browser
- Highlight the entire content of the quote box below.
Start::
S2 rtop; "c:\program files\bytefence\rtop\bin\rtop_svc.exe" [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
S3 cpuz140; C:\Users\customer\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [43840 2019-01-14] (CPUID -> CPUID) <==== ATTENTION
C:\Users\customer\AppData\Local\Temp\cpuz140
Task: {6B8FD043-306E-4889-8452-7E69A8D67ED9} - System32\Tasks\CryptoTabUpdateTaskMachineUA => C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY Oš -> CRYPTOCOMPANY OU) [File not signed] <==== ATTENTION
System32\Tasks\CryptoTabUpdateTaskMachineUA
Task: {7FA3F3BE-F4E7-43AA-958B-0F05881DB6C7} - System32\Tasks\CryptoTabUpdateTaskMachineCore => C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY Oš -> CRYPTOCOMPANY OU) [File not signed] <==== ATTENTION
System32\Tasks\CryptoTabUpdateTaskMachineCore
FirewallRules: [{C1DE9A46-85AF-4FAC-B9E8-DB823D89ED0A}] => (Allow) F:\Drivers\DriverPack\bin\tools\aria2c.exe No File
FirewallRules: [{09ABD1D2-4488-47FA-A036-A945089205D6}] => (Allow) C:\Users\customer\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{F16CC6E3-02BB-41A8-9109-5071DA1AC32D}] => (Allow) C:\Users\customer\AppData\Roaming\uTorrent\uTorrent.exe No File
2019-02-25 15:16 - 2019-02-25 15:16 - 000000000 ____D C:\Users\customer\AppData\Local\CryptoTab Browser
2019-02-25 15:13 - 2019-02-25 15:13 - 000000000 ____D C:\Users\customer\AppData\Local\CryptoCompany
2019-02-01 20:50 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF5F93.EXE
2019-02-01 20:50 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF6AEA.EXE
2019-02-21 19:25 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF7861.EXE
2019-02-21 19:25 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF802F.EXE
2019-02-22 21:27 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLFF36A.EXE
2019-02-22 21:27 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLFF4D2.EXE
2019-02-21 19:24 - 2019-02-21 19:24 - 002461328 _____ ( ) C:\Users\customer\AppData\Local\Temp\microsoft_word_ms_office_2007_setup7216_3544064554.exe
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702124654264.dll
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702133035776.dll
2019-01-14 12:14 - 2019-01-14 12:15 - 015095472 _____ (Reimage) C:\Users\customer\AppData\Local\Temp\ReimagePackage.exe
2019-01-14 01:23 - 2019-02-25 19:22 - 000000014 _____ () C:\Users\customer\AppData\Local\Temp\update.exe
2019-02-01 20:50 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF5F93.EXE
2019-02-01 20:50 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF6AEA.EXE
2019-02-21 19:25 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF7861.EXE
2019-02-21 19:25 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF802F.EXE
2019-02-22 21:27 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLFF36A.EXE
2019-02-22 21:27 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLFF4D2.EXE
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702124654264.dll
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702133035776.dll
2019-01-14 12:14 - 2019-01-14 12:15 - 015095472 _____ (Reimage) C:\Users\customer\AppData\Local\Temp\ReimagePackage.exe
2019-01-14 01:23 - 2019-02-25 19:22 - 000000014 _____ () C:\Users\customer\AppData\Local\Temp\update.exe
2019-02-25 15:14 - 2019-02-25 15:32 - 000000000 ____D C:\Program Files (x86)\GUM208C.tmp
EMPTYTEMP:
Reboot:
End::
- Right click on the highlighted text and select Copy.
- Start FRST (FRST64) with Administrator privileges
- Press the Fix button. FRST will process the lines copied above from the clipboard.
- When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
- Download AdwCleaner and move it to your Desktop
- Right-click on AdwCleaner.exe and select <script pagespeed_no_defer="" type="text/javascript">//=d.offsetWidth&&0>=d.offsetHeight)a=!1;else{c=d.getBoundingClientRect();var f=document.body;a=c.top+("pageYOffset"in window? window.pageYOffset:(document.documentElement||f.parentNode||f).scrollTop);c=c.left+("pageXOffset"in window?window.pageXOffset:(document.documentElement||f.parentNode||f).scrollLeft);f=a.toString()+","+c;b.b.hasOwnProperty(f)?a=!1:(b.b[f]=!0,a=a<=b.e.height&&c<=b.e.width)}a&&(b.a.push(e),b.d[e]=!0)};p.prototype.checkImageForCriticality=function(b){b.getBoundingClientRect&&q(this,b)};h("pagespeed.CriticalImages.checkImageForCriticality",function(b){n.checkImageForCriticality(b)}); h("pagespeed.CriticalImages.checkCriticalImages",function(){r(n)}); var r=function(b){b.b={};for(var d=["IMG","INPUT"],a=[],c=0;c=a.length+e.length&&(a+=e)}b.g&&(e="&rd="+encodeURIComponent(JSON.stringify(s())),131072>=a.length+e.length&&(a+=e),d=!0);t=a;if(d){c=b.f;b=b.h;var f; if(window.XMLHttpRequest)f=new XMLHttpRequest;else if(window.ActiveXObject)try{f=new ActiveXObject("Msxml2.XMLHTTP")}catch(k){try{f=new ActiveXObject("Microsoft.XMLHTTP")}catch(u){}}f&&(f.open("POST",c+(-1==c.indexOf("?")?"?":"&")+"url="+encodeURIComponent(b)),f.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),f.send(a))}}},s=function(){var b={},d=document.getElementsByTagName("IMG");if(0==d.length)return{};var a=d[0];if(!("naturalWidth"in a&&"naturalHeight"in a))return{};for(var c= 0;a=d[c];++c){var e=a.getAttribute("pagespeed_url_hash");e&&(!(e in b)&&0=b[e].k&&a.height>=b[e].j)&&(b[e]={rw:a.width,rh:a.height,ow:a.naturalWidth,oh:a.naturalHeight})}return b},t="";h("pagespeed.CriticalImages.getBeaconData",function(){return t});h("pagespeed.CriticalImages.Run",function(b,d,a,c,e,f){var k=new p(b,d,a,e,f);n=k;c&&m(function(){window.setTimeout(function(){r(k)},0)})});})(); pagespeed.CriticalImages.Run('/mod_pagespeed_beacon','http://www.geekstogo.com/forum/index.php?s=2429e1a6fb274a2c2a8295ce2ae671f6&app=forums&module=ajax§ion=topics&do=quote&t=372880&p=2634824&md5check=047601929960c7cbd8de6825ec9af611&isRte=1,mKmPV3o1Px,true,true,fBWWrirZFHI');//]]></script> Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)&&0
- Accept the EULA (I accept), then click on Scan Now
- Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Repair and restart button. This will kill all active processes
- Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
- After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
I already deleted the program CryptoTab Browser and done fixing
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.02.2019 01
Ran by customer (administrator) on CUSTOMER-PC (26-02-2019 21:45:52)
Running from C:\Users\customer\Downloads
Loaded Profiles: customer (Available Profiles: customer)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Program Files (x86)\CryptoTab Browser\Application\browser.exe" -- "%1")
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) [File not signed] C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\CryptoTabCrashHandler.exe
(CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\CryptoTabCrashHandler64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Borislav Surbat -> MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391096 2019-01-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505840 2019-01-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1781760 2017-04-13] (Smadsoft) [File not signed]
HKLM-x32\...\Run: [CryptoTab Browser] => C:\Program Files (x86)\CryptoTab Browser\Application\browser.exe [1867304 2019-02-15] (CRYPTOCOMPANY OÜ -> The Chromium and CryptoTab Browser Authors)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [uTorrent] => "C:\Users\customer\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [C:/Program Files (x86)/Media Freeware/Free Youtube To MP3 Downloader/Free Youtube to Mp3 Downloader.exe] => C:\Program Files (x86)\Media Freeware\Free Youtube To MP3 Downloader\Free Youtube to Mp3 Downloader.exe
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [Opera Browser Assistant] => C:\Users\customer\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2558495 2019-02-21] (Opera Software AS -> Opera Software) [File not signed]
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [735336 2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-12] (Borislav Surbat -> MyCity)
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\MountPoints2: {e9c5f2a4-38ec-11e9-aab7-3859f9d06b3b} - G:\SETUP.EXE
HKLM\Software\Microsoft\Active Setup\Installed Components: [{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}] -> C:\Program Files (x86)\CryptoTab Browser\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-25] (CRYPTOCOMPANY OÜ -> The Chromium and CryptoTab Browser Authors)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-22] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2010-07-29] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
AppInit_DLLs-x32: C:\PROGRA~1\COMMON~1\System\symsrv.dll => C:\Program Files\Common Files\System\symsrv.dll [69337 2019-01-13] (Microsoft Corporation) [File not signed]
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4249759 2014-03-06] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2019-02-01]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B6F33192-A27A-4FB2-902B-0F1C3F9C3773}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1608357908-2036049685-2604263660-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2014-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2014-03-06] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll [2012-11-10] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [2012-10-31] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) [File not signed]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.CryptoTab.com/CryptoTab Update;version=3 -> C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\npCryptoTabUpdate3.dll [2019-02-25] (Google Inc (TEST) -> CRYPTOCOMPANY OU) [File not signed]
FF Plugin-x32: @tools.CryptoTab.com/CryptoTab Update;version=9 -> C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\npCryptoTabUpdate3.dll [2019-02-25] (Google Inc (TEST) -> CRYPTOCOMPANY OU) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-13] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-13] (Google Inc -> Google Inc.)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://feed.quick-converter.com/?q={searchTerms}&publisher=quick-converter&barcodeid=537360000000000
CHR DefaultSearchKeyword: Default -> QuickConverter
CHR DefaultSuggestURL: Default -> hxxps://suggest.quick-converter.com/suggest/get?q={searchTerms}
CHR Profile: C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default [2019-02-26]
CHR Extension: (Docs) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-14]
CHR Extension: (Google Drive) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-13]
CHR Extension: (YouTube) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-14]
CHR Extension: (Google Search) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2019-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-14]
CHR Extension: (QuickConverter) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd [2019-01-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-14]
CHR Extension: (Gmail) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-01-14]
CHR Extension: (Chrome Media Router) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-09]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [246784 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
S2 cryptobrowser; C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe [264175 2019-02-25] (CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) [File not signed]
S3 cryptobrowserm; C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe [264175 2019-02-25] (CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4132456 2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S2 rtop; "c:\program files\bytefence\rtop\bin\rtop_svc.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [21622784 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [665088 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2019-01-14] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwampfl; C:\Windows\System32\DRIVERS\btwampfl.sys [344616 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [102952 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwavdt; C:\Windows\System32\DRIVERS\btwavdt.sys [135720 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [39464 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [21544 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
S3 cpuz140; C:\Users\customer\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [43840 2019-01-14] (CPUID -> CPUID) <==== ATTENTION
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [42256 2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [59360 2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-01-13] (Martin Malik - REALiX -> REALiX)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-06] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C63x64.sys [125048 2016-01-29] (Rivet Networks LLC -> Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [181304 2016-03-29] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 rimspci; C:\Windows\System32\DRIVERS\rimspe64.sys [73728 2019-01-13] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R2 risdxc; C:\Windows\System32\DRIVERS\risdxc64.sys [104960 2019-01-14] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R3 SFEP; C:\Windows\System32\DRIVERS\SFEP.sys [14336 2012-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Sony Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-26 21:27 - 2019-02-26 21:29 - 000023428 _____ C:\Users\customer\Downloads\Addition.txt
2019-02-26 21:26 - 2019-02-26 21:46 - 000018466 _____ C:\Users\customer\Downloads\FRST.txt
2019-02-26 21:26 - 2019-02-26 21:45 - 000000000 ____D C:\FRST
2019-02-26 21:25 - 2019-02-26 21:26 - 002433536 _____ (Farbar) C:\Users\customer\Downloads\FRST64.exe
2019-02-26 21:17 - 2019-02-26 21:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2019-02-26 21:16 - 2019-02-26 21:17 - 000000000 ____D C:\ProgramData\MCShield
2019-02-26 21:16 - 2019-02-26 21:17 - 000000000 ____D C:\Program Files (x86)\MCShield
2019-02-26 21:15 - 2019-02-26 21:16 - 002856736 ____N (MyCity) C:\Users\customer\Downloads\MCShield-Setup.exe
2019-02-26 21:15 - 2019-02-26 21:16 - 001792512 _____ (Farbar) C:\Users\customer\Downloads\FRST.exe
2019-02-26 21:08 - 2019-02-26 21:09 - 010370944 _____ (AVAST Software) C:\Users\customer\Downloads\avastclear.exe
2019-02-26 20:52 - 2019-02-26 20:52 - 000003010 _____ C:\Windows\System32\Tasks\{880037BC-72EB-4866-9EFE-EDA9BB89270A}
2019-02-26 09:06 - 2019-02-25 19:41 - 007698240 _____ (AVAST Software) C:\Users\customer\Desktop\avast_free_antivirus_setup_online_a3b.exe
2019-02-25 22:22 - 2019-02-25 22:22 - 000000000 ____D C:\ProgramData\Avira
2019-02-25 22:22 - 2019-02-25 22:22 - 000000000 ____D C:\Program Files (x86)\Avira
2019-02-25 21:59 - 2019-02-25 21:59 - 000000000 ____D C:\Program Files (x86)\PCProtect
2019-02-25 21:56 - 2019-02-25 21:56 - 000000000 ____D C:\Program Files (x86)\TotalAV
2019-02-25 19:41 - 2019-02-25 19:41 - 007698240 _____ (AVAST Software) C:\Users\customer\Downloads\avast_free_antivirus_setup_online_a3b.exe
2019-02-25 19:39 - 2019-02-25 19:39 - 007698240 _____ (AVAST Software) C:\Users\customer\Downloads\avast_free_antivirus_setup_online (1).exe
2019-02-25 19:39 - 2019-02-25 19:39 - 000000000 ____D C:\ProgramData\AVAST Software
2019-02-25 19:22 - 2019-02-26 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2019-02-25 19:22 - 2019-02-26 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2019-02-25 19:21 - 2019-02-25 19:21 - 000000000 ____D C:\Windows\PCHEALTH
2019-02-25 19:21 - 2019-02-25 19:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2019-02-25 19:21 - 2019-02-25 19:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2019-02-25 19:21 - 2019-02-25 19:21 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2019-02-25 19:20 - 2019-02-25 19:20 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-02-25 19:20 - 2019-02-25 19:20 - 000000000 ____D C:\Program Files\Microsoft Office
2019-02-25 19:20 - 2019-02-25 19:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2019-02-25 19:19 - 2019-02-25 19:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-02-25 19:19 - 2019-02-25 19:19 - 000000000 __RHD C:\MSOCache
2019-02-25 19:19 - 2019-02-25 19:19 - 000000000 ____D C:\Users\customer\AppData\Local\Microsoft Help
2019-02-25 19:19 - 2019-02-25 19:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2019-02-25 19:15 - 2019-02-25 19:16 - 000000000 ____D C:\Users\customer\AppData\Local\Disc_Soft_Ltd
2019-02-25 19:15 - 2019-02-25 19:15 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2019-02-25 19:15 - 2019-02-25 19:15 - 000000000 ____D C:\Users\Public\Documents\Catch!
2019-02-25 19:15 - 2019-02-25 19:15 - 000000000 ____D C:\Users\customer\AppData\Roaming\DAEMON Tools Lite
2019-02-25 19:14 - 2019-02-25 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\DAEMON Tools Lite
2019-02-25 19:14 - 2019-02-25 19:14 - 000059360 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2019-02-25 19:14 - 2019-02-25 19:14 - 000042256 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2019-02-25 19:14 - 2019-02-25 19:14 - 000001703 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2019-02-25 19:13 - 2019-02-25 19:15 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2019-02-25 18:18 - 2015-02-03 11:34 - 000094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2019-02-25 18:18 - 2015-02-03 11:31 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2019-02-25 18:18 - 2015-02-03 11:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-02-25 18:18 - 2015-02-03 11:29 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2019-02-25 18:18 - 2015-02-03 11:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-02-25 18:18 - 2015-02-03 11:28 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2019-02-25 18:18 - 2015-02-03 11:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-02-25 18:18 - 2015-02-03 11:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-02-25 18:18 - 2015-02-03 11:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-02-25 18:18 - 2015-02-03 11:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-02-25 18:18 - 2015-02-03 11:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-02-25 18:18 - 2015-02-03 10:32 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-02-25 18:18 - 2014-11-01 06:24 - 000619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-02-25 18:18 - 2014-06-28 08:21 - 000532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-02-25 18:17 - 2015-02-03 11:34 - 005554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-02-25 18:17 - 2015-02-03 11:34 - 000693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-02-25 18:17 - 2015-02-03 11:34 - 000155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-02-25 18:17 - 2015-02-03 11:34 - 000095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-02-25 18:17 - 2015-02-03 11:33 - 000616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-02-25 18:17 - 2015-02-03 11:31 - 014632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2019-02-25 18:17 - 2015-02-03 11:31 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 012625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2019-02-25 18:17 - 2015-02-03 11:30 - 001480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 001069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-02-25 18:17 - 2015-02-03 11:30 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2019-02-25 18:17 - 2015-02-03 11:30 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2019-02-25 18:17 - 2015-02-03 11:30 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-02-25 18:17 - 2015-02-03 11:28 - 000686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-02-25 18:17 - 2015-02-03 11:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2019-02-25 18:17 - 2015-02-03 11:19 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2019-02-25 18:17 - 2015-02-03 11:16 - 003973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-02-25 18:17 - 2015-02-03 11:16 - 003917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-02-25 18:17 - 2015-02-03 11:12 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 003209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 001174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2019-02-25 18:17 - 2015-02-03 11:12 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2019-02-25 18:17 - 2015-02-03 11:11 - 012625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2019-02-25 18:17 - 2015-02-03 11:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2019-02-25 18:17 - 2015-02-03 11:11 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2019-02-25 18:17 - 2015-02-03 11:09 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2019-02-25 18:17 - 2015-02-03 11:08 - 000686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-02-25 18:17 - 2015-01-31 07:56 - 000459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2019-02-25 18:17 - 2014-06-28 08:21 - 000457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-02-25 18:15 - 2019-02-25 18:16 - 045918843 _____ C:\Users\customer\Downloads\Windows6.1-KB3033929-x64.msu
2019-02-25 18:13 - 2019-02-25 18:13 - 000212032 _____ (AVAST Software) C:\Users\customer\Downloads\avast_free_antivirus_setup_online.exe
2019-02-25 18:11 - 2019-02-25 18:11 - 000791712 ____N (Disc Soft Ltd.) C:\Users\customer\Downloads\DTLiteInstaller.exe
2019-02-25 18:06 - 2019-02-26 20:56 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2019-02-25 18:05 - 2019-02-25 18:06 - 013146016 ____N (Disc Soft Ltd) C:\Users\customer\Downloads\daemon-tools-5-0-1-multi-win.exe
2019-02-25 15:25 - 2019-02-25 15:25 - 000000000 ____D C:\Users\customer\AppData\Roaming\CryptoTab Browser
2019-02-25 15:16 - 2019-02-25 15:16 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CryptoTab Browser.lnk
2019-02-25 15:16 - 2019-02-25 15:16 - 000002258 _____ C:\Users\Public\Desktop\CryptoTab Browser.lnk
2019-02-25 15:16 - 2019-02-25 15:16 - 000000000 ____D C:\Users\customer\AppData\Local\CryptoTab Browser
2019-02-25 15:15 - 2019-02-25 15:16 - 000000000 ____D C:\Program Files (x86)\CryptoTab Browser
2019-02-25 15:14 - 2019-02-25 15:32 - 000000000 ____D C:\Program Files (x86)\GUM208C.tmp
2019-02-25 15:14 - 2019-02-25 15:14 - 000003412 _____ C:\Windows\System32\Tasks\CryptoTabUpdateTaskMachineUA
2019-02-25 15:14 - 2019-02-25 15:14 - 000003284 _____ C:\Windows\System32\Tasks\CryptoTabUpdateTaskMachineCore
2019-02-25 15:14 - 2019-02-25 15:14 - 000000000 ____D C:\Program Files (x86)\CryptoCompany
2019-02-25 15:13 - 2019-02-25 15:13 - 001322479 _____ (CRYPTOCOMPANY OU) C:\Users\customer\Downloads\CryptoTabSetup_Jm6x1uU.exe
2019-02-25 15:13 - 2019-02-25 15:13 - 001244200 ___SH (CRYPTOCOMPANY OU) C:\Users\customer\Downloads\CryptoTabSetup_Jm6x1uU.exe.dat
2019-02-25 15:13 - 2019-02-25 15:13 - 000000000 ____D C:\Users\customer\AppData\Local\CryptoCompany
2019-02-25 14:36 - 2019-02-25 14:39 - 100158880 _____ (Shift) C:\Users\customer\Downloads\shift-windows.exe
2019-02-24 16:31 - 2015-04-16 19:34 - 4048869376 _____ C:\Users\customer\Desktop\Microsoft Office 2010 SP2 de_en_ru_ua 14.0.7140.5002.iso
2019-02-22 21:28 - 2019-02-22 21:28 - 000000000 ____D C:\Windows\SysWOW64\SDA
2019-02-22 21:27 - 2019-02-22 21:27 - 001024273 _____ C:\Users\customer\Downloads\RIDFMC-00244061-0042.zip
2019-02-22 19:32 - 2019-02-24 10:33 - 000000038 _____ C:\Users\customer\AppData\Roaming\WB.CFG
2019-02-21 21:41 - 2019-02-21 21:41 - 000000000 ____D C:\Users\customer\AppData\LocalLow\Temp
2019-02-21 21:16 - 2019-02-21 21:16 - 407010384 _____ (Microsoft Corporation) C:\Users\customer\Downloads\Microsoft-Office-Professional-2007.exe
2019-02-21 21:05 - 2019-02-21 21:05 - 009991328 _____ (Microsoft Corporation) C:\Users\customer\Downloads\microsoft_word.exe
2019-02-21 21:03 - 2019-02-21 21:03 - 002485696 _____ (Makopanid ) C:\Users\customer\Downloads\microsoft_word_0881632119.exe
2019-02-21 20:42 - 2019-02-21 20:42 - 002461328 _____ ( ) C:\Users\customer\Downloads\microsoft_office_2007_setup314_2459860692.exe
2019-02-21 19:18 - 2019-02-21 19:18 - 000000000 ____D C:\Users\customer\AppData\Local\latecof
2019-02-21 19:18 - 2019-02-21 19:18 - 000000000 ____D C:\Users\customer\AppData\Local\{869FB0C3-A237-DC7B-CFAF-F993EBC7050B}
2019-02-21 19:15 - 2019-02-21 19:15 - 000000000 ____D C:\ProgramData\ByteFence
2019-02-21 19:02 - 2019-02-21 19:21 - 000000000 ____D C:\Users\customer\Documents\New folder
2019-02-21 19:00 - 2019-02-21 19:00 - 002461328 _____ ( ) C:\Users\customer\Downloads\microsoft_word_ms_office_2007_setup7216_3544064554.exe
2019-02-16 18:20 - 2019-02-25 22:08 - 000000000 ____D C:\Users\customer\Downloads\opera autoupdate
2019-02-16 09:13 - 2019-02-16 09:13 - 000004340 _____ C:\Windows\System32\Tasks\Opera scheduled assistant Autoupdate 1550279585
2019-02-01 20:55 - 2019-02-01 20:55 - 000000000 ____D C:\Users\customer\Documents\Bluetooth Exchange Folder
2019-02-01 20:55 - 2019-02-01 20:55 - 000000000 ____D C:\Users\customer\AppData\Local\Broadcom
2019-02-01 20:51 - 2011-07-12 13:20 - 000135720 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2019-02-01 20:51 - 2011-07-12 13:20 - 000102952 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2019-02-01 20:51 - 2011-07-12 13:20 - 000021544 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2019-02-01 20:51 - 2011-07-12 13:19 - 000039464 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2019-02-01 20:50 - 2019-02-22 21:27 - 000000021 _____ C:\Windows\Model.txt
2019-02-01 20:50 - 2019-02-01 20:50 - 000000000 ____D C:\Program Files\WIDCOMM
2019-02-01 20:48 - 2019-02-01 20:50 - 037151592 _____ C:\Users\customer\Downloads\BRDBLT-00254589-0042.exe
2019-01-30 09:21 - 2019-02-26 20:56 - 000000000 ____D C:\Users\customer\AppData\Roaming\vlc
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-26 21:38 - 2009-07-14 11:20 - 000000000 ____D C:\Program Files\Common Files\System
2019-02-26 21:37 - 2019-01-14 12:14 - 000000140 _____ C:\Windows\Reimage.ini
2019-02-26 21:17 - 2019-01-14 01:38 - 000002836 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (customer)
2019-02-26 21:02 - 2009-07-14 13:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-26 21:02 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2019-02-26 20:57 - 2019-01-13 19:27 - 000000000 ____D C:\Users\customer
2019-02-26 20:57 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-26 20:56 - 2019-01-13 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus
2019-02-26 20:56 - 2019-01-13 20:26 - 000000000 ____D C:\Program Files (x86)\SMADAV
2019-02-26 20:56 - 2010-11-21 15:16 - 000000000 ____D C:\Windows\ShellNew
2019-02-26 20:56 - 2009-07-14 13:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-02-26 20:56 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\system32\NDF
2019-02-26 20:56 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\registration
2019-02-26 20:56 - 2009-07-14 11:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2019-02-26 20:55 - 2019-01-14 01:10 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-25 19:50 - 2009-07-14 10:34 - 000000478 _____ C:\Windows\win.ini
2019-02-25 19:34 - 2009-07-14 12:45 - 000414656 _____ C:\Windows\system32\FNTCACHE.DAT
2019-02-25 19:08 - 2009-07-14 12:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-25 19:08 - 2009-07-14 12:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-25 19:02 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-02-25 19:02 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\system32\Dism
2019-02-24 09:48 - 2019-01-14 01:12 - 000004100 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1547399530
2019-02-22 18:46 - 2019-01-13 20:10 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-22 18:46 - 2019-01-13 20:10 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-20 11:13 - 2019-01-14 01:38 - 000000000 ____D C:\Program Files (x86)\Driver Booster 6
2019-02-01 21:10 - 2019-01-13 19:28 - 000000000 ____D C:\Users\customer\AppData\Local\VirtualStore
==================== Files in the root of some directories =======
2019-02-22 19:32 - 2019-02-24 10:33 - 000000038 _____ () C:\Users\customer\AppData\Roaming\WB.CFG
Some files in TEMP:
====================
2019-02-01 20:50 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF5F93.EXE
2019-02-01 20:50 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF6AEA.EXE
2019-02-21 19:25 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF7861.EXE
2019-02-21 19:25 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF802F.EXE
2019-02-22 21:27 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLFF36A.EXE
2019-02-22 21:27 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLFF4D2.EXE
2019-02-21 19:24 - 2019-02-21 19:24 - 002461328 _____ ( ) C:\Users\customer\AppData\Local\Temp\microsoft_word_ms_office_2007_setup7216_3544064554.exe
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702124654264.dll
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702133035776.dll
2019-01-14 12:14 - 2019-01-14 12:15 - 015095472 _____ (Reimage) C:\Users\customer\AppData\Local\Temp\ReimagePackage.exe
2019-01-14 01:23 - 2019-02-25 19:22 - 000000014 _____ () C:\Users\customer\AppData\Local\Temp\update.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 11:24] - [2019-01-13 19:27] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79
C:\Windows\SysWOW64\User32.dll
[2010-11-21 11:24] - [2019-01-13 19:27] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2019-02-14 20:21
==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.02.2019 01
Ran by customer (administrator) on CUSTOMER-PC (26-02-2019 21:45:52)
Running from C:\Users\customer\Downloads
Loaded Profiles: customer (Available Profiles: customer)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Program Files (x86)\CryptoTab Browser\Application\browser.exe" -- "%1")
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) [File not signed] C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\CryptoTabCrashHandler.exe
(CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\CryptoTabCrashHandler64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Borislav Surbat -> MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391096 2019-01-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505840 2019-01-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1781760 2017-04-13] (Smadsoft) [File not signed]
HKLM-x32\...\Run: [CryptoTab Browser] => C:\Program Files (x86)\CryptoTab Browser\Application\browser.exe [1867304 2019-02-15] (CRYPTOCOMPANY OÜ -> The Chromium and CryptoTab Browser Authors)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [uTorrent] => "C:\Users\customer\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [C:/Program Files (x86)/Media Freeware/Free Youtube To MP3 Downloader/Free Youtube to Mp3 Downloader.exe] => C:\Program Files (x86)\Media Freeware\Free Youtube To MP3 Downloader\Free Youtube to Mp3 Downloader.exe
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [Opera Browser Assistant] => C:\Users\customer\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2558495 2019-02-21] (Opera Software AS -> Opera Software) [File not signed]
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [735336 2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-12] (Borislav Surbat -> MyCity)
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\...\MountPoints2: {e9c5f2a4-38ec-11e9-aab7-3859f9d06b3b} - G:\SETUP.EXE
HKLM\Software\Microsoft\Active Setup\Installed Components: [{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}] -> C:\Program Files (x86)\CryptoTab Browser\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-25] (CRYPTOCOMPANY OÜ -> The Chromium and CryptoTab Browser Authors)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-22] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2010-07-29] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
AppInit_DLLs-x32: C:\PROGRA~1\COMMON~1\System\symsrv.dll => C:\Program Files\Common Files\System\symsrv.dll [69337 2019-01-13] (Microsoft Corporation) [File not signed]
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4249759 2014-03-06] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2019-02-01]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B6F33192-A27A-4FB2-902B-0F1C3F9C3773}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1608357908-2036049685-2604263660-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1608357908-2036049685-2604263660-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2014-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2014-03-06] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll [2012-11-10] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [2012-10-31] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) [File not signed]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.CryptoTab.com/CryptoTab Update;version=3 -> C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\npCryptoTabUpdate3.dll [2019-02-25] (Google Inc (TEST) -> CRYPTOCOMPANY OU) [File not signed]
FF Plugin-x32: @tools.CryptoTab.com/CryptoTab Update;version=9 -> C:\Program Files (x86)\CryptoCompany\Update\1.3.99.17\npCryptoTabUpdate3.dll [2019-02-25] (Google Inc (TEST) -> CRYPTOCOMPANY OU) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-13] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-13] (Google Inc -> Google Inc.)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://feed.quick-converter.com/?q={searchTerms}&publisher=quick-converter&barcodeid=537360000000000
CHR DefaultSearchKeyword: Default -> QuickConverter
CHR DefaultSuggestURL: Default -> hxxps://suggest.quick-converter.com/suggest/get?q={searchTerms}
CHR Profile: C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default [2019-02-26]
CHR Extension: (Docs) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-14]
CHR Extension: (Google Drive) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-13]
CHR Extension: (YouTube) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-14]
CHR Extension: (Google Search) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2019-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-14]
CHR Extension: (QuickConverter) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd [2019-01-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-14]
CHR Extension: (Gmail) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-01-14]
CHR Extension: (Chrome Media Router) - C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-09]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [246784 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
S2 cryptobrowser; C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe [264175 2019-02-25] (CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) [File not signed]
S3 cryptobrowserm; C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe [264175 2019-02-25] (CRYPTOCOMPANY OÜ -> CRYPTOCOMPANY OU) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4132456 2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S2 rtop; "c:\program files\bytefence\rtop\bin\rtop_svc.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [21622784 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [665088 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2019-01-14] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwampfl; C:\Windows\System32\DRIVERS\btwampfl.sys [344616 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [102952 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwavdt; C:\Windows\System32\DRIVERS\btwavdt.sys [135720 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [39464 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [21544 2011-07-12] (Broadcom Corporation -> Broadcom Corporation.)
S3 cpuz140; C:\Users\customer\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [43840 2019-01-14] (CPUID -> CPUID) <==== ATTENTION
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [42256 2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [59360 2019-02-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-01-13] (Martin Malik - REALiX -> REALiX)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-06] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C63x64.sys [125048 2016-01-29] (Rivet Networks LLC -> Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [181304 2016-03-29] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 rimspci; C:\Windows\System32\DRIVERS\rimspe64.sys [73728 2019-01-13] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R2 risdxc; C:\Windows\System32\DRIVERS\risdxc64.sys [104960 2019-01-14] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R3 SFEP; C:\Windows\System32\DRIVERS\SFEP.sys [14336 2012-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Sony Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-26 21:27 - 2019-02-26 21:29 - 000023428 _____ C:\Users\customer\Downloads\Addition.txt
2019-02-26 21:26 - 2019-02-26 21:46 - 000018466 _____ C:\Users\customer\Downloads\FRST.txt
2019-02-26 21:26 - 2019-02-26 21:45 - 000000000 ____D C:\FRST
2019-02-26 21:25 - 2019-02-26 21:26 - 002433536 _____ (Farbar) C:\Users\customer\Downloads\FRST64.exe
2019-02-26 21:17 - 2019-02-26 21:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2019-02-26 21:16 - 2019-02-26 21:17 - 000000000 ____D C:\ProgramData\MCShield
2019-02-26 21:16 - 2019-02-26 21:17 - 000000000 ____D C:\Program Files (x86)\MCShield
2019-02-26 21:15 - 2019-02-26 21:16 - 002856736 ____N (MyCity) C:\Users\customer\Downloads\MCShield-Setup.exe
2019-02-26 21:15 - 2019-02-26 21:16 - 001792512 _____ (Farbar) C:\Users\customer\Downloads\FRST.exe
2019-02-26 21:08 - 2019-02-26 21:09 - 010370944 _____ (AVAST Software) C:\Users\customer\Downloads\avastclear.exe
2019-02-26 20:52 - 2019-02-26 20:52 - 000003010 _____ C:\Windows\System32\Tasks\{880037BC-72EB-4866-9EFE-EDA9BB89270A}
2019-02-26 09:06 - 2019-02-25 19:41 - 007698240 _____ (AVAST Software) C:\Users\customer\Desktop\avast_free_antivirus_setup_online_a3b.exe
2019-02-25 22:22 - 2019-02-25 22:22 - 000000000 ____D C:\ProgramData\Avira
2019-02-25 22:22 - 2019-02-25 22:22 - 000000000 ____D C:\Program Files (x86)\Avira
2019-02-25 21:59 - 2019-02-25 21:59 - 000000000 ____D C:\Program Files (x86)\PCProtect
2019-02-25 21:56 - 2019-02-25 21:56 - 000000000 ____D C:\Program Files (x86)\TotalAV
2019-02-25 19:41 - 2019-02-25 19:41 - 007698240 _____ (AVAST Software) C:\Users\customer\Downloads\avast_free_antivirus_setup_online_a3b.exe
2019-02-25 19:39 - 2019-02-25 19:39 - 007698240 _____ (AVAST Software) C:\Users\customer\Downloads\avast_free_antivirus_setup_online (1).exe
2019-02-25 19:39 - 2019-02-25 19:39 - 000000000 ____D C:\ProgramData\AVAST Software
2019-02-25 19:22 - 2019-02-26 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2019-02-25 19:22 - 2019-02-26 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2019-02-25 19:21 - 2019-02-25 19:21 - 000000000 ____D C:\Windows\PCHEALTH
2019-02-25 19:21 - 2019-02-25 19:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2019-02-25 19:21 - 2019-02-25 19:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2019-02-25 19:21 - 2019-02-25 19:21 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2019-02-25 19:20 - 2019-02-25 19:20 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-02-25 19:20 - 2019-02-25 19:20 - 000000000 ____D C:\Program Files\Microsoft Office
2019-02-25 19:20 - 2019-02-25 19:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2019-02-25 19:19 - 2019-02-25 19:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-02-25 19:19 - 2019-02-25 19:19 - 000000000 __RHD C:\MSOCache
2019-02-25 19:19 - 2019-02-25 19:19 - 000000000 ____D C:\Users\customer\AppData\Local\Microsoft Help
2019-02-25 19:19 - 2019-02-25 19:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2019-02-25 19:15 - 2019-02-25 19:16 - 000000000 ____D C:\Users\customer\AppData\Local\Disc_Soft_Ltd
2019-02-25 19:15 - 2019-02-25 19:15 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2019-02-25 19:15 - 2019-02-25 19:15 - 000000000 ____D C:\Users\Public\Documents\Catch!
2019-02-25 19:15 - 2019-02-25 19:15 - 000000000 ____D C:\Users\customer\AppData\Roaming\DAEMON Tools Lite
2019-02-25 19:14 - 2019-02-25 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\DAEMON Tools Lite
2019-02-25 19:14 - 2019-02-25 19:14 - 000059360 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2019-02-25 19:14 - 2019-02-25 19:14 - 000042256 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2019-02-25 19:14 - 2019-02-25 19:14 - 000001703 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2019-02-25 19:13 - 2019-02-25 19:15 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2019-02-25 18:18 - 2015-02-03 11:34 - 000094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2019-02-25 18:18 - 2015-02-03 11:31 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-02-25 18:18 - 2015-02-03 11:31 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2019-02-25 18:18 - 2015-02-03 11:30 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2019-02-25 18:18 - 2015-02-03 11:30 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2019-02-25 18:18 - 2015-02-03 11:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-02-25 18:18 - 2015-02-03 11:29 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2019-02-25 18:18 - 2015-02-03 11:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-02-25 18:18 - 2015-02-03 11:28 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-02-25 18:18 - 2015-02-03 11:12 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2019-02-25 18:18 - 2015-02-03 11:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-02-25 18:18 - 2015-02-03 11:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-02-25 18:18 - 2015-02-03 11:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-02-25 18:18 - 2015-02-03 11:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-02-25 18:18 - 2015-02-03 11:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-02-25 18:18 - 2015-02-03 10:32 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-02-25 18:18 - 2014-11-01 06:24 - 000619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-02-25 18:18 - 2014-06-28 08:21 - 000532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-02-25 18:17 - 2015-02-03 11:34 - 005554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-02-25 18:17 - 2015-02-03 11:34 - 000693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-02-25 18:17 - 2015-02-03 11:34 - 000155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-02-25 18:17 - 2015-02-03 11:34 - 000095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-02-25 18:17 - 2015-02-03 11:33 - 000616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-02-25 18:17 - 2015-02-03 11:31 - 014632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2019-02-25 18:17 - 2015-02-03 11:31 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2019-02-25 18:17 - 2015-02-03 11:31 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 012625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2019-02-25 18:17 - 2015-02-03 11:30 - 001480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 001069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-02-25 18:17 - 2015-02-03 11:30 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2019-02-25 18:17 - 2015-02-03 11:30 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-02-25 18:17 - 2015-02-03 11:30 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2019-02-25 18:17 - 2015-02-03 11:30 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-02-25 18:17 - 2015-02-03 11:28 - 000686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-02-25 18:17 - 2015-02-03 11:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2019-02-25 18:17 - 2015-02-03 11:19 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2019-02-25 18:17 - 2015-02-03 11:16 - 003973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-02-25 18:17 - 2015-02-03 11:16 - 003917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-02-25 18:17 - 2015-02-03 11:12 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 003209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 001174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-02-25 18:17 - 2015-02-03 11:12 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2019-02-25 18:17 - 2015-02-03 11:12 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2019-02-25 18:17 - 2015-02-03 11:11 - 012625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2019-02-25 18:17 - 2015-02-03 11:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2019-02-25 18:17 - 2015-02-03 11:11 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2019-02-25 18:17 - 2015-02-03 11:09 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2019-02-25 18:17 - 2015-02-03 11:08 - 000686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-02-25 18:17 - 2015-01-31 07:56 - 000459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2019-02-25 18:17 - 2014-06-28 08:21 - 000457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-02-25 18:15 - 2019-02-25 18:16 - 045918843 _____ C:\Users\customer\Downloads\Windows6.1-KB3033929-x64.msu
2019-02-25 18:13 - 2019-02-25 18:13 - 000212032 _____ (AVAST Software) C:\Users\customer\Downloads\avast_free_antivirus_setup_online.exe
2019-02-25 18:11 - 2019-02-25 18:11 - 000791712 ____N (Disc Soft Ltd.) C:\Users\customer\Downloads\DTLiteInstaller.exe
2019-02-25 18:06 - 2019-02-26 20:56 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2019-02-25 18:05 - 2019-02-25 18:06 - 013146016 ____N (Disc Soft Ltd) C:\Users\customer\Downloads\daemon-tools-5-0-1-multi-win.exe
2019-02-25 15:25 - 2019-02-25 15:25 - 000000000 ____D C:\Users\customer\AppData\Roaming\CryptoTab Browser
2019-02-25 15:16 - 2019-02-25 15:16 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CryptoTab Browser.lnk
2019-02-25 15:16 - 2019-02-25 15:16 - 000002258 _____ C:\Users\Public\Desktop\CryptoTab Browser.lnk
2019-02-25 15:16 - 2019-02-25 15:16 - 000000000 ____D C:\Users\customer\AppData\Local\CryptoTab Browser
2019-02-25 15:15 - 2019-02-25 15:16 - 000000000 ____D C:\Program Files (x86)\CryptoTab Browser
2019-02-25 15:14 - 2019-02-25 15:32 - 000000000 ____D C:\Program Files (x86)\GUM208C.tmp
2019-02-25 15:14 - 2019-02-25 15:14 - 000003412 _____ C:\Windows\System32\Tasks\CryptoTabUpdateTaskMachineUA
2019-02-25 15:14 - 2019-02-25 15:14 - 000003284 _____ C:\Windows\System32\Tasks\CryptoTabUpdateTaskMachineCore
2019-02-25 15:14 - 2019-02-25 15:14 - 000000000 ____D C:\Program Files (x86)\CryptoCompany
2019-02-25 15:13 - 2019-02-25 15:13 - 001322479 _____ (CRYPTOCOMPANY OU) C:\Users\customer\Downloads\CryptoTabSetup_Jm6x1uU.exe
2019-02-25 15:13 - 2019-02-25 15:13 - 001244200 ___SH (CRYPTOCOMPANY OU) C:\Users\customer\Downloads\CryptoTabSetup_Jm6x1uU.exe.dat
2019-02-25 15:13 - 2019-02-25 15:13 - 000000000 ____D C:\Users\customer\AppData\Local\CryptoCompany
2019-02-25 14:36 - 2019-02-25 14:39 - 100158880 _____ (Shift) C:\Users\customer\Downloads\shift-windows.exe
2019-02-24 16:31 - 2015-04-16 19:34 - 4048869376 _____ C:\Users\customer\Desktop\Microsoft Office 2010 SP2 de_en_ru_ua 14.0.7140.5002.iso
2019-02-22 21:28 - 2019-02-22 21:28 - 000000000 ____D C:\Windows\SysWOW64\SDA
2019-02-22 21:27 - 2019-02-22 21:27 - 001024273 _____ C:\Users\customer\Downloads\RIDFMC-00244061-0042.zip
2019-02-22 19:32 - 2019-02-24 10:33 - 000000038 _____ C:\Users\customer\AppData\Roaming\WB.CFG
2019-02-21 21:41 - 2019-02-21 21:41 - 000000000 ____D C:\Users\customer\AppData\LocalLow\Temp
2019-02-21 21:16 - 2019-02-21 21:16 - 407010384 _____ (Microsoft Corporation) C:\Users\customer\Downloads\Microsoft-Office-Professional-2007.exe
2019-02-21 21:05 - 2019-02-21 21:05 - 009991328 _____ (Microsoft Corporation) C:\Users\customer\Downloads\microsoft_word.exe
2019-02-21 21:03 - 2019-02-21 21:03 - 002485696 _____ (Makopanid ) C:\Users\customer\Downloads\microsoft_word_0881632119.exe
2019-02-21 20:42 - 2019-02-21 20:42 - 002461328 _____ ( ) C:\Users\customer\Downloads\microsoft_office_2007_setup314_2459860692.exe
2019-02-21 19:18 - 2019-02-21 19:18 - 000000000 ____D C:\Users\customer\AppData\Local\latecof
2019-02-21 19:18 - 2019-02-21 19:18 - 000000000 ____D C:\Users\customer\AppData\Local\{869FB0C3-A237-DC7B-CFAF-F993EBC7050B}
2019-02-21 19:15 - 2019-02-21 19:15 - 000000000 ____D C:\ProgramData\ByteFence
2019-02-21 19:02 - 2019-02-21 19:21 - 000000000 ____D C:\Users\customer\Documents\New folder
2019-02-21 19:00 - 2019-02-21 19:00 - 002461328 _____ ( ) C:\Users\customer\Downloads\microsoft_word_ms_office_2007_setup7216_3544064554.exe
2019-02-16 18:20 - 2019-02-25 22:08 - 000000000 ____D C:\Users\customer\Downloads\opera autoupdate
2019-02-16 09:13 - 2019-02-16 09:13 - 000004340 _____ C:\Windows\System32\Tasks\Opera scheduled assistant Autoupdate 1550279585
2019-02-01 20:55 - 2019-02-01 20:55 - 000000000 ____D C:\Users\customer\Documents\Bluetooth Exchange Folder
2019-02-01 20:55 - 2019-02-01 20:55 - 000000000 ____D C:\Users\customer\AppData\Local\Broadcom
2019-02-01 20:51 - 2011-07-12 13:20 - 000135720 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2019-02-01 20:51 - 2011-07-12 13:20 - 000102952 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2019-02-01 20:51 - 2011-07-12 13:20 - 000021544 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2019-02-01 20:51 - 2011-07-12 13:19 - 000039464 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2019-02-01 20:50 - 2019-02-22 21:27 - 000000021 _____ C:\Windows\Model.txt
2019-02-01 20:50 - 2019-02-01 20:50 - 000000000 ____D C:\Program Files\WIDCOMM
2019-02-01 20:48 - 2019-02-01 20:50 - 037151592 _____ C:\Users\customer\Downloads\BRDBLT-00254589-0042.exe
2019-01-30 09:21 - 2019-02-26 20:56 - 000000000 ____D C:\Users\customer\AppData\Roaming\vlc
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-26 21:38 - 2009-07-14 11:20 - 000000000 ____D C:\Program Files\Common Files\System
2019-02-26 21:37 - 2019-01-14 12:14 - 000000140 _____ C:\Windows\Reimage.ini
2019-02-26 21:17 - 2019-01-14 01:38 - 000002836 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (customer)
2019-02-26 21:02 - 2009-07-14 13:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-26 21:02 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2019-02-26 20:57 - 2019-01-13 19:27 - 000000000 ____D C:\Users\customer
2019-02-26 20:57 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-26 20:56 - 2019-01-13 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus
2019-02-26 20:56 - 2019-01-13 20:26 - 000000000 ____D C:\Program Files (x86)\SMADAV
2019-02-26 20:56 - 2010-11-21 15:16 - 000000000 ____D C:\Windows\ShellNew
2019-02-26 20:56 - 2009-07-14 13:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-02-26 20:56 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\system32\NDF
2019-02-26 20:56 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\registration
2019-02-26 20:56 - 2009-07-14 11:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2019-02-26 20:55 - 2019-01-14 01:10 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-25 19:50 - 2009-07-14 10:34 - 000000478 _____ C:\Windows\win.ini
2019-02-25 19:34 - 2009-07-14 12:45 - 000414656 _____ C:\Windows\system32\FNTCACHE.DAT
2019-02-25 19:08 - 2009-07-14 12:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-25 19:08 - 2009-07-14 12:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-25 19:02 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-02-25 19:02 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\system32\Dism
2019-02-24 09:48 - 2019-01-14 01:12 - 000004100 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1547399530
2019-02-22 18:46 - 2019-01-13 20:10 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-22 18:46 - 2019-01-13 20:10 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-20 11:13 - 2019-01-14 01:38 - 000000000 ____D C:\Program Files (x86)\Driver Booster 6
2019-02-01 21:10 - 2019-01-13 19:28 - 000000000 ____D C:\Users\customer\AppData\Local\VirtualStore
==================== Files in the root of some directories =======
2019-02-22 19:32 - 2019-02-24 10:33 - 000000038 _____ () C:\Users\customer\AppData\Roaming\WB.CFG
Some files in TEMP:
====================
2019-02-01 20:50 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF5F93.EXE
2019-02-01 20:50 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF6AEA.EXE
2019-02-21 19:25 - 2010-06-20 22:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLF7861.EXE
2019-02-21 19:25 - 2003-05-02 15:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLF802F.EXE
2019-02-22 21:27 - 2010-06-20 23:42 - 000046456 _____ (Sony Electronics, Inc) C:\Users\customer\AppData\Local\Temp\GLFF36A.EXE
2019-02-22 21:27 - 2003-05-02 16:13 - 000151552 _____ () C:\Users\customer\AppData\Local\Temp\GLFF4D2.EXE
2019-02-21 19:24 - 2019-02-21 19:24 - 002461328 _____ ( ) C:\Users\customer\AppData\Local\Temp\microsoft_word_ms_office_2007_setup7216_3544064554.exe
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702124654264.dll
2019-01-14 01:02 - 2019-01-14 01:02 - 002658759 _____ (Opera Software) C:\Users\customer\AppData\Local\Temp\Opera_installer_1901131702133035776.dll
2019-01-14 12:14 - 2019-01-14 12:15 - 015095472 _____ (Reimage) C:\Users\customer\AppData\Local\Temp\ReimagePackage.exe
2019-01-14 01:23 - 2019-02-25 19:22 - 000000014 _____ () C:\Users\customer\AppData\Local\Temp\update.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 11:24] - [2019-01-13 19:27] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79
C:\Windows\SysWOW64\User32.dll
[2010-11-21 11:24] - [2019-01-13 19:27] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2019-02-14 20:21
==================== End of FRST.txt ============================