frst.txt :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-11-2019
Ran by OLPR27 (administrator) on WINDOWS7 (BIOSTAR Group A58ML2) (08-11-2019 15:04:01)
Running from C:\Users\OLPR27\Desktop
Loaded Profiles: OLPR27 (Available Profiles: OLPR27)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16472832 2016-03-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\Run: [Shell] => C:\Program Files (x86)\TP-Link\TP-Link TL-WN722N\WPS_TOOL_AUTO.vbs [151 2019-04-29] () [File not signed]
HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\Run: [OscarX7Mouse5Mode] => C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe [3571712 2013-02-01] () [File not signed]
HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\MountPoints2: {d428f116-3894-11e8-86fb-b8975a9e5d3f} - G:\SETUP.EXE
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-08] (Google LLC -> Google LLC)
AlternateShell:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01A38F73-82AF-4C6A-AB57-BA9B610803E7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
Task: {0CFED744-746A-4885-8472-23172EFFA38E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {2EF4801B-2D2E-4387-A46C-03AD544FEDAD} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
Task: {33383465-43E9-4305-AF5C-2C2DC23A3EC1} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic path OfficeSoftwareProtectionProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate
Task: {3CC76836-3628-43D9-B652-E0D1C4678DD6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {3F4EE03C-906F-45C1-9C34-D53972EF1AAA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
Task: {50E3CA35-C787-4A47-A46D-7E7E90DDC468} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {5152D41E-BB71-4B56-9238-3B6A189B680F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-05] (Google Inc -> Google Inc.)
Task: {6B822010-445A-4359-B31C-8D6F565EC788} - System32\Tasks\At1 => c:\windows\system\svchost.exe <==== ATTENTION
Task: {7C69E181-868D-43A7-818E-D7F933A24690} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-05] (Google Inc -> Google Inc.)
Task: {98596DCC-FA62-4D1D-9893-56AADBF4A256} - \NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {B37D9FE0-47A7-47B2-BAA1-63697100C95F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
Task: {BB8B5985-85BE-42A6-B5C2-EEB65491302C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2069952 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C259AEC2-538D-43B7-8B09-584322BB5523} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {D14AFAD3-7890-43EB-9B0F-73FE3C4F7C30} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
Task: {DB4ED0BB-9745-4A86-BCBB-FB0A92C9A149} - System32\Tasks\gxx speed launcher => E:\Online Game\GarenaPlus\Garena\Garena\Garena.exe [450880 2018-11-23] (Garena Online Pte Ltd -> Garena Online )
Task: {DC5D718D-925F-4748-AA97-F9B3B5502236} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-15] (Piriform Software Ltd -> Piriform Software Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\Windows\Tasks\gxx speed launcher.job => E:\Online Game\GarenaPlus\Garena\Garena\Garena.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 17 => No File
Tcpip\Parameters: [DhcpNameServer] 118.98.44.100 118.98.44.10
Tcpip\..\Interfaces\{073087F8-0EC0-44E6-8BD4-0EDA4B93D736}: [DhcpNameServer] 192.168.1.1 202.134.1.10 202.134.0.155
Tcpip\..\Interfaces\{5C916BA2-1A3C-405E-974A-9294936DF883}: [DhcpNameServer] 118.98.44.100 118.98.44.10
Tcpip\..\Interfaces\{9DE6CC6C-B2FC-4D60-83B9-222AAFCA9650}: [DhcpNameServer] 118.98.44.100 118.98.44.10
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_mbkqwuxpvp_19_42_dopc¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0Azy0EyD0FtAyD0D0BtAzytN0D0Tzu0StBzzyEzztN1L2XzuyEtFyDyCtFtDtFyCtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzytByD0FyBtGtDtC0AyCtGtA0A0DyBtGtC0EzyzztGyC0DyCtCtBzzyC0CyCzz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyByByE1QyB1StGyDyE1T1TtGyEtC1P1TtGzyyD1Q1RtG1TyByCtCzz1StDtDyEyCyD1S2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtCyDtDtByBtBtD%26cr%3D935422903%26a%3Dwnd_mbkqwuxpvp_19_42_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-929171097-1776961653-2058299177-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_mbkqwuxpvp_19_42_dopc¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0Azy0EyD0FtAyD0D0BtAzytN0D0Tzu0StBzzyEzztN1L2XzuyEtFyDyCtFtDtFyCtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzytByD0FyBtGtDtC0AyCtGtA0A0DyBtGtC0EzyzztGyC0DyCtCtBzzyC0CyCzz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyByByE1QyB1StGyDyE1T1TtGyEtC1P1TtGzyyD1Q1RtG1TyByCtCzz1StDtDyEyCyD1S2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtCyDtDtByBtBtD%26cr%3D935422903%26a%3Dwnd_mbkqwuxpvp_19_42_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-929171097-1776961653-2058299177-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://u.msn.com/id-id/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_mbkqwuxpvp_19_42_dopc¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0Azy0EyD0FtAyD0D0BtAzytN0D0Tzu0StBzzyEzztN1L2XzuyEtFyDyCtFtDtFyCtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzytByD0FyBtGtDtC0AyCtGtA0A0DyBtGtC0EzyzztGyC0DyCtCtBzzyC0CyCzz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyByByE1QyB1StGyDyE1T1TtGyEtC1P1TtGzyyD1Q1RtG1TyByCtCzz1StDtDyEyCyD1S2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtCyDtDtByBtBtD%26cr%3D935422903%26a%3Dwnd_mbkqwuxpvp_19_42_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_mbkqwuxpvp_19_42_dopc¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0Azy0EyD0FtAyD0D0BtAzytN0D0Tzu0StBzzyEzztN1L2XzuyEtFyDyCtFtDtFyCtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzytByD0FyBtGtDtC0AyCtGtA0A0DyBtGtC0EzyzztGyC0DyCtCtBzzyC0CyCzz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyByByE1QyB1StGyDyE1T1TtGyEtC1P1TtGzyyD1Q1RtG1TyByCtCzz1StDtDyEyCyD1S2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtCyDtDtByBtBtD%26cr%3D935422903%26a%3Dwnd_mbkqwuxpvp_19_42_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-929171097-1776961653-2058299177-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-929171097-1776961653-2058299177-1000 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_mbkqwuxpvp_19_42_dopc¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0Azy0EyD0FtAyD0D0BtAzytN0D0Tzu0StBzzyEzztN1L2XzuyEtFyDyCtFtDtFyCtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzytByD0FyBtGtDtC0AyCtGtA0A0DyBtGtC0EzyzztGyC0DyCtCtBzzyC0CyCzz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyByByE1QyB1StGyDyE1T1TtGyEtC1P1TtGzyyD1Q1RtG1TyByCtCzz1StDtDyEyCyD1S2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtCyDtDtByBtBtD%26cr%3D935422903%26a%3Dwnd_mbkqwuxpvp_19_42_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-04-05] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-04-05] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {735A213C-FAA2-4CCF-A259-09C6BF58CFA5} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: vy8cffm4.default
FF ProfilePath: C:\Users\OLPR27\AppData\Roaming\Mozilla\Firefox\Profiles\vy8cffm4.default [2019-11-08]
FF Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\OLPR27\AppData\Roaming\Mozilla\Firefox\Profiles\vy8cffm4.default\Extensions\browsec@browsec.com.xpi [2019-10-16]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\OLPR27\AppData\Roaming\Mozilla\Firefox\Profiles\vy8cffm4.default\Extensions\sp@avast.com.xpi [2019-11-08]
FF Extension: (Avast Online Security) - C:\Users\OLPR27\AppData\Roaming\Mozilla\Firefox\Profiles\vy8cffm4.default\Extensions\wrc@avast.com.xpi [2019-11-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-09] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-04-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-04-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-09] (Adobe Systems Incorporated -> )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Notifications: Default -> hxxps://www.tokopedia.com
CHR Profile: C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default [2019-11-08]
CHR Extension: (Slides) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-05]
CHR Extension: (Docs) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-05]
CHR Extension: (Google Drive) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-05]
CHR Extension: (YouTube) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-05]
CHR Extension: (Sheets) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-05]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-929171097-1776961653-2058299177-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [249344 2016-02-27] (Advanced Micro Devices, Inc. -> AMD)
S4 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
S2 GarenaPlatform; E:\Online Game\GarenaPlus\Garena\Garena\2.0.1811.2302\gxxsvc.exe [315712 2018-11-23] (Garena Online Pte Ltd -> Garena Online )
S2 PingzapperSvc; C:\Program Files (x86)\Pingzapper\PZService.exe [632320 2016-05-22] () [File not signed]
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1293936 2018-11-15] (Bitdefender SRL -> Bitdefender)
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-04-30] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [655040 2015-07-08] (Wacom Technology Corp. -> Wacom Technology, Corp.)
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 365126A7; C:\Windows\System32\drivers\365126A7.sys [255928 2019-11-08] (Malwarebytes Corporation -> Malwarebytes)
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [23981568 2016-02-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [674816 2016-02-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-04-05] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-04-05] (Disc Soft Ltd -> Disc Soft Ltd)
S3 gaprotect; C:\Windows\System32\drivers\gaprotect.sys [110672 2018-04-05] (Garena Online Pte Ltd -> )
R0 garestore; C:\Windows\System32\DRIVERS\garestore.sys [47272 2014-10-17] (Hoa Binh Informatics .,JSC -> )
R1 ndissb; C:\Windows\System32\DRIVERS\ndissb.sys [44136 2015-06-30] (Mainline Net Holdings Limited -> E.D.L.)
S3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [58816 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [5264464 2016-10-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Nuvoton Technology Corp.)
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-08 15:04 - 2019-11-08 15:04 - 000026535 _____ C:\Users\OLPR27\Desktop\FRST.txt
2019-11-08 15:03 - 2019-11-08 15:03 - 002259968 _____ (Farbar) C:\Users\OLPR27\Downloads\FRST64.exe
2019-11-08 15:03 - 2019-11-08 15:03 - 002259968 _____ (Farbar) C:\Users\OLPR27\Desktop\FRST64.exe
2019-11-08 15:00 - 2019-11-08 15:00 - 000073604 _____ C:\ProgramData\agent.update.1573200046.bdinstall.v2.bin
2019-11-08 14:59 - 2019-11-08 15:00 - 000000000 ____D C:\Program Files\Bitdefender Agent
2019-11-08 14:59 - 2019-11-08 14:59 - 009844256 _____ C:\Users\OLPR27\Downloads\bitdefender_tsecurity.exe
2019-11-08 14:59 - 2019-11-08 14:59 - 000102940 _____ C:\ProgramData\agent.1573199960.bdinstall.v2.bin
2019-11-08 14:59 - 2019-11-08 14:59 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2019-11-08 14:54 - 2019-11-08 14:54 - 000051502 _____ C:\Windows\ntbtlog.txt
2019-11-08 14:07 - 2019-11-08 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-11-08 13:28 - 2019-11-08 13:28 - 000000441 _____ C:\Users\OLPR27\Exe.reg
2019-11-08 13:26 - 2019-11-08 13:26 - 024578944 _____ (Piriform Software Ltd) C:\Users\OLPR27\Downloads\ccsetup563.exe
2019-11-08 13:05 - 2019-11-08 13:05 - 001883976 _____ (Malwarebytes) C:\Users\OLPR27\Downloads\MBSetup.exe
2019-11-08 13:04 - 2019-11-08 13:04 - 009107552 _____ C:\Users\OLPR27\Downloads\mb-support-1.5.3.749.exe
2019-11-08 12:46 - 2019-11-08 12:46 - 043072920 _____ (SUPERAntiSpyware) C:\Users\OLPR27\Downloads\SUPERAntiSpyware.exe
2019-11-08 12:43 - 2019-11-08 15:04 - 000000000 ____D C:\FRST
2019-11-08 12:31 - 2019-11-08 12:31 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\365126A7.sys
2019-11-08 12:31 - 2019-11-08 12:31 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-11-08 12:30 - 2019-11-08 12:47 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-11-08 12:30 - 2019-11-08 12:30 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2019-11-08 12:25 - 2019-11-08 12:25 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2019-11-08 10:20 - 2019-11-08 10:20 - 000000342 ____H C:\Windows\Tasks\Avast Emergency Update.job
2019-11-08 07:59 - 2019-11-08 07:59 - 000000000 ____D C:\Users\OLPR27\AppData\Roaming\EpicNet Inc
2019-11-08 07:59 - 2019-11-08 07:59 - 000000000 ____D C:\Users\OLPR27\AppData\Local\EpicNet Inc
2019-11-08 07:05 - 2019-11-08 07:05 - 000000000 ____D C:\Program Files\Malwarebytes
2019-11-08 07:02 - 2019-11-08 07:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-11-08 07:02 - 2019-11-08 07:02 - 000000000 ____D C:\ProgramData\Avira
2019-11-08 06:50 - 2019-11-08 06:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A4Tech Software
2019-11-05 08:30 - 2019-11-05 08:48 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-11-03 07:36 - 2019-11-03 07:36 - 000000000 __SHD C:\found.033
2019-11-01 14:51 - 2010-09-28 22:46 - 000000000 ____D C:\Users\OLPR27\Downloads\Sound
2019-11-01 14:03 - 2019-11-01 14:07 - 059477083 _____ C:\Users\OLPR27\Downloads\Sound.rar
2019-10-28 19:33 - 2019-10-28 19:44 - 000000600 _____ C:\Users\OLPR27\AppData\Local\PUTTY.RND
2019-10-25 12:50 - 2019-10-25 12:50 - 000000000 __SHD C:\found.032
2019-10-23 21:40 - 2019-11-08 06:50 - 000002277 _____ C:\Users\Public\Desktop\5-Mode Oscar Editor.lnk
2019-10-23 21:40 - 2019-11-08 06:50 - 000000000 ____D C:\Program Files (x86)\OscarX7Editor5Mode
2019-10-23 21:40 - 2013-02-08 15:42 - 020188073 _____ C:\Users\OLPR27\Downloads\7Key,5Mode_V13.02V01.exe
2019-10-23 12:31 - 2019-10-23 12:33 - 019605082 _____ C:\Users\OLPR27\Downloads\7Key,5Mode_V13.02V01.zip
2019-10-21 06:22 - 2019-10-21 06:22 - 000030728 ____N C:\bootsqm.dat
2019-10-21 06:21 - 2019-10-21 06:21 - 000000000 __SHD C:\found.031
2019-10-21 02:40 - 2019-11-08 06:57 - 000000000 ____D C:\Program Files (x86)\AikaReborn
2019-10-21 01:30 - 2019-10-21 01:30 - 000000000 _RSHD C:\rfdx.exe
2019-10-21 01:24 - 2019-11-08 09:41 - 000000000 ____D C:\Program Files (x86)\SMADAV
2019-10-21 01:24 - 2019-10-21 01:24 - 000000000 ____D C:\Windows\rss
2019-10-20 21:55 - 2017-07-14 22:28 - 000450112 _____ (Network Tunnel Lab) C:\Windows\SysWOW64\networkdlllsp.dll
2019-10-20 21:53 - 2019-10-20 21:55 - 000000000 ____D C:\Program Files (x86)\Pingzapper
2019-10-20 21:53 - 2019-10-20 21:53 - 025921421 _____ C:\Users\OLPR27\Downloads\pz_setup_2.1.3.zip
2019-10-20 21:53 - 2019-10-20 21:53 - 000001031 _____ C:\Users\Public\Desktop\Pingzapper.lnk
2019-10-20 21:53 - 2019-10-20 21:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pingzapper
2019-10-20 21:53 - 2017-08-06 15:31 - 025947371 _____ (Pingzapper ) C:\Users\OLPR27\Downloads\pz_setup.exe
2019-10-20 00:17 - 2019-10-20 00:17 - 000031028 _____ C:\Program Files\XMBCSettings.xml
2019-10-19 23:49 - 2019-10-20 00:18 - 000000000 ____D C:\Program Files\Highresolution Enterprises
2019-10-18 22:18 - 2019-10-18 22:18 - 726343939 _____ C:\Users\OLPR27\Downloads\AikaReborn.7z
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-08 14:55 - 2019-05-02 13:53 - 000000000 ____D C:\Users\OLPR27\AppData\Local\CrashDumps
2019-11-08 14:53 - 2009-07-14 11:45 - 000020800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-11-08 14:53 - 2009-07-14 11:45 - 000020800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-11-08 14:51 - 2018-04-05 16:20 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-11-08 14:46 - 2019-05-31 22:00 - 000000000 ____D C:\ProgramData\AVAST Software
2019-11-08 14:46 - 2018-04-18 18:30 - 000000000 ____D C:\ProgramData\NVIDIA
2019-11-08 14:46 - 2009-07-14 12:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-08 14:13 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\inf
2019-11-08 14:09 - 2019-08-26 08:10 - 000000000 ____D C:\Temp
2019-11-08 14:07 - 2018-04-05 12:15 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-11-08 14:07 - 2018-04-05 12:15 - 000000000 ____D C:\Program Files\CCleaner
2019-11-08 13:28 - 2018-04-05 11:40 - 000000000 ____D C:\Users\OLPR27
2019-11-08 13:20 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\system32\NDF
2019-11-08 09:37 - 2019-04-29 21:33 - 000000000 ____D C:\Users\OLPR27\AppData\Roaming\Smadav
2019-11-08 09:33 - 2019-04-29 21:33 - 000000000 __SHD C:\[Smad-Cage]
2019-11-08 07:31 - 2019-07-19 21:36 - 000000000 ____D C:\Users\OLPR27\AppData\Local\Battle.net
2019-11-08 07:08 - 2018-04-05 11:49 - 000000000 ____D C:\ProgramData\Package Cache
2019-11-08 05:59 - 2018-04-05 12:03 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-08 05:59 - 2018-04-05 12:03 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-11-07 12:10 - 2019-08-07 19:33 - 000000470 _____ C:\Windows\Tasks\gxx speed launcher.job
2019-11-06 23:53 - 2018-04-18 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-11-06 23:53 - 2018-04-18 18:28 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-11-06 23:53 - 2018-04-05 12:32 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-11-06 23:53 - 2018-04-05 12:32 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-11-06 01:10 - 2019-07-19 01:14 - 000007597 _____ C:\Users\OLPR27\AppData\Local\Resmon.ResmonCfg
2019-11-05 14:11 - 2019-08-12 14:29 - 000000000 ____D C:\Users\OLPR27\AppData\Roaming\Discord
2019-11-05 10:54 - 2018-04-05 11:48 - 000000000 ____D C:\Program Files (x86)\Google
2019-11-05 10:34 - 2019-04-29 16:48 - 000000000 ____D C:\Users\OLPR27\AppData\Local\Microsoft Games
2019-11-05 08:56 - 2018-04-05 13:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-11-05 08:53 - 2018-04-05 13:08 - 000000000 ____D C:\Users\OLPR27\AppData\LocalLow\Mozilla
2019-10-30 12:35 - 2019-04-29 13:13 - 000000000 ____D C:\Users\OLPR27\AppData\Local\ElevatedDiagnostics
2019-10-29 14:39 - 2018-04-05 16:19 - 000000000 ____D C:\ProgramData\GarenaCIG
2019-10-24 20:46 - 2009-07-14 12:08 - 000032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-10-19 23:35 - 2010-11-21 14:16 - 000000000 ____D C:\Windows\ShellNew
2019-10-19 01:10 - 2019-05-01 19:35 - 000000000 ____D C:\Bonanza88
2019-10-15 02:48 - 2019-07-22 00:13 - 000011327 _____ C:\Users\OLPR27\Downloads\playBonanza88 (1).jar
2019-10-09 20:59 - 2009-07-14 12:13 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI
==================== Files in the root of some directories ========
2019-11-08 13:28 - 2019-11-08 13:28 - 000000441 _____ () C:\Users\OLPR27\Exe.reg
2017-10-14 19:48 - 2017-10-14 19:48 - 000033748 _____ () C:\Program Files\Czech.xmbclp
2017-12-27 17:01 - 2017-12-27 17:01 - 000066059 _____ () C:\Program Files\español-latinoamerica.xmbclp
2017-10-14 19:48 - 2017-10-14 19:48 - 000038116 _____ () C:\Program Files\finnish.xmbclp
2019-01-20 18:53 - 2019-01-20 18:53 - 000074681 _____ () C:\Program Files\French.xmbclp
2019-04-14 22:08 - 2019-04-14 22:08 - 000070988 _____ () C:\Program Files\German.xmbclp
2017-10-14 19:48 - 2017-10-14 19:48 - 000045020 _____ () C:\Program Files\Greek.xmbclp
2017-11-05 22:52 - 2017-11-05 22:52 - 000064483 _____ () C:\Program Files\Hungarian.xmbclp
2017-10-14 19:48 - 2017-10-14 19:48 - 000034015 _____ () C:\Program Files\italian.xmbclp
2019-02-24 17:56 - 2019-02-24 17:56 - 000111549 _____ () C:\Program Files\Japanese2.xmbclp
2017-10-14 19:48 - 2017-10-14 19:48 - 000052253 _____ () C:\Program Files\korean.xmbclp
2019-04-14 18:11 - 2019-04-14 18:11 - 000040405 _____ () C:\Program Files\language_template.xmbclp_sample
2017-06-26 13:46 - 2017-06-26 13:46 - 000060254 _____ () C:\Program Files\nederlands.xmbclp
2019-01-20 18:53 - 2019-01-20 18:53 - 000066015 _____ () C:\Program Files\Polish.xmbclp
2019-01-20 18:53 - 2019-01-20 18:53 - 000033945 _____ () C:\Program Files\portugues-brasil.xmbclp
2017-10-14 19:48 - 2017-10-14 19:48 - 000039072 _____ () C:\Program Files\Romanian.xmbclp
2019-05-05 18:32 - 2019-05-05 18:32 - 000090686 _____ () C:\Program Files\Russian.xmbclp
2017-10-14 19:48 - 2017-10-14 19:48 - 000048315 _____ () C:\Program Files\Simplified_Chinese.xmbclp
2019-01-20 18:53 - 2019-01-20 18:53 - 000063531 _____ () C:\Program Files\Slovak.xmbclp
2019-05-06 16:54 - 2019-05-06 16:54 - 000067279 _____ () C:\Program Files\Slovenian.xmbclp
2019-04-14 18:30 - 2019-04-14 18:30 - 000066128 _____ () C:\Program Files\Spanish.xmbclp
2018-01-03 17:18 - 2018-01-03 17:18 - 000060868 _____ () C:\Program Files\Traditional Chinese.xmbclp
2019-02-24 17:55 - 2019-02-24 17:55 - 000068819 _____ () C:\Program Files\Turkish.xmbclp
2017-10-14 19:48 - 2017-10-14 19:48 - 000043517 _____ () C:\Program Files\Ukrainian.xmbclp
2019-10-20 00:17 - 2019-10-20 00:17 - 000031028 _____ () C:\Program Files\XMBCSettings.xml
2019-10-19 23:49 - 2019-10-20 00:18 - 000009774 _____ () C:\Program Files\XMouseButtonControl.log
2018-04-05 12:16 - 2018-04-09 12:03 - 000003390 _____ () C:\Users\OLPR27\AppData\Local\icsys.icn
2019-10-28 19:33 - 2019-10-28 19:44 - 000000600 _____ () C:\Users\OLPR27\AppData\Local\PUTTY.RND
2019-07-19 01:14 - 2019-11-06 01:10 - 000007597 _____ () C:\Users\OLPR27\AppData\Local\Resmon.ResmonCfg
2019-08-06 14:49 - 2019-08-06 14:49 - 000000000 _____ () C:\Users\OLPR27\AppData\Local\{2A63673B-73EE-4280-89D6-E861676255C6}
2019-05-09 16:23 - 2019-05-09 16:23 - 000000000 _____ () C:\Users\OLPR27\AppData\Local\{B98EBA28-99F7-455A-85BF-9DE69EEF00AF}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================