Jump to content

extraordinary77

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Posts posted by extraordinary77

    Can't install malwarebytes and can't run any program

    in Resolved Malware Removal Logs

    Posted

    addition.txt

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-11-2019
    Ran by OLPR27 (08-11-2019 15:04:59)
    Running from C:\Users\OLPR27\Desktop
    Windows 7 Ultimate Service Pack 1 (X64) (2018-04-05 04:40:30)
    Boot Mode: Safe Mode (with Networking)
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-929171097-1776961653-2058299177-500 - Administrator - Disabled)
    Guest (S-1-5-21-929171097-1776961653-2058299177-501 - Limited - Enabled)
    OLPR27 (S-1-5-21-929171097-1776961653-2058299177-1000 - Administrator - Enabled) => C:\Users\OLPR27
    SBShare (S-1-5-21-929171097-1776961653-2058299177-1001 - Administrator - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    5-Mode Oscar Editor (HKLM-x32\...\OscarX7Mouse5Mode) (Version: 13.02.0001 - A4Tech)
    Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
    Avira (HKLM-x32\...\{DA7052FA-B589-48D9-BF78-0A5AC11CB59A}) (Version: 1.2.138.20753 - Avira Operations GmbH & Co. KG) Hidden
    Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
    Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 23.0.8.134 - Bitdefender)
    CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
    Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
    Discord (HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\Discord) (Version: 0.0.305 - Discord Inc.)
    DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
    Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
    Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3120241) (HKLM\...\{46556DC7-EFC0-361E-832E-E0A9B0D2EFAB}) (Version: 4.6.01067 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Mozilla Firefox 70.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 70.0.1 (x64 en-US)) (Version: 70.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
    NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
    NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Pingzapper version 2.1.3 (HKLM-x32\...\{7FD61982-5436-439B-B5D0-36F0536FF8BF}_is1) (Version: 2.1.3 - Pingzapper)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7767 - Realtek Semiconductor Corp.)
    Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
    Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.13w3 - Wacom Technology Corp.)
    WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
    WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
    WinpkFilter (HKLM-x32\...\WinpkFilter) (Version: 3.2.4.1 - NT Kernel Resources)
    WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
    WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
    WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
    ShortcutWithArgument: C:\Users\OLPR27\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

    ==================== Loaded Modules (Whitelisted) =============

    ==================== Alternate Data Streams (Whitelisted) ========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows\Logs:Defender.log [0]
    AlternateDataStreams: C:\Users\OLPR27\Application Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
    AlternateDataStreams: C:\Users\OLPR27\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer trusted/restricted ==========

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 09:34 - 2019-06-04 03:26 - 000003407 _____ C:\Windows\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
    HKU\S-1-5-21-929171097-1776961653-2058299177-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\OLPR27\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 118.98.44.100 - 118.98.44.10
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    MSCONFIG\Services: Disc Soft Lite Bus Service => 3
    MSCONFIG\Services: FoxitReaderService => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\startupfolder: C:^Users^OLPR27^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Game Menu.lnk => C:\Windows\pss\Game Menu.lnk.Startup
    MSCONFIG\startupreg: Avira SystrayStartTrigger => "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: Chromium => "c:\users\olpr27\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
    MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
    MSCONFIG\startupreg: Discord => C:\Users\OLPR27\AppData\Local\Discord\app-0.0.305\Discord.exe
    MSCONFIG\startupreg: DriverPack Notifier => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe --run startup
    MSCONFIG\startupreg: GarenaCIG => "C:\ProgramData\GarenaCIG\GarenaCIG.exe" --tray
    MSCONFIG\startupreg: OscarX7Mouse5Mode => "C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe" Minimum
    MSCONFIG\startupreg: SmartUpdater => c:\smartbilling_client\smartstarter.exe
    MSCONFIG\startupreg: SMΔRT-Protection => C:\Program Files (x86)\Smadav\SMΔRTP.exe rts
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{5C2CF054-CFB1-4494-BB5D-584FDA6325D0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{D8A8C448-6887-4D54-AA67-7247496AC278}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{CBF9421A-0049-42BD-A5AE-80CDA5EC8B5B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{611CC201-94D4-4B06-9628-7C7ED8C01B60}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{72F70505-A275-4976-BAB1-EE0F775CAB7C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{5DFB7C0E-5A3B-4485-9625-A946FB50B100}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{0B4CB7AB-8875-4CBB-A897-5B7B6E70FC86}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

    ==================== Restore Points =========================


    ==================== Faulty Device Manager Devices ============

    Name: Security Processor Loader Driver
    Description: Security Processor Loader Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer: 
    Service: spldr
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Realtek PCIe FE Family Controller
    Description: Realtek PCIe FE Family Controller
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Realtek
    Service: RTL8167
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (11/08/2019 03:03:30 PM) (Source: PerfNet) (EventID: 2004) (User: )
    Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

    Error: (11/08/2019 02:57:30 PM) (Source: PerfNet) (EventID: 2004) (User: )
    Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

    Error: (11/08/2019 02:56:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (11/08/2019 02:55:26 PM) (Source: PerfNet) (EventID: 2004) (User: )
    Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

    Error: (11/08/2019 02:55:09 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbstub.exe, version: 1.5.3.749, time stamp: 0x5dc23d5a
    Faulting module name: mbstub.exe, version: 1.5.3.749, time stamp: 0x5dc23d5a
    Exception code: 0x40000015
    Fault offset: 0x00143ea7
    Faulting process id: 0x72c
    Faulting application start time: 0x01d59609cef08c44
    Faulting application path: C:\Users\OLPR27\AppData\Local\Temp\7zSA9E5.tmp\mbstub.exe
    Faulting module path: C:\Users\OLPR27\AppData\Local\Temp\7zSA9E5.tmp\mbstub.exe
    Report Id: 1598886b-01fd-11ea-b3a9-8e25b00f945d

    Error: (11/08/2019 02:48:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (11/08/2019 02:47:37 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Avira.ServiceHost.exe, version: 1.2.138.20753, time stamp: 0x5da80da5
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7bafa
    Exception code: 0xe0434352
    Fault offset: 0x0000b727
    Faulting process id: 0xec8
    Faulting application start time: 0x01d59608c9c46361
    Faulting application path: C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
    Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
    Report Id: 0815b265-01fc-11ea-8074-e70375c1c854

    Error: (11/08/2019 02:47:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Avira.ServiceHost.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.ComponentModel.Composition.CompositionException
       at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
       at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
       at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
       at System.ComponentModel.Composition.Primitives.Export.get_Value()
       at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
       at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
       at Avira.OE.ServiceHost.ServiceHost.Initialize()
       at Avira.OE.ServiceHost.Program+<>c__DisplayClass13_0.<OnServiceStart>b__0(System.Object)
       at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
       at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
       at System.Threading.ThreadPoolWorkQueue.Dispatch()
       at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


    System errors:
    =============
    Error: (11/08/2019 03:04:21 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server:
    {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

    Error: (11/08/2019 02:55:21 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server:
    {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error: (11/08/2019 02:54:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\Rtlihvs.dll
    Error Code: 21

    Error: (11/08/2019 02:54:41 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
    {D3DCB472-7261-43CE-924B-0704BD730D5F}

    Error: (11/08/2019 02:54:41 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
    {145B4335-FE2A-4927-A040-7C35AD3180EF}

    Error: (11/08/2019 02:54:36 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (11/08/2019 02:54:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
    The dependency service or group failed to start.

    Error: (11/08/2019 02:54:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
    The dependency service or group failed to start.


    Windows Defender:
    ===================================
    Date: 2019-05-14 03:55:31.341
    Description: 
    Windows Defender scan has been stopped before completion.
    Scan ID:{BD894BF9-EDF0-4DAA-A674-147DEF04A3B9}
    Scan Type:AntiSpyware
    Scan Parameters:Quick Scan

    ==================== Memory info =========================== 

    BIOS: American Megatrends Inc. 4.6.5 07/01/2014
    Motherboard: BIOSTAR Group A58ML2
    Processor: AMD A4-6300 APU with Radeon(tm) HD Graphics 
    Percentage of memory in use: 74%
    Total physical RAM: 4033.86 MB
    Available physical RAM: 1028.53 MB
    Total Virtual: 4132.04 MB
    Available Virtual: 1159.57 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:47.3 GB) (Free:21.16 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: () (Fixed) (Total:13.52 GB) (Free:13.31 GB) NTFS
    Drive e: (GAME) (Fixed) (Total:404.94 GB) (Free:183.88 GB) NTFS


    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 5AA56A9F)
    Partition 1: (Active) - (Size=47.3 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=13.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=404.9 GB) - (Type=05)

    ==================== End of Addition.txt =======================

    Can't install malwarebytes and can't run any program

    in Resolved Malware Removal Logs

    Posted

    frst.txt :
     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-11-2019
    Ran by OLPR27 (administrator) on WINDOWS7 (BIOSTAR Group A58ML2) (08-11-2019 15:04:01)
    Running from C:\Users\OLPR27\Desktop
    Loaded Profiles: OLPR27 (Available Profiles: OLPR27)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 8 (Default browser: IE)
    Boot Mode: Safe Mode (with Networking)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16472832 2016-03-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\Run: [Shell] => C:\Program Files (x86)\TP-Link\TP-Link TL-WN722N\WPS_TOOL_AUTO.vbs [151 2019-04-29] () [File not signed]
    HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
    HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\Run: [OscarX7Mouse5Mode] => C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe [3571712 2013-02-01] () [File not signed]
    HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\MountPoints2: {d428f116-3894-11e8-86fb-b8975a9e5d3f} - G:\SETUP.EXE
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-08] (Google LLC -> Google LLC)
    AlternateShell: 
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01A38F73-82AF-4C6A-AB57-BA9B610803E7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
    Task: {0CFED744-746A-4885-8472-23172EFFA38E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {2EF4801B-2D2E-4387-A46C-03AD544FEDAD} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
    Task: {33383465-43E9-4305-AF5C-2C2DC23A3EC1} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic path OfficeSoftwareProtectionProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate
    Task: {3CC76836-3628-43D9-B652-E0D1C4678DD6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {3F4EE03C-906F-45C1-9C34-D53972EF1AAA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
    Task: {50E3CA35-C787-4A47-A46D-7E7E90DDC468} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
    Task: {5152D41E-BB71-4B56-9238-3B6A189B680F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-05] (Google Inc -> Google Inc.)
    Task: {6B822010-445A-4359-B31C-8D6F565EC788} - System32\Tasks\At1 => c:\windows\system\svchost.exe <==== ATTENTION
    Task: {7C69E181-868D-43A7-818E-D7F933A24690} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-05] (Google Inc -> Google Inc.)
    Task: {98596DCC-FA62-4D1D-9893-56AADBF4A256} - \NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
    Task: {B37D9FE0-47A7-47B2-BAA1-63697100C95F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    Task: {BB8B5985-85BE-42A6-B5C2-EEB65491302C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2069952 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {C259AEC2-538D-43B7-8B09-584322BB5523} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {D14AFAD3-7890-43EB-9B0F-73FE3C4F7C30} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
    Task: {DB4ED0BB-9745-4A86-BCBB-FB0A92C9A149} - System32\Tasks\gxx speed launcher => E:\Online Game\GarenaPlus\Garena\Garena\Garena.exe [450880 2018-11-23] (Garena Online Pte Ltd -> Garena Online )
    Task: {DC5D718D-925F-4748-AA97-F9B3B5502236} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-15] (Piriform Software Ltd -> Piriform Software Ltd)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
    Task: C:\Windows\Tasks\gxx speed launcher.job => E:\Online Game\GarenaPlus\Garena\Garena\Garena.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog9 17  => No File 
    Tcpip\Parameters: [DhcpNameServer] 118.98.44.100 118.98.44.10
    Tcpip\..\Interfaces\{073087F8-0EC0-44E6-8BD4-0EDA4B93D736}: [DhcpNameServer] 192.168.1.1 202.134.1.10 202.134.0.155
    Tcpip\..\Interfaces\{5C916BA2-1A3C-405E-974A-9294936DF883}: [DhcpNameServer] 118.98.44.100 118.98.44.10
    Tcpip\..\Interfaces\{9DE6CC6C-B2FC-4D60-83B9-222AAFCA9650}: [DhcpNameServer] 118.98.44.100 118.98.44.10

    Internet Explorer:
    ==================
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_mbkqwuxpvp_19_42_dopc&param1=1&param2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0Azy0EyD0FtAyD0D0BtAzytN0D0Tzu0StBzzyEzztN1L2XzuyEtFyDyCtFtDtFyCtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzytByD0FyBtGtDtC0AyCtGtA0A0DyBtGtC0EzyzztGyC0DyCtCtBzzyC0CyCzz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyByByE1QyB1StGyDyE1T1TtGyEtC1P1TtGzyyD1Q1RtG1TyByCtCzz1StDtDyEyCyD1S2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtCyDtDtByBtBtD%26cr%3D935422903%26a%3Dwnd_mbkqwuxpvp_19_42_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
    HKU\S-1-5-21-929171097-1776961653-2058299177-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_mbkqwuxpvp_19_42_dopc&param1=1&param2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0Azy0EyD0FtAyD0D0BtAzytN0D0Tzu0StBzzyEzztN1L2XzuyEtFyDyCtFtDtFyCtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzytByD0FyBtGtDtC0AyCtGtA0A0DyBtGtC0EzyzztGyC0DyCtCtBzzyC0CyCzz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyByByE1QyB1StGyDyE1T1TtGyEtC1P1TtGzyyD1Q1RtG1TyByCtCzz1StDtDyEyCyD1S2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtCyDtDtByBtBtD%26cr%3D935422903%26a%3Dwnd_mbkqwuxpvp_19_42_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
    HKU\S-1-5-21-929171097-1776961653-2058299177-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://u.msn.com/id-id/?ocid=iehp
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_mbkqwuxpvp_19_42_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0Azy0EyD0FtAyD0D0BtAzytN0D0Tzu0StBzzyEzztN1L2XzuyEtFyDyCtFtDtFyCtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzytByD0FyBtGtDtC0AyCtGtA0A0DyBtGtC0EzyzztGyC0DyCtCtBzzyC0CyCzz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyByByE1QyB1StGyDyE1T1TtGyEtC1P1TtGzyyD1Q1RtG1TyByCtCzz1StDtDyEyCyD1S2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtCyDtDtByBtBtD%26cr%3D935422903%26a%3Dwnd_mbkqwuxpvp_19_42_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_mbkqwuxpvp_19_42_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0Azy0EyD0FtAyD0D0BtAzytN0D0Tzu0StBzzyEzztN1L2XzuyEtFyDyCtFtDtFyCtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzytByD0FyBtGtDtC0AyCtGtA0A0DyBtGtC0EzyzztGyC0DyCtCtBzzyC0CyCzz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyByByE1QyB1StGyDyE1T1TtGyEtC1P1TtGzyyD1Q1RtG1TyByCtCzz1StDtDyEyCyD1S2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtCyDtDtByBtBtD%26cr%3D935422903%26a%3Dwnd_mbkqwuxpvp_19_42_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-929171097-1776961653-2058299177-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-929171097-1776961653-2058299177-1000 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_mbkqwuxpvp_19_42_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0Azy0EyD0FtAyD0D0BtAzytN0D0Tzu0StBzzyEzztN1L2XzuyEtFyDyCtFtDtFyCtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzytByD0FyBtGtDtC0AyCtGtA0A0DyBtGtC0EzyzztGyC0DyCtCtBzzyC0CyCzz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyByByE1QyB1StGyDyE1T1TtGyEtC1P1TtGzyyD1Q1RtG1TyByCtCzz1StDtDyEyCyD1S2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtCyDtDtByBtBtD%26cr%3D935422903%26a%3Dwnd_mbkqwuxpvp_19_42_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-04-05] (Oracle America, Inc. -> Oracle Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-04-05] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: No Name -> {735A213C-FAA2-4CCF-A259-09C6BF58CFA5} -> No File
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
    Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
    Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: vy8cffm4.default
    FF ProfilePath: C:\Users\OLPR27\AppData\Roaming\Mozilla\Firefox\Profiles\vy8cffm4.default [2019-11-08]
    FF Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\OLPR27\AppData\Roaming\Mozilla\Firefox\Profiles\vy8cffm4.default\Extensions\browsec@browsec.com.xpi [2019-10-16]
    FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\OLPR27\AppData\Roaming\Mozilla\Firefox\Profiles\vy8cffm4.default\Extensions\sp@avast.com.xpi [2019-11-08]
    FF Extension: (Avast Online Security) - C:\Users\OLPR27\AppData\Roaming\Mozilla\Firefox\Profiles\vy8cffm4.default\Extensions\wrc@avast.com.xpi [2019-11-08]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-09] (Adobe Systems Incorporated -> )
    FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-04-05] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-04-05] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
    FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-09] (Adobe Systems Incorporated -> )
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
    FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
    FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]

    Chrome: 
    =======
    CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
    CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
    CHR Notifications: Default -> hxxps://www.tokopedia.com
    CHR Profile: C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default [2019-11-08]
    CHR Extension: (Slides) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-05]
    CHR Extension: (Docs) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-05]
    CHR Extension: (Google Drive) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-05]
    CHR Extension: (YouTube) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-05]
    CHR Extension: (Sheets) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-05]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
    CHR Extension: (Gmail) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
    CHR Extension: (Chrome Media Router) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-05]
    CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-929171097-1776961653-2058299177-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [249344 2016-02-27] (Advanced Micro Devices, Inc. -> AMD)
    S4 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
    S2 GarenaPlatform; E:\Online Game\GarenaPlus\Garena\Garena\2.0.1811.2302\gxxsvc.exe [315712 2018-11-23] (Garena Online Pte Ltd -> Garena Online )
    S2 PingzapperSvc; C:\Program Files (x86)\Pingzapper\PZService.exe [632320 2016-05-22] () [File not signed]
    S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1293936 2018-11-15] (Bitdefender SRL -> Bitdefender)
    S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-04-30] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
    S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [655040 2015-07-08] (Wacom Technology Corp. -> Wacom Technology, Corp.)
    S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
    S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 365126A7; C:\Windows\System32\drivers\365126A7.sys [255928 2019-11-08] (Malwarebytes Corporation -> Malwarebytes)
    R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
    S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [23981568 2016-02-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [674816 2016-02-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-04-05] (Disc Soft Ltd -> Disc Soft Ltd)
    S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-04-05] (Disc Soft Ltd -> Disc Soft Ltd)
    S3 gaprotect; C:\Windows\System32\drivers\gaprotect.sys [110672 2018-04-05] (Garena Online Pte Ltd -> )
    R0 garestore; C:\Windows\System32\DRIVERS\garestore.sys [47272 2014-10-17] (Hoa Binh Informatics .,JSC -> )
    R1 ndissb; C:\Windows\System32\DRIVERS\ndissb.sys [44136 2015-06-30] (Mainline Net Holdings Limited -> E.D.L.)
    S3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [58816 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [5264464 2016-10-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
    S3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
    S3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Nuvoton Technology Corp.)
    S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
    U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ===================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-11-08 15:04 - 2019-11-08 15:04 - 000026535 _____ C:\Users\OLPR27\Desktop\FRST.txt
    2019-11-08 15:03 - 2019-11-08 15:03 - 002259968 _____ (Farbar) C:\Users\OLPR27\Downloads\FRST64.exe
    2019-11-08 15:03 - 2019-11-08 15:03 - 002259968 _____ (Farbar) C:\Users\OLPR27\Desktop\FRST64.exe
    2019-11-08 15:00 - 2019-11-08 15:00 - 000073604 _____ C:\ProgramData\agent.update.1573200046.bdinstall.v2.bin
    2019-11-08 14:59 - 2019-11-08 15:00 - 000000000 ____D C:\Program Files\Bitdefender Agent
    2019-11-08 14:59 - 2019-11-08 14:59 - 009844256 _____ C:\Users\OLPR27\Downloads\bitdefender_tsecurity.exe
    2019-11-08 14:59 - 2019-11-08 14:59 - 000102940 _____ C:\ProgramData\agent.1573199960.bdinstall.v2.bin
    2019-11-08 14:59 - 2019-11-08 14:59 - 000000000 ____D C:\ProgramData\Bitdefender Agent
    2019-11-08 14:54 - 2019-11-08 14:54 - 000051502 _____ C:\Windows\ntbtlog.txt
    2019-11-08 14:07 - 2019-11-08 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2019-11-08 13:28 - 2019-11-08 13:28 - 000000441 _____ C:\Users\OLPR27\Exe.reg
    2019-11-08 13:26 - 2019-11-08 13:26 - 024578944 _____ (Piriform Software Ltd) C:\Users\OLPR27\Downloads\ccsetup563.exe
    2019-11-08 13:05 - 2019-11-08 13:05 - 001883976 _____ (Malwarebytes) C:\Users\OLPR27\Downloads\MBSetup.exe
    2019-11-08 13:04 - 2019-11-08 13:04 - 009107552 _____ C:\Users\OLPR27\Downloads\mb-support-1.5.3.749.exe
    2019-11-08 12:46 - 2019-11-08 12:46 - 043072920 _____ (SUPERAntiSpyware) C:\Users\OLPR27\Downloads\SUPERAntiSpyware.exe
    2019-11-08 12:43 - 2019-11-08 15:04 - 000000000 ____D C:\FRST
    2019-11-08 12:31 - 2019-11-08 12:31 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\365126A7.sys
    2019-11-08 12:31 - 2019-11-08 12:31 - 000000000 ____D C:\ProgramData\Malwarebytes
    2019-11-08 12:30 - 2019-11-08 12:47 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2019-11-08 12:30 - 2019-11-08 12:30 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2019-11-08 12:25 - 2019-11-08 12:25 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
    2019-11-08 10:20 - 2019-11-08 10:20 - 000000342 ____H C:\Windows\Tasks\Avast Emergency Update.job
    2019-11-08 07:59 - 2019-11-08 07:59 - 000000000 ____D C:\Users\OLPR27\AppData\Roaming\EpicNet Inc
    2019-11-08 07:59 - 2019-11-08 07:59 - 000000000 ____D C:\Users\OLPR27\AppData\Local\EpicNet Inc
    2019-11-08 07:05 - 2019-11-08 07:05 - 000000000 ____D C:\Program Files\Malwarebytes
    2019-11-08 07:02 - 2019-11-08 07:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    2019-11-08 07:02 - 2019-11-08 07:02 - 000000000 ____D C:\ProgramData\Avira
    2019-11-08 06:50 - 2019-11-08 06:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A4Tech Software
    2019-11-05 08:30 - 2019-11-05 08:48 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2019-11-03 07:36 - 2019-11-03 07:36 - 000000000 __SHD C:\found.033
    2019-11-01 14:51 - 2010-09-28 22:46 - 000000000 ____D C:\Users\OLPR27\Downloads\Sound
    2019-11-01 14:03 - 2019-11-01 14:07 - 059477083 _____ C:\Users\OLPR27\Downloads\Sound.rar
    2019-10-28 19:33 - 2019-10-28 19:44 - 000000600 _____ C:\Users\OLPR27\AppData\Local\PUTTY.RND
    2019-10-25 12:50 - 2019-10-25 12:50 - 000000000 __SHD C:\found.032
    2019-10-23 21:40 - 2019-11-08 06:50 - 000002277 _____ C:\Users\Public\Desktop\5-Mode Oscar Editor.lnk
    2019-10-23 21:40 - 2019-11-08 06:50 - 000000000 ____D C:\Program Files (x86)\OscarX7Editor5Mode
    2019-10-23 21:40 - 2013-02-08 15:42 - 020188073 _____ C:\Users\OLPR27\Downloads\7Key,5Mode_V13.02V01.exe
    2019-10-23 12:31 - 2019-10-23 12:33 - 019605082 _____ C:\Users\OLPR27\Downloads\7Key,5Mode_V13.02V01.zip
    2019-10-21 06:22 - 2019-10-21 06:22 - 000030728 ____N C:\bootsqm.dat
    2019-10-21 06:21 - 2019-10-21 06:21 - 000000000 __SHD C:\found.031
    2019-10-21 02:40 - 2019-11-08 06:57 - 000000000 ____D C:\Program Files (x86)\AikaReborn
    2019-10-21 01:30 - 2019-10-21 01:30 - 000000000 _RSHD C:\rfdx.exe
    2019-10-21 01:24 - 2019-11-08 09:41 - 000000000 ____D C:\Program Files (x86)\SMADAV
    2019-10-21 01:24 - 2019-10-21 01:24 - 000000000 ____D C:\Windows\rss
    2019-10-20 21:55 - 2017-07-14 22:28 - 000450112 _____ (Network Tunnel Lab) C:\Windows\SysWOW64\networkdlllsp.dll
    2019-10-20 21:53 - 2019-10-20 21:55 - 000000000 ____D C:\Program Files (x86)\Pingzapper
    2019-10-20 21:53 - 2019-10-20 21:53 - 025921421 _____ C:\Users\OLPR27\Downloads\pz_setup_2.1.3.zip
    2019-10-20 21:53 - 2019-10-20 21:53 - 000001031 _____ C:\Users\Public\Desktop\Pingzapper.lnk
    2019-10-20 21:53 - 2019-10-20 21:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pingzapper
    2019-10-20 21:53 - 2017-08-06 15:31 - 025947371 _____ (Pingzapper ) C:\Users\OLPR27\Downloads\pz_setup.exe
    2019-10-20 00:17 - 2019-10-20 00:17 - 000031028 _____ C:\Program Files\XMBCSettings.xml
    2019-10-19 23:49 - 2019-10-20 00:18 - 000000000 ____D C:\Program Files\Highresolution Enterprises
    2019-10-18 22:18 - 2019-10-18 22:18 - 726343939 _____ C:\Users\OLPR27\Downloads\AikaReborn.7z

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-11-08 14:55 - 2019-05-02 13:53 - 000000000 ____D C:\Users\OLPR27\AppData\Local\CrashDumps
    2019-11-08 14:53 - 2009-07-14 11:45 - 000020800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2019-11-08 14:53 - 2009-07-14 11:45 - 000020800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2019-11-08 14:51 - 2018-04-05 16:20 - 000000000 ____D C:\ProgramData\boost_interprocess
    2019-11-08 14:46 - 2019-05-31 22:00 - 000000000 ____D C:\ProgramData\AVAST Software
    2019-11-08 14:46 - 2018-04-18 18:30 - 000000000 ____D C:\ProgramData\NVIDIA
    2019-11-08 14:46 - 2009-07-14 12:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2019-11-08 14:13 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\inf
    2019-11-08 14:09 - 2019-08-26 08:10 - 000000000 ____D C:\Temp
    2019-11-08 14:07 - 2018-04-05 12:15 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2019-11-08 14:07 - 2018-04-05 12:15 - 000000000 ____D C:\Program Files\CCleaner
    2019-11-08 13:28 - 2018-04-05 11:40 - 000000000 ____D C:\Users\OLPR27
    2019-11-08 13:20 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\system32\NDF
    2019-11-08 09:37 - 2019-04-29 21:33 - 000000000 ____D C:\Users\OLPR27\AppData\Roaming\Smadav
    2019-11-08 09:33 - 2019-04-29 21:33 - 000000000 __SHD C:\[Smad-Cage]
    2019-11-08 07:31 - 2019-07-19 21:36 - 000000000 ____D C:\Users\OLPR27\AppData\Local\Battle.net
    2019-11-08 07:08 - 2018-04-05 11:49 - 000000000 ____D C:\ProgramData\Package Cache
    2019-11-08 05:59 - 2018-04-05 12:03 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-11-08 05:59 - 2018-04-05 12:03 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-11-07 12:10 - 2019-08-07 19:33 - 000000470 _____ C:\Windows\Tasks\gxx speed launcher.job
    2019-11-06 23:53 - 2018-04-18 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2019-11-06 23:53 - 2018-04-18 18:28 - 000000000 ____D C:\Program Files\NVIDIA Corporation
    2019-11-06 23:53 - 2018-04-05 12:32 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
    2019-11-06 23:53 - 2018-04-05 12:32 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2019-11-06 01:10 - 2019-07-19 01:14 - 000007597 _____ C:\Users\OLPR27\AppData\Local\Resmon.ResmonCfg
    2019-11-05 14:11 - 2019-08-12 14:29 - 000000000 ____D C:\Users\OLPR27\AppData\Roaming\Discord
    2019-11-05 10:54 - 2018-04-05 11:48 - 000000000 ____D C:\Program Files (x86)\Google
    2019-11-05 10:34 - 2019-04-29 16:48 - 000000000 ____D C:\Users\OLPR27\AppData\Local\Microsoft Games
    2019-11-05 08:56 - 2018-04-05 13:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2019-11-05 08:53 - 2018-04-05 13:08 - 000000000 ____D C:\Users\OLPR27\AppData\LocalLow\Mozilla
    2019-10-30 12:35 - 2019-04-29 13:13 - 000000000 ____D C:\Users\OLPR27\AppData\Local\ElevatedDiagnostics
    2019-10-29 14:39 - 2018-04-05 16:19 - 000000000 ____D C:\ProgramData\GarenaCIG
    2019-10-24 20:46 - 2009-07-14 12:08 - 000032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2019-10-19 23:35 - 2010-11-21 14:16 - 000000000 ____D C:\Windows\ShellNew
    2019-10-19 01:10 - 2019-05-01 19:35 - 000000000 ____D C:\Bonanza88
    2019-10-15 02:48 - 2019-07-22 00:13 - 000011327 _____ C:\Users\OLPR27\Downloads\playBonanza88 (1).jar
    2019-10-09 20:59 - 2009-07-14 12:13 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI

    ==================== Files in the root of some directories ========

    2019-11-08 13:28 - 2019-11-08 13:28 - 000000441 _____ () C:\Users\OLPR27\Exe.reg
    2017-10-14 19:48 - 2017-10-14 19:48 - 000033748 _____ () C:\Program Files\Czech.xmbclp
    2017-12-27 17:01 - 2017-12-27 17:01 - 000066059 _____ () C:\Program Files\español-latinoamerica.xmbclp
    2017-10-14 19:48 - 2017-10-14 19:48 - 000038116 _____ () C:\Program Files\finnish.xmbclp
    2019-01-20 18:53 - 2019-01-20 18:53 - 000074681 _____ () C:\Program Files\French.xmbclp
    2019-04-14 22:08 - 2019-04-14 22:08 - 000070988 _____ () C:\Program Files\German.xmbclp
    2017-10-14 19:48 - 2017-10-14 19:48 - 000045020 _____ () C:\Program Files\Greek.xmbclp
    2017-11-05 22:52 - 2017-11-05 22:52 - 000064483 _____ () C:\Program Files\Hungarian.xmbclp
    2017-10-14 19:48 - 2017-10-14 19:48 - 000034015 _____ () C:\Program Files\italian.xmbclp
    2019-02-24 17:56 - 2019-02-24 17:56 - 000111549 _____ () C:\Program Files\Japanese2.xmbclp
    2017-10-14 19:48 - 2017-10-14 19:48 - 000052253 _____ () C:\Program Files\korean.xmbclp
    2019-04-14 18:11 - 2019-04-14 18:11 - 000040405 _____ () C:\Program Files\language_template.xmbclp_sample
    2017-06-26 13:46 - 2017-06-26 13:46 - 000060254 _____ () C:\Program Files\nederlands.xmbclp
    2019-01-20 18:53 - 2019-01-20 18:53 - 000066015 _____ () C:\Program Files\Polish.xmbclp
    2019-01-20 18:53 - 2019-01-20 18:53 - 000033945 _____ () C:\Program Files\portugues-brasil.xmbclp
    2017-10-14 19:48 - 2017-10-14 19:48 - 000039072 _____ () C:\Program Files\Romanian.xmbclp
    2019-05-05 18:32 - 2019-05-05 18:32 - 000090686 _____ () C:\Program Files\Russian.xmbclp
    2017-10-14 19:48 - 2017-10-14 19:48 - 000048315 _____ () C:\Program Files\Simplified_Chinese.xmbclp
    2019-01-20 18:53 - 2019-01-20 18:53 - 000063531 _____ () C:\Program Files\Slovak.xmbclp
    2019-05-06 16:54 - 2019-05-06 16:54 - 000067279 _____ () C:\Program Files\Slovenian.xmbclp
    2019-04-14 18:30 - 2019-04-14 18:30 - 000066128 _____ () C:\Program Files\Spanish.xmbclp
    2018-01-03 17:18 - 2018-01-03 17:18 - 000060868 _____ () C:\Program Files\Traditional Chinese.xmbclp
    2019-02-24 17:55 - 2019-02-24 17:55 - 000068819 _____ () C:\Program Files\Turkish.xmbclp
    2017-10-14 19:48 - 2017-10-14 19:48 - 000043517 _____ () C:\Program Files\Ukrainian.xmbclp
    2019-10-20 00:17 - 2019-10-20 00:17 - 000031028 _____ () C:\Program Files\XMBCSettings.xml
    2019-10-19 23:49 - 2019-10-20 00:18 - 000009774 _____ () C:\Program Files\XMouseButtonControl.log
    2018-04-05 12:16 - 2018-04-09 12:03 - 000003390 _____ () C:\Users\OLPR27\AppData\Local\icsys.icn
    2019-10-28 19:33 - 2019-10-28 19:44 - 000000600 _____ () C:\Users\OLPR27\AppData\Local\PUTTY.RND
    2019-07-19 01:14 - 2019-11-06 01:10 - 000007597 _____ () C:\Users\OLPR27\AppData\Local\Resmon.ResmonCfg
    2019-08-06 14:49 - 2019-08-06 14:49 - 000000000 _____ () C:\Users\OLPR27\AppData\Local\{2A63673B-73EE-4280-89D6-E861676255C6}
    2019-05-09 16:23 - 2019-05-09 16:23 - 000000000 _____ () C:\Users\OLPR27\AppData\Local\{B98EBA28-99F7-455A-85BF-9DE69EEF00AF}

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================

    Can't install malwarebytes and can't run any program

    in Resolved Malware Removal Logs

    Posted

    Okay Im using Windows 7 , 

    i've tried installing both malwarebytes and malwarebytesupport in safe mode , but still i got the error message , 
    malwarebytes : an error occured
    mbsupport : mbstub.exe has stopped working 

     

    i think my system got infected , i can't run most program (game , discord  , mouse driver , etc ) 

    and whenever i try to install software such as antivirus it's keep getting failed , 

    when i run game launcher , it happen as if i have no connection , but my connection just fine

    ,FRST.txtAddition.txt

    i'm not an expert in this , please help me , thanks in advance .

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.