Jump to content
extraordinary77

Can't install malwarebytes and can't run any program

Recommended Posts

Okay Im using Windows 7 , 

i've tried installing both malwarebytes and malwarebytesupport in safe mode , but still i got the error message , 
malwarebytes : an error occured
mbsupport : mbstub.exe has stopped working 

 

i think my system got infected , i can't run most program (game , discord  , mouse driver , etc ) 

and whenever i try to install software such as antivirus it's keep getting failed , 

when i run game launcher , it happen as if i have no connection , but my connection just fine

,FRST.txtAddition.txt

i'm not an expert in this , please help me , thanks in advance .

Share this post


Link to post
Share on other sites

frst.txt :
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-11-2019
Ran by OLPR27 (administrator) on WINDOWS7 (BIOSTAR Group A58ML2) (08-11-2019 15:04:01)
Running from C:\Users\OLPR27\Desktop
Loaded Profiles: OLPR27 (Available Profiles: OLPR27)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16472832 2016-03-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\Run: [Shell] => C:\Program Files (x86)\TP-Link\TP-Link TL-WN722N\WPS_TOOL_AUTO.vbs [151 2019-04-29] () [File not signed]
HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\Run: [OscarX7Mouse5Mode] => C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe [3571712 2013-02-01] () [File not signed]
HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\MountPoints2: {d428f116-3894-11e8-86fb-b8975a9e5d3f} - G:\SETUP.EXE
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-08] (Google LLC -> Google LLC)
AlternateShell: 
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01A38F73-82AF-4C6A-AB57-BA9B610803E7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
Task: {0CFED744-746A-4885-8472-23172EFFA38E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {2EF4801B-2D2E-4387-A46C-03AD544FEDAD} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
Task: {33383465-43E9-4305-AF5C-2C2DC23A3EC1} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic path OfficeSoftwareProtectionProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate
Task: {3CC76836-3628-43D9-B652-E0D1C4678DD6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {3F4EE03C-906F-45C1-9C34-D53972EF1AAA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
Task: {50E3CA35-C787-4A47-A46D-7E7E90DDC468} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {5152D41E-BB71-4B56-9238-3B6A189B680F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-05] (Google Inc -> Google Inc.)
Task: {6B822010-445A-4359-B31C-8D6F565EC788} - System32\Tasks\At1 => c:\windows\system\svchost.exe <==== ATTENTION
Task: {7C69E181-868D-43A7-818E-D7F933A24690} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-05] (Google Inc -> Google Inc.)
Task: {98596DCC-FA62-4D1D-9893-56AADBF4A256} - \NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {B37D9FE0-47A7-47B2-BAA1-63697100C95F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
Task: {BB8B5985-85BE-42A6-B5C2-EEB65491302C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2069952 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C259AEC2-538D-43B7-8B09-584322BB5523} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {D14AFAD3-7890-43EB-9B0F-73FE3C4F7C30} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
Task: {DB4ED0BB-9745-4A86-BCBB-FB0A92C9A149} - System32\Tasks\gxx speed launcher => E:\Online Game\GarenaPlus\Garena\Garena\Garena.exe [450880 2018-11-23] (Garena Online Pte Ltd -> Garena Online )
Task: {DC5D718D-925F-4748-AA97-F9B3B5502236} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-15] (Piriform Software Ltd -> Piriform Software Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\Windows\Tasks\gxx speed launcher.job => E:\Online Game\GarenaPlus\Garena\Garena\Garena.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 17  => No File 
Tcpip\Parameters: [DhcpNameServer] 118.98.44.100 118.98.44.10
Tcpip\..\Interfaces\{073087F8-0EC0-44E6-8BD4-0EDA4B93D736}: [DhcpNameServer] 192.168.1.1 202.134.1.10 202.134.0.155
Tcpip\..\Interfaces\{5C916BA2-1A3C-405E-974A-9294936DF883}: [DhcpNameServer] 118.98.44.100 118.98.44.10
Tcpip\..\Interfaces\{9DE6CC6C-B2FC-4D60-83B9-222AAFCA9650}: [DhcpNameServer] 118.98.44.100 118.98.44.10

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_mbkqwuxpvp_19_42_dopc&param1=1&param2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0Azy0EyD0FtAyD0D0BtAzytN0D0Tzu0StBzzyEzztN1L2XzuyEtFyDyCtFtDtFyCtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzytByD0FyBtGtDtC0AyCtGtA0A0DyBtGtC0EzyzztGyC0DyCtCtBzzyC0CyCzz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyByByE1QyB1StGyDyE1T1TtGyEtC1P1TtGzyyD1Q1RtG1TyByCtCzz1StDtDyEyCyD1S2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtCyDtDtByBtBtD%26cr%3D935422903%26a%3Dwnd_mbkqwuxpvp_19_42_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-929171097-1776961653-2058299177-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_mbkqwuxpvp_19_42_dopc&param1=1&param2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0Azy0EyD0FtAyD0D0BtAzytN0D0Tzu0StBzzyEzztN1L2XzuyEtFyDyCtFtDtFyCtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzytByD0FyBtGtDtC0AyCtGtA0A0DyBtGtC0EzyzztGyC0DyCtCtBzzyC0CyCzz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyByByE1QyB1StGyDyE1T1TtGyEtC1P1TtGzyyD1Q1RtG1TyByCtCzz1StDtDyEyCyD1S2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtCyDtDtByBtBtD%26cr%3D935422903%26a%3Dwnd_mbkqwuxpvp_19_42_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-929171097-1776961653-2058299177-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://u.msn.com/id-id/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_mbkqwuxpvp_19_42_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0Azy0EyD0FtAyD0D0BtAzytN0D0Tzu0StBzzyEzztN1L2XzuyEtFyDyCtFtDtFyCtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzytByD0FyBtGtDtC0AyCtGtA0A0DyBtGtC0EzyzztGyC0DyCtCtBzzyC0CyCzz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyByByE1QyB1StGyDyE1T1TtGyEtC1P1TtGzyyD1Q1RtG1TyByCtCzz1StDtDyEyCyD1S2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtCyDtDtByBtBtD%26cr%3D935422903%26a%3Dwnd_mbkqwuxpvp_19_42_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_mbkqwuxpvp_19_42_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0Azy0EyD0FtAyD0D0BtAzytN0D0Tzu0StBzzyEzztN1L2XzuyEtFyDyCtFtDtFyCtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzytByD0FyBtGtDtC0AyCtGtA0A0DyBtGtC0EzyzztGyC0DyCtCtBzzyC0CyCzz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyByByE1QyB1StGyDyE1T1TtGyEtC1P1TtGzyyD1Q1RtG1TyByCtCzz1StDtDyEyCyD1S2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtCyDtDtByBtBtD%26cr%3D935422903%26a%3Dwnd_mbkqwuxpvp_19_42_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-929171097-1776961653-2058299177-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-929171097-1776961653-2058299177-1000 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnd_mbkqwuxpvp_19_42_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0Azy0EyD0FtAyD0D0BtAzytN0D0Tzu0StBzzyEzztN1L2XzuyEtFyDyCtFtDtFyCtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzytByD0FyBtGtDtC0AyCtGtA0A0DyBtGtC0EzyzztGyC0DyCtCtBzzyC0CyCzz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyyByByE1QyB1StGyDyE1T1TtGyEtC1P1TtGzyyD1Q1RtG1TyByCtCzz1StDtDyEyCyD1S2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtCyDtDtByBtBtD%26cr%3D935422903%26a%3Dwnd_mbkqwuxpvp_19_42_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-04-05] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-04-05] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {735A213C-FAA2-4CCF-A259-09C6BF58CFA5} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: vy8cffm4.default
FF ProfilePath: C:\Users\OLPR27\AppData\Roaming\Mozilla\Firefox\Profiles\vy8cffm4.default [2019-11-08]
FF Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\OLPR27\AppData\Roaming\Mozilla\Firefox\Profiles\vy8cffm4.default\Extensions\browsec@browsec.com.xpi [2019-10-16]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\OLPR27\AppData\Roaming\Mozilla\Firefox\Profiles\vy8cffm4.default\Extensions\sp@avast.com.xpi [2019-11-08]
FF Extension: (Avast Online Security) - C:\Users\OLPR27\AppData\Roaming\Mozilla\Firefox\Profiles\vy8cffm4.default\Extensions\wrc@avast.com.xpi [2019-11-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-09] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-04-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-04-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-09] (Adobe Systems Incorporated -> )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Notifications: Default -> hxxps://www.tokopedia.com
CHR Profile: C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default [2019-11-08]
CHR Extension: (Slides) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-05]
CHR Extension: (Docs) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-05]
CHR Extension: (Google Drive) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-05]
CHR Extension: (YouTube) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-05]
CHR Extension: (Sheets) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\OLPR27\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-05]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-929171097-1776961653-2058299177-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [249344 2016-02-27] (Advanced Micro Devices, Inc. -> AMD)
S4 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
S2 GarenaPlatform; E:\Online Game\GarenaPlus\Garena\Garena\2.0.1811.2302\gxxsvc.exe [315712 2018-11-23] (Garena Online Pte Ltd -> Garena Online )
S2 PingzapperSvc; C:\Program Files (x86)\Pingzapper\PZService.exe [632320 2016-05-22] () [File not signed]
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1293936 2018-11-15] (Bitdefender SRL -> Bitdefender)
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-04-30] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [655040 2015-07-08] (Wacom Technology Corp. -> Wacom Technology, Corp.)
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 365126A7; C:\Windows\System32\drivers\365126A7.sys [255928 2019-11-08] (Malwarebytes Corporation -> Malwarebytes)
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [23981568 2016-02-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [674816 2016-02-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-04-05] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-04-05] (Disc Soft Ltd -> Disc Soft Ltd)
S3 gaprotect; C:\Windows\System32\drivers\gaprotect.sys [110672 2018-04-05] (Garena Online Pte Ltd -> )
R0 garestore; C:\Windows\System32\DRIVERS\garestore.sys [47272 2014-10-17] (Hoa Binh Informatics .,JSC -> )
R1 ndissb; C:\Windows\System32\DRIVERS\ndissb.sys [44136 2015-06-30] (Mainline Net Holdings Limited -> E.D.L.)
S3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [58816 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [5264464 2016-10-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Nuvoton Technology Corp.)
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-08 15:04 - 2019-11-08 15:04 - 000026535 _____ C:\Users\OLPR27\Desktop\FRST.txt
2019-11-08 15:03 - 2019-11-08 15:03 - 002259968 _____ (Farbar) C:\Users\OLPR27\Downloads\FRST64.exe
2019-11-08 15:03 - 2019-11-08 15:03 - 002259968 _____ (Farbar) C:\Users\OLPR27\Desktop\FRST64.exe
2019-11-08 15:00 - 2019-11-08 15:00 - 000073604 _____ C:\ProgramData\agent.update.1573200046.bdinstall.v2.bin
2019-11-08 14:59 - 2019-11-08 15:00 - 000000000 ____D C:\Program Files\Bitdefender Agent
2019-11-08 14:59 - 2019-11-08 14:59 - 009844256 _____ C:\Users\OLPR27\Downloads\bitdefender_tsecurity.exe
2019-11-08 14:59 - 2019-11-08 14:59 - 000102940 _____ C:\ProgramData\agent.1573199960.bdinstall.v2.bin
2019-11-08 14:59 - 2019-11-08 14:59 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2019-11-08 14:54 - 2019-11-08 14:54 - 000051502 _____ C:\Windows\ntbtlog.txt
2019-11-08 14:07 - 2019-11-08 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-11-08 13:28 - 2019-11-08 13:28 - 000000441 _____ C:\Users\OLPR27\Exe.reg
2019-11-08 13:26 - 2019-11-08 13:26 - 024578944 _____ (Piriform Software Ltd) C:\Users\OLPR27\Downloads\ccsetup563.exe
2019-11-08 13:05 - 2019-11-08 13:05 - 001883976 _____ (Malwarebytes) C:\Users\OLPR27\Downloads\MBSetup.exe
2019-11-08 13:04 - 2019-11-08 13:04 - 009107552 _____ C:\Users\OLPR27\Downloads\mb-support-1.5.3.749.exe
2019-11-08 12:46 - 2019-11-08 12:46 - 043072920 _____ (SUPERAntiSpyware) C:\Users\OLPR27\Downloads\SUPERAntiSpyware.exe
2019-11-08 12:43 - 2019-11-08 15:04 - 000000000 ____D C:\FRST
2019-11-08 12:31 - 2019-11-08 12:31 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\365126A7.sys
2019-11-08 12:31 - 2019-11-08 12:31 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-11-08 12:30 - 2019-11-08 12:47 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-11-08 12:30 - 2019-11-08 12:30 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2019-11-08 12:25 - 2019-11-08 12:25 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2019-11-08 10:20 - 2019-11-08 10:20 - 000000342 ____H C:\Windows\Tasks\Avast Emergency Update.job
2019-11-08 07:59 - 2019-11-08 07:59 - 000000000 ____D C:\Users\OLPR27\AppData\Roaming\EpicNet Inc
2019-11-08 07:59 - 2019-11-08 07:59 - 000000000 ____D C:\Users\OLPR27\AppData\Local\EpicNet Inc
2019-11-08 07:05 - 2019-11-08 07:05 - 000000000 ____D C:\Program Files\Malwarebytes
2019-11-08 07:02 - 2019-11-08 07:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-11-08 07:02 - 2019-11-08 07:02 - 000000000 ____D C:\ProgramData\Avira
2019-11-08 06:50 - 2019-11-08 06:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A4Tech Software
2019-11-05 08:30 - 2019-11-05 08:48 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-11-03 07:36 - 2019-11-03 07:36 - 000000000 __SHD C:\found.033
2019-11-01 14:51 - 2010-09-28 22:46 - 000000000 ____D C:\Users\OLPR27\Downloads\Sound
2019-11-01 14:03 - 2019-11-01 14:07 - 059477083 _____ C:\Users\OLPR27\Downloads\Sound.rar
2019-10-28 19:33 - 2019-10-28 19:44 - 000000600 _____ C:\Users\OLPR27\AppData\Local\PUTTY.RND
2019-10-25 12:50 - 2019-10-25 12:50 - 000000000 __SHD C:\found.032
2019-10-23 21:40 - 2019-11-08 06:50 - 000002277 _____ C:\Users\Public\Desktop\5-Mode Oscar Editor.lnk
2019-10-23 21:40 - 2019-11-08 06:50 - 000000000 ____D C:\Program Files (x86)\OscarX7Editor5Mode
2019-10-23 21:40 - 2013-02-08 15:42 - 020188073 _____ C:\Users\OLPR27\Downloads\7Key,5Mode_V13.02V01.exe
2019-10-23 12:31 - 2019-10-23 12:33 - 019605082 _____ C:\Users\OLPR27\Downloads\7Key,5Mode_V13.02V01.zip
2019-10-21 06:22 - 2019-10-21 06:22 - 000030728 ____N C:\bootsqm.dat
2019-10-21 06:21 - 2019-10-21 06:21 - 000000000 __SHD C:\found.031
2019-10-21 02:40 - 2019-11-08 06:57 - 000000000 ____D C:\Program Files (x86)\AikaReborn
2019-10-21 01:30 - 2019-10-21 01:30 - 000000000 _RSHD C:\rfdx.exe
2019-10-21 01:24 - 2019-11-08 09:41 - 000000000 ____D C:\Program Files (x86)\SMADAV
2019-10-21 01:24 - 2019-10-21 01:24 - 000000000 ____D C:\Windows\rss
2019-10-20 21:55 - 2017-07-14 22:28 - 000450112 _____ (Network Tunnel Lab) C:\Windows\SysWOW64\networkdlllsp.dll
2019-10-20 21:53 - 2019-10-20 21:55 - 000000000 ____D C:\Program Files (x86)\Pingzapper
2019-10-20 21:53 - 2019-10-20 21:53 - 025921421 _____ C:\Users\OLPR27\Downloads\pz_setup_2.1.3.zip
2019-10-20 21:53 - 2019-10-20 21:53 - 000001031 _____ C:\Users\Public\Desktop\Pingzapper.lnk
2019-10-20 21:53 - 2019-10-20 21:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pingzapper
2019-10-20 21:53 - 2017-08-06 15:31 - 025947371 _____ (Pingzapper ) C:\Users\OLPR27\Downloads\pz_setup.exe
2019-10-20 00:17 - 2019-10-20 00:17 - 000031028 _____ C:\Program Files\XMBCSettings.xml
2019-10-19 23:49 - 2019-10-20 00:18 - 000000000 ____D C:\Program Files\Highresolution Enterprises
2019-10-18 22:18 - 2019-10-18 22:18 - 726343939 _____ C:\Users\OLPR27\Downloads\AikaReborn.7z

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-08 14:55 - 2019-05-02 13:53 - 000000000 ____D C:\Users\OLPR27\AppData\Local\CrashDumps
2019-11-08 14:53 - 2009-07-14 11:45 - 000020800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-11-08 14:53 - 2009-07-14 11:45 - 000020800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-11-08 14:51 - 2018-04-05 16:20 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-11-08 14:46 - 2019-05-31 22:00 - 000000000 ____D C:\ProgramData\AVAST Software
2019-11-08 14:46 - 2018-04-18 18:30 - 000000000 ____D C:\ProgramData\NVIDIA
2019-11-08 14:46 - 2009-07-14 12:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-08 14:13 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\inf
2019-11-08 14:09 - 2019-08-26 08:10 - 000000000 ____D C:\Temp
2019-11-08 14:07 - 2018-04-05 12:15 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-11-08 14:07 - 2018-04-05 12:15 - 000000000 ____D C:\Program Files\CCleaner
2019-11-08 13:28 - 2018-04-05 11:40 - 000000000 ____D C:\Users\OLPR27
2019-11-08 13:20 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\system32\NDF
2019-11-08 09:37 - 2019-04-29 21:33 - 000000000 ____D C:\Users\OLPR27\AppData\Roaming\Smadav
2019-11-08 09:33 - 2019-04-29 21:33 - 000000000 __SHD C:\[Smad-Cage]
2019-11-08 07:31 - 2019-07-19 21:36 - 000000000 ____D C:\Users\OLPR27\AppData\Local\Battle.net
2019-11-08 07:08 - 2018-04-05 11:49 - 000000000 ____D C:\ProgramData\Package Cache
2019-11-08 05:59 - 2018-04-05 12:03 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-08 05:59 - 2018-04-05 12:03 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-11-07 12:10 - 2019-08-07 19:33 - 000000470 _____ C:\Windows\Tasks\gxx speed launcher.job
2019-11-06 23:53 - 2018-04-18 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-11-06 23:53 - 2018-04-18 18:28 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-11-06 23:53 - 2018-04-05 12:32 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-11-06 23:53 - 2018-04-05 12:32 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-11-06 01:10 - 2019-07-19 01:14 - 000007597 _____ C:\Users\OLPR27\AppData\Local\Resmon.ResmonCfg
2019-11-05 14:11 - 2019-08-12 14:29 - 000000000 ____D C:\Users\OLPR27\AppData\Roaming\Discord
2019-11-05 10:54 - 2018-04-05 11:48 - 000000000 ____D C:\Program Files (x86)\Google
2019-11-05 10:34 - 2019-04-29 16:48 - 000000000 ____D C:\Users\OLPR27\AppData\Local\Microsoft Games
2019-11-05 08:56 - 2018-04-05 13:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-11-05 08:53 - 2018-04-05 13:08 - 000000000 ____D C:\Users\OLPR27\AppData\LocalLow\Mozilla
2019-10-30 12:35 - 2019-04-29 13:13 - 000000000 ____D C:\Users\OLPR27\AppData\Local\ElevatedDiagnostics
2019-10-29 14:39 - 2018-04-05 16:19 - 000000000 ____D C:\ProgramData\GarenaCIG
2019-10-24 20:46 - 2009-07-14 12:08 - 000032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-10-19 23:35 - 2010-11-21 14:16 - 000000000 ____D C:\Windows\ShellNew
2019-10-19 01:10 - 2019-05-01 19:35 - 000000000 ____D C:\Bonanza88
2019-10-15 02:48 - 2019-07-22 00:13 - 000011327 _____ C:\Users\OLPR27\Downloads\playBonanza88 (1).jar
2019-10-09 20:59 - 2009-07-14 12:13 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories ========

2019-11-08 13:28 - 2019-11-08 13:28 - 000000441 _____ () C:\Users\OLPR27\Exe.reg
2017-10-14 19:48 - 2017-10-14 19:48 - 000033748 _____ () C:\Program Files\Czech.xmbclp
2017-12-27 17:01 - 2017-12-27 17:01 - 000066059 _____ () C:\Program Files\español-latinoamerica.xmbclp
2017-10-14 19:48 - 2017-10-14 19:48 - 000038116 _____ () C:\Program Files\finnish.xmbclp
2019-01-20 18:53 - 2019-01-20 18:53 - 000074681 _____ () C:\Program Files\French.xmbclp
2019-04-14 22:08 - 2019-04-14 22:08 - 000070988 _____ () C:\Program Files\German.xmbclp
2017-10-14 19:48 - 2017-10-14 19:48 - 000045020 _____ () C:\Program Files\Greek.xmbclp
2017-11-05 22:52 - 2017-11-05 22:52 - 000064483 _____ () C:\Program Files\Hungarian.xmbclp
2017-10-14 19:48 - 2017-10-14 19:48 - 000034015 _____ () C:\Program Files\italian.xmbclp
2019-02-24 17:56 - 2019-02-24 17:56 - 000111549 _____ () C:\Program Files\Japanese2.xmbclp
2017-10-14 19:48 - 2017-10-14 19:48 - 000052253 _____ () C:\Program Files\korean.xmbclp
2019-04-14 18:11 - 2019-04-14 18:11 - 000040405 _____ () C:\Program Files\language_template.xmbclp_sample
2017-06-26 13:46 - 2017-06-26 13:46 - 000060254 _____ () C:\Program Files\nederlands.xmbclp
2019-01-20 18:53 - 2019-01-20 18:53 - 000066015 _____ () C:\Program Files\Polish.xmbclp
2019-01-20 18:53 - 2019-01-20 18:53 - 000033945 _____ () C:\Program Files\portugues-brasil.xmbclp
2017-10-14 19:48 - 2017-10-14 19:48 - 000039072 _____ () C:\Program Files\Romanian.xmbclp
2019-05-05 18:32 - 2019-05-05 18:32 - 000090686 _____ () C:\Program Files\Russian.xmbclp
2017-10-14 19:48 - 2017-10-14 19:48 - 000048315 _____ () C:\Program Files\Simplified_Chinese.xmbclp
2019-01-20 18:53 - 2019-01-20 18:53 - 000063531 _____ () C:\Program Files\Slovak.xmbclp
2019-05-06 16:54 - 2019-05-06 16:54 - 000067279 _____ () C:\Program Files\Slovenian.xmbclp
2019-04-14 18:30 - 2019-04-14 18:30 - 000066128 _____ () C:\Program Files\Spanish.xmbclp
2018-01-03 17:18 - 2018-01-03 17:18 - 000060868 _____ () C:\Program Files\Traditional Chinese.xmbclp
2019-02-24 17:55 - 2019-02-24 17:55 - 000068819 _____ () C:\Program Files\Turkish.xmbclp
2017-10-14 19:48 - 2017-10-14 19:48 - 000043517 _____ () C:\Program Files\Ukrainian.xmbclp
2019-10-20 00:17 - 2019-10-20 00:17 - 000031028 _____ () C:\Program Files\XMBCSettings.xml
2019-10-19 23:49 - 2019-10-20 00:18 - 000009774 _____ () C:\Program Files\XMouseButtonControl.log
2018-04-05 12:16 - 2018-04-09 12:03 - 000003390 _____ () C:\Users\OLPR27\AppData\Local\icsys.icn
2019-10-28 19:33 - 2019-10-28 19:44 - 000000600 _____ () C:\Users\OLPR27\AppData\Local\PUTTY.RND
2019-07-19 01:14 - 2019-11-06 01:10 - 000007597 _____ () C:\Users\OLPR27\AppData\Local\Resmon.ResmonCfg
2019-08-06 14:49 - 2019-08-06 14:49 - 000000000 _____ () C:\Users\OLPR27\AppData\Local\{2A63673B-73EE-4280-89D6-E861676255C6}
2019-05-09 16:23 - 2019-05-09 16:23 - 000000000 _____ () C:\Users\OLPR27\AppData\Local\{B98EBA28-99F7-455A-85BF-9DE69EEF00AF}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Share this post


Link to post
Share on other sites

addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-11-2019
Ran by OLPR27 (08-11-2019 15:04:59)
Running from C:\Users\OLPR27\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-04-05 04:40:30)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-929171097-1776961653-2058299177-500 - Administrator - Disabled)
Guest (S-1-5-21-929171097-1776961653-2058299177-501 - Limited - Enabled)
OLPR27 (S-1-5-21-929171097-1776961653-2058299177-1000 - Administrator - Enabled) => C:\Users\OLPR27
SBShare (S-1-5-21-929171097-1776961653-2058299177-1001 - Administrator - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

5-Mode Oscar Editor (HKLM-x32\...\OscarX7Mouse5Mode) (Version: 13.02.0001 - A4Tech)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{DA7052FA-B589-48D9-BF78-0A5AC11CB59A}) (Version: 1.2.138.20753 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 23.0.8.134 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-929171097-1776961653-2058299177-1000\...\Discord) (Version: 0.0.305 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3120241) (HKLM\...\{46556DC7-EFC0-361E-832E-E0A9B0D2EFAB}) (Version: 4.6.01067 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 70.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 70.0.1 (x64 en-US)) (Version: 70.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pingzapper version 2.1.3 (HKLM-x32\...\{7FD61982-5436-439B-B5D0-36F0536FF8BF}_is1) (Version: 2.1.3 - Pingzapper)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7767 - Realtek Semiconductor Corp.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.13w3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinpkFilter (HKLM-x32\...\WinpkFilter) (Version: 3.2.4.1 - NT Kernel Resources)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\OLPR27\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\Logs:Defender.log [0]
AlternateDataStreams: C:\Users\OLPR27\Application Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\OLPR27\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2019-06-04 03:26 - 000003407 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-929171097-1776961653-2058299177-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\OLPR27\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 118.98.44.100 - 118.98.44.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: FoxitReaderService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\startupfolder: C:^Users^OLPR27^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Game Menu.lnk => C:\Windows\pss\Game Menu.lnk.Startup
MSCONFIG\startupreg: Avira SystrayStartTrigger => "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Chromium => "c:\users\olpr27\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: Discord => C:\Users\OLPR27\AppData\Local\Discord\app-0.0.305\Discord.exe
MSCONFIG\startupreg: DriverPack Notifier => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe --run startup
MSCONFIG\startupreg: GarenaCIG => "C:\ProgramData\GarenaCIG\GarenaCIG.exe" --tray
MSCONFIG\startupreg: OscarX7Mouse5Mode => "C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe" Minimum
MSCONFIG\startupreg: SmartUpdater => c:\smartbilling_client\smartstarter.exe
MSCONFIG\startupreg: SMΔRT-Protection => C:\Program Files (x86)\Smadav\SMΔRTP.exe rts
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5C2CF054-CFB1-4494-BB5D-584FDA6325D0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D8A8C448-6887-4D54-AA67-7247496AC278}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CBF9421A-0049-42BD-A5AE-80CDA5EC8B5B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{611CC201-94D4-4B06-9628-7C7ED8C01B60}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{72F70505-A275-4976-BAB1-EE0F775CAB7C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5DFB7C0E-5A3B-4485-9625-A946FB50B100}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0B4CB7AB-8875-4CBB-A897-5B7B6E70FC86}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: ========================

Application errors:
==================
Error: (11/08/2019 03:03:30 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (11/08/2019 02:57:30 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (11/08/2019 02:56:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/08/2019 02:55:26 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (11/08/2019 02:55:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbstub.exe, version: 1.5.3.749, time stamp: 0x5dc23d5a
Faulting module name: mbstub.exe, version: 1.5.3.749, time stamp: 0x5dc23d5a
Exception code: 0x40000015
Fault offset: 0x00143ea7
Faulting process id: 0x72c
Faulting application start time: 0x01d59609cef08c44
Faulting application path: C:\Users\OLPR27\AppData\Local\Temp\7zSA9E5.tmp\mbstub.exe
Faulting module path: C:\Users\OLPR27\AppData\Local\Temp\7zSA9E5.tmp\mbstub.exe
Report Id: 1598886b-01fd-11ea-b3a9-8e25b00f945d

Error: (11/08/2019 02:48:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/08/2019 02:47:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.ServiceHost.exe, version: 1.2.138.20753, time stamp: 0x5da80da5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7bafa
Exception code: 0xe0434352
Fault offset: 0x0000b727
Faulting process id: 0xec8
Faulting application start time: 0x01d59608c9c46361
Faulting application path: C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 0815b265-01fc-11ea-8074-e70375c1c854

Error: (11/08/2019 02:47:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.CompositionException
   at System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   at System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   at System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   at System.ComponentModel.Composition.Primitives.Export.get_Value()
   at System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   at System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
   at Avira.OE.ServiceHost.ServiceHost.Initialize()
   at Avira.OE.ServiceHost.Program+<>c__DisplayClass13_0.<OnServiceStart>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


System errors:
=============
Error: (11/08/2019 03:04:21 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (11/08/2019 02:55:21 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/08/2019 02:54:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 21

Error: (11/08/2019 02:54:41 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (11/08/2019 02:54:41 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (11/08/2019 02:54:36 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/08/2019 02:54:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (11/08/2019 02:54:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.


Windows Defender:
===================================
Date: 2019-05-14 03:55:31.341
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{BD894BF9-EDF0-4DAA-A674-147DEF04A3B9}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 4.6.5 07/01/2014
Motherboard: BIOSTAR Group A58ML2
Processor: AMD A4-6300 APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 74%
Total physical RAM: 4033.86 MB
Available physical RAM: 1028.53 MB
Total Virtual: 4132.04 MB
Available Virtual: 1159.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:47.3 GB) (Free:21.16 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:13.52 GB) (Free:13.31 GB) NTFS
Drive e: (GAME) (Fixed) (Total:404.94 GB) (Free:183.88 GB) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 5AA56A9F)
Partition 1: (Active) - (Size=47.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=404.9 GB) - (Type=05)

==================== End of Addition.txt =======================

Share this post


Link to post
Share on other sites

Hello @extraordinary77

The multiple posts make it look like you're already being helped. Please run the following.

Go to Control Panel, Programs, Add/Remove and uninstall

JAVA
Avira
Bitdefender Agent

Once that's completed please run the following fix

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Once that is done and you've posted back the fixlog file then go ahead and run the following steps.

 

 

Please run the following steps and post back the logs as an attachment when ready. Do not post the logs directly as the forum software often does not accurately post the logs directly.

STEP 01

  • If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened, or you can find the logs within the program. Attach or copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.