Jump to content

extraordinary77

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Everything posted by extraordinary77

  1. extraordinary77
    @Maurice Naggar bro please help me ,no one going to help
  2. extraordinary77
    please anyone help me
  3. extraordinary77
    addition.txt : Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-11-2019 Ran by OLPR27 (08-11-2019 15:04:59) Running from C:\Users\OLPR27\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2018-04-05 04:40:30) Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-929171097-1776961653-2058299177-500 - Administrator - Disabled) Guest (S-1-5-21-929171097-1776961653-2058299177-501 - Limited - Enabled) OLPR27 (S-1-5-21-929171097-1776961653-2058299177-1000 - Administrator - Enabled) => C:\Users\OLPR27 SBShare (S-1-5-21-929171097-1776961653-2058299177-1001 - Administrator - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 5-Mode Oscar Editor (HKLM-x32\...\OscarX7Mouse5Mode) (Version: 13.02.0001 - A4Tech) Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated) Avira (HKLM-x32\...\{DA7052FA-B589-48D9-BF78-0A5AC11CB59A}) (Version: 1.2.138.20753 - Avira Operations GmbH & Co. KG) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 23.0.8.134 - Bitdefender) CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Discord (HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\Discord) (Version: 0.0.305 - Discord Inc.) DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3120241) (HKLM\...\{46556DC7-EFC0-361E-832E-E0A9B0D2EFAB}) (Version: 4.6.01067 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Mozilla Firefox 70.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 70.0.1 (x64 en-US)) (Version: 70.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla) NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation) NVIDIA 3D Vision Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation) NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Pingzapper version 2.1.3 (HKLM-x32\...\{7FD61982-5436-439B-B5D0-36F0536FF8BF}_is1) (Version: 2.1.3 - Pingzapper) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7767 - Realtek Semiconductor Corp.) Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.13w3 - Wacom Technology Corp.) WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WinpkFilter (HKLM-x32\...\WinpkFilter) (Version: 3.2.4.1 - NT Kernel Resources) WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ShortcutWithArgument: C:\Users\OLPR27\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default ==================== Loaded Modules (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\Logs:Defender.log [0] AlternateDataStreams: C:\Users\OLPR27\Application Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394] AlternateDataStreams: C:\Users\OLPR27\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 09:34 - 2019-06-04 03:26 - 000003407 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common HKU\S-1-5-21-929171097-1776961653-2058299177-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\OLPR27\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 118.98.44.100 - 118.98.44.10 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: Disc Soft Lite Bus Service => 3 MSCONFIG\Services: FoxitReaderService => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\startupfolder: C:^Users^OLPR27^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Game Menu.lnk => C:\Windows\pss\Game Menu.lnk.Startup MSCONFIG\startupreg: Avira SystrayStartTrigger => "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: Chromium => "c:\users\olpr27\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun MSCONFIG\startupreg: Discord => C:\Users\OLPR27\AppData\Local\Discord\app-0.0.305\Discord.exe MSCONFIG\startupreg: DriverPack Notifier => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe --run startup MSCONFIG\startupreg: GarenaCIG => "C:\ProgramData\GarenaCIG\GarenaCIG.exe" --tray MSCONFIG\startupreg: OscarX7Mouse5Mode => "C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe" Minimum MSCONFIG\startupreg: SmartUpdater => c:\smartbilling_client\smartstarter.exe MSCONFIG\startupreg: SMΔRT-Protection => C:\Program Files (x86)\Smadav\SMΔRTP.exe rts MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{5C2CF054-CFB1-4494-BB5D-584FDA6325D0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{D8A8C448-6887-4D54-AA67-7247496AC278}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{CBF9421A-0049-42BD-A5AE-80CDA5EC8B5B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{611CC201-94D4-4B06-9628-7C7ED8C01B60}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{72F70505-A275-4976-BAB1-EE0F775CAB7C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5DFB7C0E-5A3B-4485-9625-A946FB50B100}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{0B4CB7AB-8875-4CBB-A897-5B7B6E70FC86}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============ Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Realtek PCIe FE Family Controller Description: Realtek PCIe FE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ======================== Application errors: ================== Error: (11/08/2019 03:03:30 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (11/08/2019 02:57:30 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (11/08/2019 02:56:10 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/08/2019 02:55:26 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (11/08/2019 02:55:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbstub.exe, version: 1.5.3.749, time stamp: 0x5dc23d5a Faulting module name: mbstub.exe, version: 1.5.3.749, time stamp: 0x5dc23d5a Exception code: 0x40000015 Fault offset: 0x00143ea7 Faulting process id: 0x72c Faulting application start time: 0x01d59609cef08c44 Faulting application path: C:\Users\OLPR27\AppData\Local\Temp\7zSA9E5.tmp\mbstub.exe Faulting module path: C:\Users\OLPR27\AppData\Local\Temp\7zSA9E5.tmp\mbstub.exe Report Id: 1598886b-01fd-11ea-b3a9-8e25b00f945d Error: (11/08/2019 02:48:10 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/08/2019 02:47:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Avira.ServiceHost.exe, version: 1.2.138.20753, time stamp: 0x5da80da5 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7bafa Exception code: 0xe0434352 Fault offset: 0x0000b727 Faulting process id: 0xec8 Faulting application start time: 0x01d59608c9c46361 Faulting application path: C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 0815b265-01fc-11ea-8074-e70375c1c854 Error: (11/08/2019 02:47:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ComponentModel.Composition.CompositionException at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition) at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean) at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore() at System.ComponentModel.Composition.Primitives.Export.get_Value() at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export) at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality) at Avira.OE.ServiceHost.ServiceHost.Initialize() at Avira.OE.ServiceHost.Program+<>c__DisplayClass13_0.<OnServiceStart>b__0(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() System errors: ============= Error: (11/08/2019 03:04:21 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} Error: (11/08/2019 02:55:21 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (11/08/2019 02:54:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 21 Error: (11/08/2019 02:54:41 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} Error: (11/08/2019 02:54:41 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} Error: (11/08/2019 02:54:36 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (11/08/2019 02:54:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (11/08/2019 02:54:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Windows Defender: =================================== Date: 2019-05-14 03:55:31.341 Description: Windows Defender scan has been stopped before completion. Scan ID:{BD894BF9-EDF0-4DAA-A674-147DEF04A3B9} Scan Type:AntiSpyware Scan Parameters:Quick Scan ==================== Memory info =========================== BIOS: American Megatrends Inc. 4.6.5 07/01/2014 Motherboard: BIOSTAR Group A58ML2 Processor: AMD A4-6300 APU with Radeon(tm) HD Graphics Percentage of memory in use: 74% Total physical RAM: 4033.86 MB Available physical RAM: 1028.53 MB Total Virtual: 4132.04 MB Available Virtual: 1159.57 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:47.3 GB) (Free:21.16 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:13.52 GB) (Free:13.31 GB) NTFS Drive e: (GAME) (Fixed) (Total:404.94 GB) (Free:183.88 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 5AA56A9F) Partition 1: (Active) - (Size=47.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=13.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=404.9 GB) - (Type=05) ==================== End of Addition.txt =======================
  4. extraordinary77
    frst.txt : Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-11-2019 Ran by OLPR27 (administrator) on WINDOWS7 (BIOSTAR Group A58ML2) (08-11-2019 15:04:01) Running from C:\Users\OLPR27\Desktop Loaded Profiles: OLPR27 (Available Profiles: OLPR27) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16472832 2016-03-15] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Policies\Explorer: [NoViewOnDrive] 0 HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\Run: [Shell] => C:\Program Files (x86)\TP-Link\TP-Link TL-WN722N\WPS_TOOL_AUTO.vbs [151 2019-04-29] () [File not signed] HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd) HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\Run: [OscarX7Mouse5Mode] => C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe [3571712 2013-02-01] () [File not signed] HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\MountPoints2: {d428f116-3894-11e8-86fb-b8975a9e5d3f} - G:\SETUP.EXE HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-08] (Google LLC -> Google LLC) AlternateShell: FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01A38F73-82AF-4C6A-AB57-BA9B610803E7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe Task: {0CFED744-746A-4885-8472-23172EFFA38E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation) Task: {2EF4801B-2D2E-4387-A46C-03AD544FEDAD} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe Task: {33383465-43E9-4305-AF5C-2C2DC23A3EC1} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic path OfficeSoftwareProtectionProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate Task: {3CC76836-3628-43D9-B652-E0D1C4678DD6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation) Task: {3F4EE03C-906F-45C1-9C34-D53972EF1AAA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe Task: {50E3CA35-C787-4A47-A46D-7E7E90DDC468} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-15] (Piriform Software Ltd -> Piriform Ltd) Task: {5152D41E-BB71-4B56-9238-3B6A189B680F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-05] (Google Inc -> Google Inc.) Task: {6B822010-445A-4359-B31C-8D6F565EC788} - System32\Tasks\At1 => c:\windows\system\svchost.exe <==== ATTENTION Task: {7C69E181-868D-43A7-818E-D7F933A24690} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-05] (Google Inc -> Google Inc.) Task: {98596DCC-FA62-4D1D-9893-56AADBF4A256} - \NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION Task: {B37D9FE0-47A7-47B2-BAA1-63697100C95F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe Task: {BB8B5985-85BE-42A6-B5C2-EEB65491302C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2069952 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C259AEC2-538D-43B7-8B09-584322BB5523} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation) Task: {D14AFAD3-7890-43EB-9B0F-73FE3C4F7C30} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe Task: {DB4ED0BB-9745-4A86-BCBB-FB0A92C9A149} - System32\Tasks\gxx speed launcher => E:\Online Game\GarenaPlus\Garena\Garena\Garena.exe [450880 2018-11-23] (Garena Online Pte Ltd -> Garena Online ) Task: {DC5D718D-925F-4748-AA97-F9B3B5502236} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-15] (Piriform Software Ltd -> Piriform Software Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Task: C:\Windows\Tasks\gxx speed launcher.job => E:\Online Game\GarenaPlus\Garena\Garena\Garena.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog9 17 => No File Tcpip\Parameters: [DhcpNameServer] 118.98.44.100 118.98.44.10 Tcpip\..\Interfaces\{073087F8-0EC0-44E6-8BD4-0EDA4B93D736}: [DhcpNameServer] 192.168.1.1 202.134.1.10 202.134.0.155 Tcpip\..\Interfaces\{5C916BA2-1A3C-405E-974A-9294936DF883}: [DhcpNameServer] 118.98.44.100 118.98.44.10 Tcpip\..\Interfaces\{9DE6CC6C-B2FC-4D60-83B9-222AAFCA9650}: [DhcpNameServer] 118.98.44.100 118.98.44.10 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_mbkqwuxpvp_19_42_dopc&param1=1&param2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0Azy0EyD0FtAyD0D0BtAzytN0D0Tzu0StBzzyEzztN1L2XzuyEtFyDyCtFtDtFyCtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzytByD0FyBtGtDtC0AyCtGtA0A0DyBtGtC0EzyzztGyC0DyCtCtBzzyC0CyCzz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyByByE1QyB1StGyDyE1T1TtGyEtC1P1TtGzyyD1Q1RtG1TyByCtCzz1StDtDyEyCyD1S2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtCyDtDtByBtBtD%26cr%3D935422903%26a%3Dwnd_mbkqwuxpvp_19_42_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate HKU\S-1-5-21-929171097-1776961653-2058299177-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_mbkqwuxpvp_19_42_dopc&param1=1&param2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0Azy0EyD0FtAyD0D0BtAzytN0D0Tzu0StBzzyEzztN1L2XzuyEtFyDyCtFtDtFyCtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzytByD0FyBtGtDtC0AyCtGtA0A0DyBtGtC0EzyzztGyC0DyCtCtBzzyC0CyCzz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyByByE1QyB1StGyDyE1T1TtGyEtC1P1TtGzyyD1Q1RtG1TyByCtCzz1StDtDyEyCyD1S2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtCyDtDtByBtBtD%26cr%3D935422903%26a%3Dwnd_mbkqwuxpvp_19_42_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate HKU\S-1-5-21-929171097-1776961653-2058299177-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://u.msn.com/id-id/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_mbkqwuxpvp_19_42_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0Azy0EyD0FtAyD0D0BtAzytN0D0Tzu0StBzzyEzztN1L2XzuyEtFyDyCtFtDtFyCtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzytByD0FyBtGtDtC0AyCtGtA0A0DyBtGtC0EzyzztGyC0DyCtCtBzzyC0CyCzz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyByByE1QyB1StGyDyE1T1TtGyEtC1P1TtGzyyD1Q1RtG1TyByCtCzz1StDtDyEyCyD1S2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtCyDtDtByBtBtD%26cr%3D935422903%26a%3Dwnd_mbkqwuxpvp_19_42_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_mbkqwuxpvp_19_42_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0Azy0EyD0FtAyD0D0BtAzytN0D0Tzu0StBzzyEzztN1L2XzuyEtFyDyCtFtDtFyCtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzytByD0FyBtGtDtC0AyCtGtA0A0DyBtGtC0EzyzztGyC0DyCtCtBzzyC0CyCzz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyByByE1QyB1StGyDyE1T1TtGyEtC1P1TtGzyyD1Q1RtG1TyByCtCzz1StDtDyEyCyD1S2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtCyDtDtByBtBtD%26cr%3D935422903%26a%3Dwnd_mbkqwuxpvp_19_42_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKU\S-1-5-21-929171097-1776961653-2058299177-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-929171097-1776961653-2058299177-1000 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_mbkqwuxpvp_19_42_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0Azy0EyD0FtAyD0D0BtAzytN0D0Tzu0StBzzyEzztN1L2XzuyEtFyDyCtFtDtFyCtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzytByD0FyBtGtDtC0AyCtGtA0A0DyBtGtC0EzyzztGyC0DyCtCtBzzyC0CyCzz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyByByE1QyB1StGyDyE1T1TtGyEtC1P1TtGzyyD1Q1RtG1TyByCtCzz1StDtDyEyCyD1S2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtCyDtDtByBtBtD%26cr%3D935422903%26a%3Dwnd_mbkqwuxpvp_19_42_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-04-05] (Oracle America, Inc. -> Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-04-05] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: No Name -> {735A213C-FAA2-4CCF-A259-09C6BF58CFA5} -> No File BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: vy8cffm4.default FF ProfilePath: C:\Users\OLPR27\AppData\Roaming\Mozilla\Firefox\Profiles\vy8cffm4.default [2019-11-08] FF Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\OLPR27\AppData\Roaming\Mozilla\Firefox\Profiles\vy8cffm4.default\Extensions\browsec@browsec.com.xpi [2019-10-16] FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\OLPR27\AppData\Roaming\Mozilla\Firefox\Profiles\vy8cffm4.default\Extensions\sp@avast.com.xpi [2019-11-08] FF Extension: (Avast Online Security) - C:\Users\OLPR27\AppData\Roaming\Mozilla\Firefox\Profiles\vy8cffm4.default\Extensions\wrc@avast.com.xpi [2019-11-08] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-09] (Adobe Systems Incorporated -> ) FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-04-05] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-04-05] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed] FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-09] (Adobe Systems Incorporated -> ) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed] FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed] Chrome: ======= CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms} CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms} CHR Notifications: Default -> hxxps://www.tokopedia.com CHR Profile: C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default [2019-11-08] CHR Extension: (Slides) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-05] CHR Extension: (Docs) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-05] CHR Extension: (Google Drive) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-05] CHR Extension: (YouTube) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-05] CHR Extension: (Sheets) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-05] CHR Extension: (Chrome Web Store Payments) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04] CHR Extension: (Gmail) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30] CHR Extension: (Chrome Media Router) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-05] CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-929171097-1776961653-2058299177-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [249344 2016-02-27] (Advanced Micro Devices, Inc. -> AMD) S4 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.) S2 GarenaPlatform; E:\Online Game\GarenaPlus\Garena\Garena\2.0.1811.2302\gxxsvc.exe [315712 2018-11-23] (Garena Online Pte Ltd -> Garena Online ) S2 PingzapperSvc; C:\Program Files (x86)\Pingzapper\PZService.exe [632320 2016-05-22] () [File not signed] S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1293936 2018-11-15] (Bitdefender SRL -> Bitdefender) S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-04-30] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation) S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [655040 2015-07-08] (Wacom Technology Corp. -> Wacom Technology, Corp.) S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X] S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 365126A7; C:\Windows\System32\drivers\365126A7.sys [255928 2019-11-08] (Malwarebytes Corporation -> Malwarebytes) R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [23981568 2016-02-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [674816 2016-02-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-04-05] (Disc Soft Ltd -> Disc Soft Ltd) S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-04-05] (Disc Soft Ltd -> Disc Soft Ltd) S3 gaprotect; C:\Windows\System32\drivers\gaprotect.sys [110672 2018-04-05] (Garena Online Pte Ltd -> ) R0 garestore; C:\Windows\System32\DRIVERS\garestore.sys [47272 2014-10-17] (Hoa Binh Informatics .,JSC -> ) R1 ndissb; C:\Windows\System32\DRIVERS\ndissb.sys [44136 2015-06-30] (Mainline Net Holdings Limited -> E.D.L.) S3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [58816 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [5264464 2016-10-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation ) S3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) S3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Nuvoton Technology Corp.) S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X] U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-11-08 15:04 - 2019-11-08 15:04 - 000026535 _____ C:\Users\OLPR27\Desktop\FRST.txt 2019-11-08 15:03 - 2019-11-08 15:03 - 002259968 _____ (Farbar) C:\Users\OLPR27\Downloads\FRST64.exe 2019-11-08 15:03 - 2019-11-08 15:03 - 002259968 _____ (Farbar) C:\Users\OLPR27\Desktop\FRST64.exe 2019-11-08 15:00 - 2019-11-08 15:00 - 000073604 _____ C:\ProgramData\agent.update.1573200046.bdinstall.v2.bin 2019-11-08 14:59 - 2019-11-08 15:00 - 000000000 ____D C:\Program Files\Bitdefender Agent 2019-11-08 14:59 - 2019-11-08 14:59 - 009844256 _____ C:\Users\OLPR27\Downloads\bitdefender_tsecurity.exe 2019-11-08 14:59 - 2019-11-08 14:59 - 000102940 _____ C:\ProgramData\agent.1573199960.bdinstall.v2.bin 2019-11-08 14:59 - 2019-11-08 14:59 - 000000000 ____D C:\ProgramData\Bitdefender Agent 2019-11-08 14:54 - 2019-11-08 14:54 - 000051502 _____ C:\Windows\ntbtlog.txt 2019-11-08 14:07 - 2019-11-08 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2019-11-08 13:28 - 2019-11-08 13:28 - 000000441 _____ C:\Users\OLPR27\Exe.reg 2019-11-08 13:26 - 2019-11-08 13:26 - 024578944 _____ (Piriform Software Ltd) C:\Users\OLPR27\Downloads\ccsetup563.exe 2019-11-08 13:05 - 2019-11-08 13:05 - 001883976 _____ (Malwarebytes) C:\Users\OLPR27\Downloads\MBSetup.exe 2019-11-08 13:04 - 2019-11-08 13:04 - 009107552 _____ C:\Users\OLPR27\Downloads\mb-support-1.5.3.749.exe 2019-11-08 12:46 - 2019-11-08 12:46 - 043072920 _____ (SUPERAntiSpyware) C:\Users\OLPR27\Downloads\SUPERAntiSpyware.exe 2019-11-08 12:43 - 2019-11-08 15:04 - 000000000 ____D C:\FRST 2019-11-08 12:31 - 2019-11-08 12:31 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\365126A7.sys 2019-11-08 12:31 - 2019-11-08 12:31 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-11-08 12:30 - 2019-11-08 12:47 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2019-11-08 12:30 - 2019-11-08 12:30 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2019-11-08 12:25 - 2019-11-08 12:25 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2019-11-08 10:20 - 2019-11-08 10:20 - 000000342 ____H C:\Windows\Tasks\Avast Emergency Update.job 2019-11-08 07:59 - 2019-11-08 07:59 - 000000000 ____D C:\Users\OLPR27\AppData\Roaming\EpicNet Inc 2019-11-08 07:59 - 2019-11-08 07:59 - 000000000 ____D C:\Users\OLPR27\AppData\Local\EpicNet Inc 2019-11-08 07:05 - 2019-11-08 07:05 - 000000000 ____D C:\Program Files\Malwarebytes 2019-11-08 07:02 - 2019-11-08 07:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2019-11-08 07:02 - 2019-11-08 07:02 - 000000000 ____D C:\ProgramData\Avira 2019-11-08 06:50 - 2019-11-08 06:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A4Tech Software 2019-11-05 08:30 - 2019-11-05 08:48 - 000000000 ____D C:\Program Files\Mozilla Firefox 2019-11-03 07:36 - 2019-11-03 07:36 - 000000000 __SHD C:\found.033 2019-11-01 14:51 - 2010-09-28 22:46 - 000000000 ____D C:\Users\OLPR27\Downloads\Sound 2019-11-01 14:03 - 2019-11-01 14:07 - 059477083 _____ C:\Users\OLPR27\Downloads\Sound.rar 2019-10-28 19:33 - 2019-10-28 19:44 - 000000600 _____ C:\Users\OLPR27\AppData\Local\PUTTY.RND 2019-10-25 12:50 - 2019-10-25 12:50 - 000000000 __SHD C:\found.032 2019-10-23 21:40 - 2019-11-08 06:50 - 000002277 _____ C:\Users\Public\Desktop\5-Mode Oscar Editor.lnk 2019-10-23 21:40 - 2019-11-08 06:50 - 000000000 ____D C:\Program Files (x86)\OscarX7Editor5Mode 2019-10-23 21:40 - 2013-02-08 15:42 - 020188073 _____ C:\Users\OLPR27\Downloads\7Key,5Mode_V13.02V01.exe 2019-10-23 12:31 - 2019-10-23 12:33 - 019605082 _____ C:\Users\OLPR27\Downloads\7Key,5Mode_V13.02V01.zip 2019-10-21 06:22 - 2019-10-21 06:22 - 000030728 ____N C:\bootsqm.dat 2019-10-21 06:21 - 2019-10-21 06:21 - 000000000 __SHD C:\found.031 2019-10-21 02:40 - 2019-11-08 06:57 - 000000000 ____D C:\Program Files (x86)\AikaReborn 2019-10-21 01:30 - 2019-10-21 01:30 - 000000000 _RSHD C:\rfdx.exe 2019-10-21 01:24 - 2019-11-08 09:41 - 000000000 ____D C:\Program Files (x86)\SMADAV 2019-10-21 01:24 - 2019-10-21 01:24 - 000000000 ____D C:\Windows\rss 2019-10-20 21:55 - 2017-07-14 22:28 - 000450112 _____ (Network Tunnel Lab) C:\Windows\SysWOW64\networkdlllsp.dll 2019-10-20 21:53 - 2019-10-20 21:55 - 000000000 ____D C:\Program Files (x86)\Pingzapper 2019-10-20 21:53 - 2019-10-20 21:53 - 025921421 _____ C:\Users\OLPR27\Downloads\pz_setup_2.1.3.zip 2019-10-20 21:53 - 2019-10-20 21:53 - 000001031 _____ C:\Users\Public\Desktop\Pingzapper.lnk 2019-10-20 21:53 - 2019-10-20 21:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pingzapper 2019-10-20 21:53 - 2017-08-06 15:31 - 025947371 _____ (Pingzapper ) C:\Users\OLPR27\Downloads\pz_setup.exe 2019-10-20 00:17 - 2019-10-20 00:17 - 000031028 _____ C:\Program Files\XMBCSettings.xml 2019-10-19 23:49 - 2019-10-20 00:18 - 000000000 ____D C:\Program Files\Highresolution Enterprises 2019-10-18 22:18 - 2019-10-18 22:18 - 726343939 _____ C:\Users\OLPR27\Downloads\AikaReborn.7z ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-11-08 14:55 - 2019-05-02 13:53 - 000000000 ____D C:\Users\OLPR27\AppData\Local\CrashDumps 2019-11-08 14:53 - 2009-07-14 11:45 - 000020800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-11-08 14:53 - 2009-07-14 11:45 - 000020800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-11-08 14:51 - 2018-04-05 16:20 - 000000000 ____D C:\ProgramData\boost_interprocess 2019-11-08 14:46 - 2019-05-31 22:00 - 000000000 ____D C:\ProgramData\AVAST Software 2019-11-08 14:46 - 2018-04-18 18:30 - 000000000 ____D C:\ProgramData\NVIDIA 2019-11-08 14:46 - 2009-07-14 12:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-11-08 14:13 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\inf 2019-11-08 14:09 - 2019-08-26 08:10 - 000000000 ____D C:\Temp 2019-11-08 14:07 - 2018-04-05 12:15 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2019-11-08 14:07 - 2018-04-05 12:15 - 000000000 ____D C:\Program Files\CCleaner 2019-11-08 13:28 - 2018-04-05 11:40 - 000000000 ____D C:\Users\OLPR27 2019-11-08 13:20 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\system32\NDF 2019-11-08 09:37 - 2019-04-29 21:33 - 000000000 ____D C:\Users\OLPR27\AppData\Roaming\Smadav 2019-11-08 09:33 - 2019-04-29 21:33 - 000000000 __SHD C:\[Smad-Cage] 2019-11-08 07:31 - 2019-07-19 21:36 - 000000000 ____D C:\Users\OLPR27\AppData\Local\Battle.net 2019-11-08 07:08 - 2018-04-05 11:49 - 000000000 ____D C:\ProgramData\Package Cache 2019-11-08 05:59 - 2018-04-05 12:03 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-11-08 05:59 - 2018-04-05 12:03 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-11-07 12:10 - 2019-08-07 19:33 - 000000470 _____ C:\Windows\Tasks\gxx speed launcher.job 2019-11-06 23:53 - 2018-04-18 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2019-11-06 23:53 - 2018-04-18 18:28 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2019-11-06 23:53 - 2018-04-05 12:32 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2019-11-06 23:53 - 2018-04-05 12:32 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2019-11-06 01:10 - 2019-07-19 01:14 - 000007597 _____ C:\Users\OLPR27\AppData\Local\Resmon.ResmonCfg 2019-11-05 14:11 - 2019-08-12 14:29 - 000000000 ____D C:\Users\OLPR27\AppData\Roaming\Discord 2019-11-05 10:54 - 2018-04-05 11:48 - 000000000 ____D C:\Program Files (x86)\Google 2019-11-05 10:34 - 2019-04-29 16:48 - 000000000 ____D C:\Users\OLPR27\AppData\Local\Microsoft Games 2019-11-05 08:56 - 2018-04-05 13:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-11-05 08:53 - 2018-04-05 13:08 - 000000000 ____D C:\Users\OLPR27\AppData\LocalLow\Mozilla 2019-10-30 12:35 - 2019-04-29 13:13 - 000000000 ____D C:\Users\OLPR27\AppData\Local\ElevatedDiagnostics 2019-10-29 14:39 - 2018-04-05 16:19 - 000000000 ____D C:\ProgramData\GarenaCIG 2019-10-24 20:46 - 2009-07-14 12:08 - 000032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2019-10-19 23:35 - 2010-11-21 14:16 - 000000000 ____D C:\Windows\ShellNew 2019-10-19 01:10 - 2019-05-01 19:35 - 000000000 ____D C:\Bonanza88 2019-10-15 02:48 - 2019-07-22 00:13 - 000011327 _____ C:\Users\OLPR27\Downloads\playBonanza88 (1).jar 2019-10-09 20:59 - 2009-07-14 12:13 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI ==================== Files in the root of some directories ======== 2019-11-08 13:28 - 2019-11-08 13:28 - 000000441 _____ () C:\Users\OLPR27\Exe.reg 2017-10-14 19:48 - 2017-10-14 19:48 - 000033748 _____ () C:\Program Files\Czech.xmbclp 2017-12-27 17:01 - 2017-12-27 17:01 - 000066059 _____ () C:\Program Files\español-latinoamerica.xmbclp 2017-10-14 19:48 - 2017-10-14 19:48 - 000038116 _____ () C:\Program Files\finnish.xmbclp 2019-01-20 18:53 - 2019-01-20 18:53 - 000074681 _____ () C:\Program Files\French.xmbclp 2019-04-14 22:08 - 2019-04-14 22:08 - 000070988 _____ () C:\Program Files\German.xmbclp 2017-10-14 19:48 - 2017-10-14 19:48 - 000045020 _____ () C:\Program Files\Greek.xmbclp 2017-11-05 22:52 - 2017-11-05 22:52 - 000064483 _____ () C:\Program Files\Hungarian.xmbclp 2017-10-14 19:48 - 2017-10-14 19:48 - 000034015 _____ () C:\Program Files\italian.xmbclp 2019-02-24 17:56 - 2019-02-24 17:56 - 000111549 _____ () C:\Program Files\Japanese2.xmbclp 2017-10-14 19:48 - 2017-10-14 19:48 - 000052253 _____ () C:\Program Files\korean.xmbclp 2019-04-14 18:11 - 2019-04-14 18:11 - 000040405 _____ () C:\Program Files\language_template.xmbclp_sample 2017-06-26 13:46 - 2017-06-26 13:46 - 000060254 _____ () C:\Program Files\nederlands.xmbclp 2019-01-20 18:53 - 2019-01-20 18:53 - 000066015 _____ () C:\Program Files\Polish.xmbclp 2019-01-20 18:53 - 2019-01-20 18:53 - 000033945 _____ () C:\Program Files\portugues-brasil.xmbclp 2017-10-14 19:48 - 2017-10-14 19:48 - 000039072 _____ () C:\Program Files\Romanian.xmbclp 2019-05-05 18:32 - 2019-05-05 18:32 - 000090686 _____ () C:\Program Files\Russian.xmbclp 2017-10-14 19:48 - 2017-10-14 19:48 - 000048315 _____ () C:\Program Files\Simplified_Chinese.xmbclp 2019-01-20 18:53 - 2019-01-20 18:53 - 000063531 _____ () C:\Program Files\Slovak.xmbclp 2019-05-06 16:54 - 2019-05-06 16:54 - 000067279 _____ () C:\Program Files\Slovenian.xmbclp 2019-04-14 18:30 - 2019-04-14 18:30 - 000066128 _____ () C:\Program Files\Spanish.xmbclp 2018-01-03 17:18 - 2018-01-03 17:18 - 000060868 _____ () C:\Program Files\Traditional Chinese.xmbclp 2019-02-24 17:55 - 2019-02-24 17:55 - 000068819 _____ () C:\Program Files\Turkish.xmbclp 2017-10-14 19:48 - 2017-10-14 19:48 - 000043517 _____ () C:\Program Files\Ukrainian.xmbclp 2019-10-20 00:17 - 2019-10-20 00:17 - 000031028 _____ () C:\Program Files\XMBCSettings.xml 2019-10-19 23:49 - 2019-10-20 00:18 - 000009774 _____ () C:\Program Files\XMouseButtonControl.log 2018-04-05 12:16 - 2018-04-09 12:03 - 000003390 _____ () C:\Users\OLPR27\AppData\Local\icsys.icn 2019-10-28 19:33 - 2019-10-28 19:44 - 000000600 _____ () C:\Users\OLPR27\AppData\Local\PUTTY.RND 2019-07-19 01:14 - 2019-11-06 01:10 - 000007597 _____ () C:\Users\OLPR27\AppData\Local\Resmon.ResmonCfg 2019-08-06 14:49 - 2019-08-06 14:49 - 000000000 _____ () C:\Users\OLPR27\AppData\Local\{2A63673B-73EE-4280-89D6-E861676255C6} 2019-05-09 16:23 - 2019-05-09 16:23 - 000000000 _____ () C:\Users\OLPR27\AppData\Local\{B98EBA28-99F7-455A-85BF-9DE69EEF00AF} ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================
  5. extraordinary77
    @TwinHeadedEagle help me master , i'm so desperate atm
  6. extraordinary77
    Okay Im using Windows 7 , i've tried installing both malwarebytes and malwarebytesupport in safe mode , but still i got the error message , malwarebytes : an error occured mbsupport : mbstub.exe has stopped working i think my system got infected , i can't run most program (game , discord , mouse driver , etc ) and whenever i try to install software such as antivirus it's keep getting failed , when i run game launcher , it happen as if i have no connection , but my connection just fine ,FRST.txtAddition.txt i'm not an expert in this , please help me , thanks in advance .
  7. extraordinary77
    when i try to install the support tool , error message come out : mbstub.exe has stopped working , problem event name : app crash and when i try to install the malwarebytes error message : an error occured
  8. extraordinary77
    as stated in title , since i'm not an expert please help me
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.