Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Browser at the start automatically opened and some interval its opened again


  • This topic is locked This topic is locked
5 replies to this topic

#1 lidner2

lidner2

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 04 March 2018 - 07:44 AM

hello guys

 

i got a problem here,at the start of startup my laptop immediatly opened the browser and opened directly this two website

 

-blackghost(dot)ro

-www(dot)cs-16(dot)com

 

and then at some random minutes my broser opened again this time it open directly to this

 

-windows defender site

 

oh and im using vivaldi browser and im done trying fix this issue with adware removal like spyhunter,AdwCleaner and i done scan critical area using panda antivirus but nothing helped me to fix this issue.

 

so i will apreciate any help i got from this forum

 

thank you cheer :)



BC AdBot (Login to Remove)

 


#2 lidner2

lidner2
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 04 March 2018 - 08:16 AM

FRST Log

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by Lavin (administrator) on LAVIN-PC (04-03-2018 19:47:49)
Running from C:\Users\Lavin\Downloads
Loaded Profiles: Lavin (Available Profiles: Lavin & LavinCoba)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\Lavin\AppData\Local\Vivaldi\Application\vivaldi.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
(Electronic Arts) E:\Games\Origin\OriginWebHelperService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(eVenture Limited) C:\Program Files (x86)\hide.me VPN\hidemesvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Tonec Inc.) C:\Program Files (x86)\Tonec\IDMan.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2016-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2016-01-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [465544 2016-02-10] (Power Software Ltd)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [141760 2017-02-22] (Panda Security, S.L.)
HKU\S-1-5-21-1594911143-2086658988-593811238-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-04] (Piriform Ltd)
HKU\S-1-5-21-1594911143-2086658988-593811238-1000\...\Run: [IDMan] => C:\Program Files (x86)\Tonec\IDMan.exe [4035696 2017-10-03] (Tonec Inc.)
HKU\S-1-5-21-1594911143-2086658988-593811238-1000\...\Run: [valveauto] => C:\Users\Lavin\Documents\don.vbs [18078 2018-03-03] ()
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
BootExecute: autocheck autochk * sh4native Sh4Removal
GroupPolicyScripts: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 202.73.99.2 61.247.0.133 118.136.64.5
Tcpip\..\Interfaces\{18AEB392-A447-4F88-8C90-DB38869883C0}: [DhcpNameServer] 202.73.99.2 61.247.0.133 118.136.64.5
Tcpip\..\Interfaces\{627166EC-135E-4D5C-BD0E-9346AE1727C3}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{DD0FB3EF-87AF-47A7-B2EA-5E239F8AD898}: [DhcpNameServer] 103.254.155.130 103.254.155.132
Tcpip\..\Interfaces\{FD4EAE5D-3681-4339-AA2B-52DCF301CFF3}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{FF1D11AD-A537-4B7C-81FB-BC92EF8044C4}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKU\S-1-5-21-1594911143-2086658988-593811238-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://u.msn.com/id-id/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-1594911143-2086658988-593811238-1000 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll No File
URLSearchHook: HKU\S-1-5-21-1594911143-2086658988-593811238-1000 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll No File
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Tonec\IDMIECC64.dll [2017-09-23] (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-05-14] (Oracle Corporation)
BHO: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-05-14] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Tonec\IDMIECC.dll [2017-09-23] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll => No File
Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll No File
Toolbar: HKLM-x32 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll No File
 
FireFox:
========
FF HKU\S-1-5-21-1594911143-2086658988-593811238-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Lavin\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Lavin\AppData\Roaming\IDM\idmmzcc5 [2017-10-10] [Legacy] [not signed]
FF HKU\S-1-5-21-1594911143-2086658988-593811238-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Tonec\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Tonec\idmmzcc2.xpi [2017-01-26] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-05-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-05-14] (Oracle Corporation)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1220162.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-1594911143-2086658988-593811238-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lavin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-30] (Unity Technologies ApS)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Tonec\IDMGCExt.crx [2017-10-06]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Tonec\IDMGCExt.crx [2017-10-06]
 
Opera: 
=======
OPR Extension: (Adblock Plus) - C:\Users\Lavin\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-12-09]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6979080 2017-11-29] ()
R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2017-05-08] (Apple Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [532552 2018-01-04] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8345672 2018-01-04] (GOG.com)
R2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\hidemesvc.exe [135840 2017-11-03] (eVenture Limited)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-12-05] (HP Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2016-01-17] (Intel Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [110384 2017-02-14] (Panda Security, S.L.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3758336 2015-11-29] (INCA Internet Co., Ltd.)
S3 Origin Client Service; E:\Games\Origin\OriginClientService.exe [2156864 2018-02-26] (Electronic Arts)
R2 Origin Web Helper Service; E:\Games\Origin\OriginWebHelperService.exe [3026760 2018-02-26] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2017-11-13] ()
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [47096 2017-04-26] (Panda Security, S.L.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2016-01-17] (Realtek Semiconductor)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2009-05-14] (Google Inc)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-02-07] (Disc Soft Ltd)
S3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [31464 2015-08-06] (ELAN Microelectronic Corp.)
S3 gaprotect; C:\Windows\System32\drivers\gaprotect.sys [61904 2017-11-13] ()
R3 hsCDFiDrv; C:\Windows\System32\DRIVERS\hsCDFiDrv.sys [7168 2010-07-16] ()
R3 hsCDFiDrv; C:\Windows\SysWOW64\DRIVERS\hsCDFiDrv.sys [5248 2010-07-21] ()
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2502288 2015-04-20] (MediaTek Inc.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [105984 2017-02-08] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [209168 2016-06-29] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [119880 2017-02-08] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [123664 2016-06-29] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [75032 2016-07-01] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [114448 2016-06-29] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [83824 2017-02-08] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [132880 2016-06-29] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [333584 2016-06-29] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [196600 2017-02-08] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [121104 2016-06-29] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [278432 2016-07-01] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [123152 2016-06-29] (Panda Security, S.L.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2004-12-30] (INCA Internet Co., Ltd.) [File not signed]
S3 OEM; C:\Windows\System32\DRIVERS\hs60x5usbser.sys [121976 2010-10-20] (QUALCOMM Incorporated)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [177424 2017-02-12] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [131856 2017-02-12] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205584 2017-02-20] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2017-02-12] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144656 2017-02-12] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [114960 2017-02-12] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [70360 2016-08-08] (Panda Security, S.L.)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [301784 2015-06-01] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [1210480 2014-12-24] (Ralink Technology, Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-28] (Synaptics Incorporated)
S3 dump_wmimmc; \??\E:\Games\Seal Online Private Server\Seal Online Zen Full Client v3.5\GameGuard\dump_wmimmc.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 gkernel; \??\C:\Users\Lavin\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION
S3 npkcrypt; \??\E:\Games\Ragnarok Online Indonesia\npkcrypt.sys [X]
S3 npkycryp; \??\E:\Games\Ragnarok Online Indonesia\npkycryp.sys [X]
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va064; \??\C:\Windows\SysWOW64\Drivers\X6va064 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-04 19:47 - 2018-03-04 19:51 - 000016821 _____ C:\Users\Lavin\Downloads\FRST.txt
2018-03-04 19:46 - 2018-03-04 19:47 - 000000000 ___DC C:\FRST
2018-03-04 19:40 - 2018-03-04 19:41 - 002403328 _____ (Farbar) C:\Users\Lavin\Downloads\FRST64.exe
2018-03-04 19:02 - 2016-08-08 16:00 - 000070360 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2018-03-04 18:54 - 2018-03-04 19:00 - 000000000 ___DC C:\AdwCleaner
2018-03-04 18:50 - 2018-03-04 18:51 - 008222496 _____ (Malwarebytes) C:\Users\Lavin\Downloads\AdwCleaner.exe
2018-03-04 18:39 - 2018-03-04 19:04 - 000147456 _____ C:\Users\Lavin\Documents\steamsmaster.dll.upk
2018-03-04 18:39 - 2018-03-04 19:04 - 000099328 _____ C:\Users\Lavin\Documents\cocolino.asi.upk
2018-03-04 18:39 - 2018-03-04 19:04 - 000000759 __RSH C:\Users\Lavin\Documents\mrvgamemenu.upk
2018-03-04 18:39 - 2018-03-04 19:04 - 000000263 _____ C:\Users\Lavin\Documents\rev.ini.upk
2018-03-04 18:39 - 2018-03-04 19:04 - 000000092 __RSH C:\Users\Lavin\Documents\mrv.upk
2018-03-04 18:39 - 2018-03-04 19:04 - 000000065 __RSH C:\Users\Lavin\Documents\motd_temp.html
2018-03-04 18:39 - 2018-03-04 19:04 - 000000065 __RSH C:\Users\Lavin\Documents\bin
2018-03-04 18:04 - 2018-03-04 18:12 - 000000000 __HDC C:\iTXZv2e4aTYrGBru
2018-03-04 13:58 - 2018-03-04 13:58 - 000000000 ____C C:\autoexec.bat
2018-03-04 10:46 - 2018-03-04 13:25 - 000000000 ____D C:\Users\Lavin\AppData\Roaming\Bioshock2Steam
2018-03-04 10:46 - 2018-03-04 10:46 - 000000000 ____D C:\Users\Lavin\Documents\Bioshock2
2018-03-04 10:29 - 2018-03-04 13:04 - 000000952 _____ C:\Users\Public\Desktop\BioShock 2.lnk
2018-03-04 10:29 - 2018-03-04 10:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2018-03-03 18:13 - 2018-03-03 22:37 - 000018078 __RSH C:\Users\Lavin\Documents\don.vbs
2018-03-02 11:49 - 2018-03-02 11:49 - 000000782 _____ C:\Users\Public\Desktop\The Saboteur.lnk
2018-03-01 21:33 - 2018-03-01 21:33 - 000000000 ____D C:\Users\Lavin\Documents\BioWare
2018-03-01 10:55 - 2018-03-01 10:58 - 089579672 _____ (The GIMP Team ) C:\Users\Lavin\Downloads\gimp-2.8.22-setup.exe
2018-02-28 19:58 - 2018-02-28 19:59 - 000020678 _____ C:\Users\Lavin\Downloads\Menu Kinasih.xlsx
2018-02-28 13:22 - 2018-02-28 14:07 - 000000000 ____D C:\Users\Lavin\Documents\Darkest
2018-02-28 12:35 - 2018-02-28 12:35 - 000000944 _____ C:\Users\Public\Desktop\Darkest Dungeon.lnk
2018-02-27 15:55 - 2018-02-27 15:55 - 000000000 ____D C:\Users\Lavin\Documents\Counter-Strike Online
2018-02-27 15:55 - 2018-02-27 15:55 - 000000000 ____D C:\ProgramData\Megaxus
2018-02-27 15:54 - 2018-02-27 16:28 - 000000000 ____D C:\Users\Lavin\AppData\Local\CSO
2018-02-27 03:30 - 2018-02-27 13:20 - 000000000 ____D C:\Users\Lavin\AppData\Local\Warframe
2018-02-26 15:08 - 2018-02-26 15:19 - 000000000 ____D C:\Users\Lavin\AppData\Roaming\Origin
2018-02-26 15:08 - 2018-02-26 15:08 - 000000632 _____ C:\Users\Public\Desktop\Origin.lnk
2018-02-26 15:08 - 2018-02-26 15:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2018-02-23 17:31 - 2018-02-23 17:31 - 000000708 _____ C:\Users\Public\Desktop\SKYHILL.lnk
2018-02-18 00:51 - 2018-02-18 00:52 - 000000000 ____D C:\Users\Lavin\Desktop\Video HP
2018-02-14 16:56 - 2018-02-14 16:56 - 000000000 ____D C:\Users\Lavin\AppData\Roaming\DeadMaze
2018-02-14 16:39 - 2018-02-27 02:12 - 000000000 ____D C:\Users\Lavin\AppData\Roaming\Hide.me
2018-02-14 16:39 - 2018-02-14 16:40 - 000000000 ____D C:\Program Files (x86)\hide.me VPN
2018-02-14 16:39 - 2018-02-14 16:39 - 000001025 _____ C:\Users\Public\Desktop\hide.me VPN.lnk
2018-02-14 16:39 - 2018-02-14 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hide.me VPN
2018-02-14 16:24 - 2018-02-14 16:24 - 000000000 ____D C:\Users\Lavin\.Origin
2018-02-14 16:23 - 2018-02-26 15:19 - 000000000 ____D C:\ProgramData\Origin
2018-02-14 16:23 - 2018-02-26 15:16 - 000000000 ____D C:\Users\Lavin\AppData\Local\Origin
2018-02-14 16:22 - 2018-02-14 16:23 - 007037272 _____ (eVenture Limited ) C:\Users\Lavin\Downloads\Hide.me-Setup-1.3.2.exe
2018-02-14 16:11 - 2018-02-14 16:11 - 000000202 _____ C:\Users\Lavin\Desktop\Dead Maze.url
2018-02-14 15:57 - 2018-02-14 16:00 - 065743544 _____ (Electronic Arts) C:\Users\Lavin\Downloads\OriginThinSetup.exe
2018-02-09 22:17 - 2018-02-09 22:17 - 000000000 ____D C:\Users\Lavin\Documents\Square Enix
2018-02-09 22:13 - 2018-02-09 22:13 - 000000664 _____ C:\Users\Public\Desktop\Just Cause 2.lnk
2018-02-09 22:13 - 2018-02-09 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-04 19:07 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\tracing
2018-03-04 19:02 - 2017-06-25 01:13 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-03-04 19:02 - 2009-07-14 12:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-04 18:10 - 2016-01-22 03:50 - 000000000 ____D C:\Users\Lavin\AppData\Roaming\DMCache
2018-03-04 16:42 - 2016-01-17 13:55 - 000000000 ____D C:\ProgramData\panda_url_filtering
2018-03-04 14:29 - 2017-12-25 19:22 - 000003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLavin
2018-03-04 14:29 - 2017-12-25 19:22 - 000000332 _____ C:\Windows\Tasks\HPCeeScheduleForLavin.job
2018-03-04 13:51 - 2016-01-22 03:50 - 000000000 ____D C:\Users\Lavin\AppData\Roaming\IDM
2018-03-04 13:42 - 2017-07-05 04:04 - 000000000 ____D C:\Users\Lavin\Documents\DAVAProject
2018-03-03 19:54 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\inf
2018-03-03 15:16 - 2016-01-17 13:35 - 000000000 ____D C:\Program Files (x86)\Opera
2018-03-02 18:55 - 2016-02-01 23:32 - 000000000 ____D C:\Users\Lavin\Documents\My Games
2018-03-02 18:10 - 2009-07-14 12:13 - 001011866 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-02 13:02 - 2016-03-18 12:03 - 000000000 ____D C:\Users\Lavin\AppData\Roaming\MPC-HC
2018-03-02 11:49 - 2016-02-19 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2018-03-02 11:49 - 2009-07-14 12:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-02-23 22:00 - 2016-12-16 23:30 - 000000000 ____D C:\Users\Lavin\AppData\Local\NFS Underground 2
2018-02-21 20:02 - 2018-01-24 23:59 - 000000000 ____D C:\Users\Lavin\Desktop\Tampilan Program KKP
2018-02-17 14:17 - 2016-06-08 05:43 - 000000000 ____D C:\Windows\Minidump
2018-02-17 14:10 - 2009-07-14 12:08 - 000032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-14 16:34 - 2016-01-17 14:43 - 000996176 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-02-14 16:24 - 2016-01-16 18:45 - 000000000 ____D C:\Users\Lavin
2018-02-13 20:10 - 2017-01-19 16:23 - 000000000 ____D C:\Users\Lavin\Documents\A
2018-02-09 17:26 - 2016-11-01 17:56 - 000000000 ____D C:\Users\Lavin\AppData\Local\Microsoft Help
 
==================== Files in the root of some directories =======
 
2016-09-15 17:20 - 2017-01-24 13:45 - 000006144 _____ () C:\Users\Lavin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-22 13:56 - 2017-06-21 17:35 - 000000600 _____ () C:\Users\Lavin\AppData\Local\PUTTY.RND
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-04 18:04
 
==================== End of FRST.txt ============================

Addition Log

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Lavin (04-03-2018 19:53:08)
Running from C:\Users\Lavin\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-01-16 11:45:09)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1594911143-2086658988-593811238-500 - Administrator - Disabled)
Guest (S-1-5-21-1594911143-2086658988-593811238-501 - Limited - Disabled)
Lavin (S-1-5-21-1594911143-2086658988-593811238-1000 - Administrator - Enabled) => C:\Users\Lavin
LavinCoba (S-1-5-21-1594911143-2086658988-593811238-1026 - Administrator - Enabled) => C:\Users\LavinCoba
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Panda Protection (Enabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Protection (Enabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D}
FW: Panda Firewall (Disabled) {7E957C27-E6CC-E160-34FA-E3201100269B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}) (Version: 10.1.52.14 - Adobe Systems, Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}) (Version: 10.1.52.14 - Adobe Systems, Inc.)
Adobe Flash Player 18 ActiveX & Plugins 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player + Authorware Web Player (HKLM-x32\...\Adobe Shockwave Player + Authorware Web Player) (Version: v12.2.0.162 - Adobe Systems, Inc.)
Antihero (HKLM-x32\...\1417678837_is1) (Version: 1.0.2 - GOG.com)
Antihero Book Club (HKLM-x32\...\1856206549_is1) (Version: 1.0.2 - GOG.com)
Atom (HKU\S-1-5-21-1594911143-2086658988-593811238-1000\...\atom) (Version: 1.18.0 - GitHub Inc.)
BioShock 2 (HKLM-x32\...\BioShock 2_is1) (Version:  - )
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Condition Zero (HKLM-x32\...\Condition Zero) (Version: 1.2 - Valve)
Construct 2 r244 (HKLM\...\Construct 2_is1) (Version: 1.0.244.0 - Scirra)
Counter Strike Xtreme (HKLM-x32\...\{272108B8-79E2-4CA9-9F56-A7C01B0E28BE}) (Version: 1.0.0 - Slimi)
Danger Zone! (HKLM-x32\...\Danger Zone!) (Version:  - )
Darkest Dungeon (HKLM-x32\...\1450711444_is1) (Version: 21142 - GOG.com)
Darkest Dungeon: The Crimson Court (HKLM-x32\...\1957260232_is1) (Version: 21142 - GOG.com)
Darkest Dungeon: The Shieldbreaker (HKLM-x32\...\1128594953_is1) (Version: 21142 - GOG.com)
Death Road to Canada (HKLM-x32\...\1960384075_is1) (Version: 2.0.0.1 - GOG.com)
Discord (HKU\S-1-5-21-1594911143-2086658988-593811238-1000\...\Discord) (Version: 0.0.299 - Discord Inc.)
Dont Starve Together (HKLM-x32\...\Dont Starve Together_is1) (Version:  - )
DuelystLauncher (HKU\S-1-5-21-1594911143-2086658988-593811238-1000\...\launcher) (Version: 0.0.10 - Counterplay Games Inc.)
Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.10.0.12 - GOG.com)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fallout 2 (HKLM-x32\...\GOGPACKFALLOUT2_is1) (Version: 2.0.0.10 - GOG.com)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
Git version 2.12.0 (HKLM\...\Git_is1) (Version: 2.12.0 - The Git Development Community)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Books Downloader version 2.7 (HKLM-x32\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.7 - GBOOKSDOWNLOADER.COM)
Grim Fandango Remastered (HKLM-x32\...\1207667183_is1) (Version: 1.4.0 - GOG.com)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
hide.me VPN 1.3.2 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 1.3.2 - eVenture Limited)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.8.47.1 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Internet Download Manager version 7.1 (HKLM-x32\...\{15249A89-18CC-47CC-8D4A-C08B4DA17698}_is1) (Version: 7.1 - Tonec, Inc.)
Java 8 Update 74 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Java SE Development Kit 8 Update 74 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180740}) (Version: 8.0.740.2 - Oracle Corporation)
Just Cause 2 (HKLM-x32\...\Just Cause 2_is1) (Version:  - )
Just Cause version 1.0 (HKLM-x32\...\{55CF303F-F55C-4913-B310-92BC15F22905}_is1) (Version: 1.0 - Eidos)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LEGO Racers (HKLM-x32\...\LEGO Racers) (Version:  - )
LINE (HKU\S-1-5-21-1594911143-2086658988-593811238-1000\...\LINE) (Version: 5.4.2.1560 - LINE Corporation)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Mendeley Desktop 1.17.9 (HKLM-x32\...\Mendeley Desktop) (Version: 1.17.9 - Mendeley Ltd.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}) (Version: 9.13.0725 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 49.0.2725.64 (HKLM-x32\...\Opera 49.0.2725.64) (Version: 49.0.2725.64 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.11.27975 - Electronic Arts, Inc.)
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Protection (HKLM\...\{52F9D0C3-E6CF-4553-9013-8F2E834BD0B1}) (Version: 8.91.00 - Panda Security) Hidden
Panda Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.1.0 - Panda Security)
Panda Safe Web (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.23 - Panda Security and Visicom Media Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.5 - Power Software Ltd)
Project Highrise (HKLM-x32\...\2018730457_is1) (Version: 2.6.0.10 - GOG.com)
PuTTY release 0.68 (64-bit) (HKLM\...\{DB149DDE-903A-4B5E-93C4-46BBEC48F0C2}) (Version: 0.68.0.0 - Simon Tatham)
Python 3.4.4 (HKLM-x32\...\{50F37472-CBAB-47C6-A318-4C2BAE04D8EB}) (Version: 3.4.16789 - Python Software Foundation)
Quake III Arena (HKLM-x32\...\Quake III Arena) (Version:  - )
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
RAD Video Tools (HKLM-x32\...\RADVideo) (Version:  - )
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7335 - Realtek Semiconductor Corp.)
RF Classic Indonesia versi OBT RF Classic (HKLM-x32\...\{51F312B0-BD0F-4D1A-88A5-57A370F69547}_is1) (Version: OBT RF Classic - LYTOGAME.com)
RPG Maker VX Ace (HKLM-x32\...\RPGVXAce_E_is1) (Version: 1.02 - Enterbrain)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
SAM CoDeC Pack (HKLM\...\SAM CoDeC Pack) (Version: 5.85 - www.SamLab.ws)
SKYHILL (HKLM-x32\...\1458729425_is1) (Version: 2.1.0.3 - GOG.com)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Smartfren andro E910 UI (HKLM-x32\...\{90C99F3E-56DB-4965-B524-1D0E1851E03A}) (Version:  - )
SQLyog Community 12.2 (64 bit) (HKLM\...\SQLyogCommunity64) (Version: 12.2 (64 bit) - Webyog Inc.)
STAR WARS® - Galactic Battlegrounds Saga (HKLM-x32\...\1421404646_is1) (Version: 2.0.0.4 - GOG.com)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Stardew Valley (HKLM-x32\...\1453375253_is1) (Version: 2.6.0.8 - GOG.com)
StarUML 5.0.2.1570 (HKLM-x32\...\StarUML_is1) (Version:  - Plastic Software, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stencyl (HKLM-x32\...\Stencyl) (Version: /root/.jenkins/jobs/Stencyl-Windows/workspace/build - Stencyl, LLC)
Sublime Text Build 3143 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Test Drive 6 (HKLM-x32\...\Test Drive 6) (Version:  - Infogrames)
The Saboteur (HKLM-x32\...\1403000599_is1) (Version: 2.1.0.4 - GOG.com)
Tooth and Tail (HKLM-x32\...\1620157881_is1) (Version: v1.0.0 - GOG.com)
Unity Web Player (HKU\S-1-5-21-1594911143-2086658988-593811238-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 43.1 - Ubisoft)
Vertical Drop Heroes HD (HKLM-x32\...\1207664413_is1) (Version: 2.5.0.5 - GOG.com)
Visual CSharp Step By Step (HKLM-x32\...\{A4E938DA-E43A-4D65-9BCE-B2DD9799BAA0}) (Version: 2.00.10 - Microsoft Press)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.30319 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Vivaldi (HKU\S-1-5-21-1594911143-2086658988-593811238-1000\...\Vivaldi) (Version: 1.11.917.43 - Vivaldi)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-1594911143-2086658988-593811238-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Hisense Corporation hsCDFiDrv CDROM  (10/19/2011 1.02.00) (HKLM\...\ABA987687DC80079B708925CFD232464C68C76C1) (Version: 10/19/2011 1.02.00 - Hisense Corporation)
Windward (HKLM-x32\...\1434370838_is1) (Version: 2.35.0.38 - GOG.com)
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
Wolfenstein (HKLM-x32\...\Wolfenstein_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
World in Conflict (HKLM-x32\...\Uplay Install 90) (Version:  - Ubisoft)
YACReader 8.5.0 (HKLM-x32\...\YACReader_is1) (Version:  - )
Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY (HKLM-x32\...\{3571656A-575D-4CED-809D-5547587121FF}) (Version: 1.00.0000 - KONAMI)
ZD Soft Screen Recorder 11.1.4 (HKLM-x32\...\{8F04467D-C83E-460D-B2C2-1D757640BC19}) (Version: 11.1.4.0 - ZD Soft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1594911143-2086658988-593811238-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Lavin\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Lavin\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Lavin\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-18] ()
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Tonec\IDMShellExt64.dll [2017-06-23] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Lavin\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Lavin\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Lavin\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-18] ()
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-29] ()
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2015-08-31] (Foxit Software Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Lavin\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-18] ()
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-02-10] (Power Software Ltd)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-01-17] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-01-17] (Alexander Roshal)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Lavin\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-18] ()
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Lavin\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-18] ()
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-02-10] (Power Software Ltd)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-01-17] (Intel Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-02-10] (Power Software Ltd)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-01-17] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-01-17] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {10A1C7F1-8766-4F5A-AE15-B4D306416CC6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {15D83516-A913-47D9-BC7C-51DBA693F264} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1594911143-2086658988-593811238-1000 => C:\Users\Lavin\AppData\Local\MEGAsync\MEGAupdater.exe [2018-01-21] (Mega Limited)
Task: {1EE29382-B9DC-43FA-9BDC-69ED25994ED6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {20E80852-D5F8-4175-8343-291FED65093D} - System32\Tasks\AdobeAAMUpdater-1.0-Lavin-PC-Lavin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {38E37B8C-EB26-49F8-A89D-85FB3D00CB17} - System32\Tasks\Opera scheduled Autoupdate 1453012566 => C:\Program Files (x86)\Opera\launcher.exe [2017-12-18] (Opera Software)
Task: {4B9CF201-A3CA-4B3F-8FBA-FFBC0C52F8CC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-01-30] (HP Inc.)
Task: {5CE20B0A-EA20-49A3-B9B9-02C080FF24FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {6296530A-5BE5-48B0-B12D-10159DF3D9BA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-20] ()
Task: {84697162-9517-4914-8400-9D2681AC14E7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-04] (Piriform Ltd)
Task: {8F44B5D9-58B4-468F-8108-83FA350FF7E2} - System32\Tasks\HPCeeScheduleForLavin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {BCE00125-821A-4E4C-ACF9-4AB6A3533912} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {DEE9FBB4-148A-4B4F-AD29-A8502D4D0928} - System32\Tasks\{FB4B3523-0ACF-47DB-92DD-0DCF9CF04BB3} => c:\program files (x86)\opera\launcher.exe [2017-12-18] (Opera Software)
Task: {DFE4AA45-4D16-4844-BB39-C51CE08D7A68} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_170_pepper.exe [2017-10-22] (Adobe Systems Incorporated)
Task: {E582051E-075D-4F13-8479-20502CCF3794} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\HPCeeScheduleForLavin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-01-25 18:11 - 2017-11-13 20:17 - 000066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-11-01 02:45 - 2017-11-18 21:15 - 000598528 _____ () C:\Users\Lavin\AppData\Local\MEGAsync\ShellExtX64.dll
2016-01-20 20:03 - 2012-01-20 14:55 - 000678400 ____C () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2016-11-01 02:43 - 2017-11-18 21:15 - 000570368 _____ () C:\Users\Lavin\AppData\Local\MEGAsync\ShellExtX32.dll
2015-12-16 00:17 - 2015-12-16 00:17 - 000618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2018-03-03 21:30 - 2018-03-04 19:04 - 039963626 ____C () C:\AppPatch\PCAT\ati.EXE
2018-03-04 19:53 - 2016-03-04 15:12 - 000019968 _____ () C:\Users\Lavin\AppData\Local\Temp\RarSFX0\ati.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Lavin:Heroes & Generals [38]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-12-27 03:03 - 2018-03-01 06:56 - 000000066 ____N C:\Windows\system32\Drivers\etc\hosts
 
101.255.107.29 nprotect.sealonline.com.my 
127.0.0.1 epasti.local
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1594911143-2086658988-593811238-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 202.73.99.2 - 61.247.0.133
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Discord => C:\Users\Lavin\AppData\Local\Discord\app-0.0.298\Discord.exe
MSCONFIG\startupreg: GalaxyClient => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Tonec\IDMan.exe /onboot
MSCONFIG\startupreg: Spino => E:\Games\Danger Zone\Danger Zone\DINO3.EXE
MSCONFIG\startupreg: Steam => "E:\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{65C6B118-A167-4793-918C-FF0B174ED188}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E5A69D27-CD2F-49D8-A5EF-58923C635BB7}] => (Allow) LPort=8370
FirewallRules: [{CFB3F70C-CB0B-4441-A944-928A4A438BD6}] => (Allow) LPort=8370
FirewallRules: [{9C3F4B4D-B8ED-4BEA-9EA9-0F8E3D4A0605}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{2520BF10-49DC-4C4B-B96D-E1F33FD11ED1}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{9BCBC89A-2620-453E-B4D8-4002F070A048}] => (Allow) LPort=6947
FirewallRules: [{D49ED564-95FD-4093-AF0D-53AC8ACEA1BD}] => (Allow) LPort=6947
FirewallRules: [{21201913-31E9-465E-AC38-50718C8F61BA}] => (Allow) LPort=6994
FirewallRules: [{A69B0B32-CAAB-409E-A1C2-D1361BEBB18A}] => (Allow) LPort=6994
FirewallRules: [{F6E5900D-174B-4D2C-93C2-1BE9F2400725}] => (Allow) LPort=6997
FirewallRules: [{57C2E37A-69E8-4EFA-892D-D08F28BA2E41}] => (Allow) LPort=6997
FirewallRules: [{2B3A52F8-A3F4-4BD1-9F77-9C4C4A2848EC}] => (Allow) LPort=6909
FirewallRules: [{D7F73860-AD82-42B9-A40E-61B3E505B794}] => (Allow) LPort=6909
FirewallRules: [{A8D9CDE2-9F49-4CFF-9D71-0EE44CBB3B12}] => (Allow) LPort=6930
FirewallRules: [{C5D5EA2A-87CE-4F4C-9DEC-9D9850A87411}] => (Allow) LPort=6930
FirewallRules: [TCP Query User{BD458531-38C1-461A-82DE-73492D1B2CA9}E:\games\cscz\condition zero\hl.exe] => (Block) E:\games\cscz\condition zero\hl.exe
FirewallRules: [UDP Query User{A08748ED-1C41-4972-8C44-F780E040D764}E:\games\cscz\condition zero\hl.exe] => (Block) E:\games\cscz\condition zero\hl.exe
FirewallRules: [TCP Query User{CACACCD4-94B8-4DBA-B5D0-33B954300BFE}E:\games\warcraft iii\war3.exe] => (Block) E:\games\warcraft iii\war3.exe
FirewallRules: [UDP Query User{3D3E0C0F-B4DB-44BA-BC76-BF164141C5AF}E:\games\warcraft iii\war3.exe] => (Block) E:\games\warcraft iii\war3.exe
FirewallRules: [TCP Query User{E16BCD51-DF80-4FC5-AEF3-5448193CF878}E:\games\nfs most wanted\nfs mostwanted(pakgameszone.blogspot.com)\need for speed most wanted\speed.exe] => (Block) E:\games\nfs most wanted\nfs mostwanted(pakgameszone.blogspot.com)\need for speed most wanted\speed.exe
FirewallRules: [UDP Query User{0FE0FB15-7A97-4243-B834-09E0126F1717}E:\games\nfs most wanted\nfs mostwanted(pakgameszone.blogspot.com)\need for speed most wanted\speed.exe] => (Block) E:\games\nfs most wanted\nfs mostwanted(pakgameszone.blogspot.com)\need for speed most wanted\speed.exe
FirewallRules: [TCP Query User{D5209568-98D5-4F13-8876-BB2AAB34BA13}E:\program files (x86)\ea games\battlefield 2\bf2.exe] => (Allow) E:\program files (x86)\ea games\battlefield 2\bf2.exe
FirewallRules: [UDP Query User{8E7DA543-9D85-4AEB-A68E-0A2B1CDBB4F8}E:\program files (x86)\ea games\battlefield 2\bf2.exe] => (Allow) E:\program files (x86)\ea games\battlefield 2\bf2.exe
FirewallRules: [TCP Query User{B9D3ABF0-83F0-4CE4-B046-67F7C14DCC79}E:\games\counter-strike-1.6-full-zm-with-bots\hl.exe] => (Allow) E:\games\counter-strike-1.6-full-zm-with-bots\hl.exe
FirewallRules: [UDP Query User{49EBBEA1-B5C5-4DAF-9813-8996DE0EB66C}E:\games\counter-strike-1.6-full-zm-with-bots\hl.exe] => (Allow) E:\games\counter-strike-1.6-full-zm-with-bots\hl.exe
FirewallRules: [TCP Query User{51FCC371-01DD-4F65-AA19-96BFDEA5A9D4}E:\games\counter strike global offensive\counter-strike global offensive\csgo.exe] => (Block) E:\games\counter strike global offensive\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{A3E1CE83-39F0-4B8F-B11B-A566924E852D}E:\games\counter strike global offensive\counter-strike global offensive\csgo.exe] => (Block) E:\games\counter strike global offensive\counter-strike global offensive\csgo.exe
FirewallRules: [TCP Query User{BA972584-300C-485E-BC99-3EEB9697294E}C:\program files\java\jdk1.8.0_74\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_74\bin\java.exe
FirewallRules: [UDP Query User{706C2EB3-02DE-4976-93E7-AF5C67FDAD6B}C:\program files\java\jdk1.8.0_74\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_74\bin\java.exe
FirewallRules: [TCP Query User{FD9F9F1A-784D-4285-A94F-C9548691385F}E:\gog games\mount and blade - with fire and sword\mb_wfas.exe] => (Allow) E:\gog games\mount and blade - with fire and sword\mb_wfas.exe
FirewallRules: [UDP Query User{62155103-957A-4A0A-8765-FF8E157A3090}E:\gog games\mount and blade - with fire and sword\mb_wfas.exe] => (Allow) E:\gog games\mount and blade - with fire and sword\mb_wfas.exe
FirewallRules: [TCP Query User{E8D6059E-8C70-429A-B91E-F13A6FCF1C48}E:\games\counter-strike\hl.exe] => (Allow) E:\games\counter-strike\hl.exe
FirewallRules: [UDP Query User{C8CC8DC6-520F-45EA-BBDA-BF09ECA0DA4A}E:\games\counter-strike\hl.exe] => (Allow) E:\games\counter-strike\hl.exe
FirewallRules: [TCP Query User{5E86E4F7-5528-4F73-89EA-DB1E6E9C369C}E:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe] => (Allow) E:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe
FirewallRules: [UDP Query User{26BE8277-6205-4762-A821-3385B915BD7D}E:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe] => (Allow) E:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe
FirewallRules: [TCP Query User{8DB92AE4-C5C3-456C-AA6F-E3F4B7A229E3}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{A9B9DC30-66A1-4285-A1E9-0E9E3CF68DE0}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{93A3E11F-F178-4897-BEF4-31028D19A0D1}E:\games\quake\quake3.exe] => (Allow) E:\games\quake\quake3.exe
FirewallRules: [UDP Query User{ED157FD0-253E-4949-B6F1-C1A8A06EB91C}E:\games\quake\quake3.exe] => (Allow) E:\games\quake\quake3.exe
FirewallRules: [TCP Query User{51DA8F92-E2D4-46F3-BE0E-0E5CD375B513}E:\games\midnight club 2\midnight club 2(pakgameszone.blogspot.com)\mc2.exe] => (Allow) E:\games\midnight club 2\midnight club 2(pakgameszone.blogspot.com)\mc2.exe
FirewallRules: [UDP Query User{64288494-E9AE-4836-8E27-DCE16E28CCB9}E:\games\midnight club 2\midnight club 2(pakgameszone.blogspot.com)\mc2.exe] => (Allow) E:\games\midnight club 2\midnight club 2(pakgameszone.blogspot.com)\mc2.exe
FirewallRules: [TCP Query User{5AC34E30-86CD-49D1-B839-E12A29481EA5}E:\games\vertical drop heroes hd\vertical drop heroes hd.exe] => (Allow) E:\games\vertical drop heroes hd\vertical drop heroes hd.exe
FirewallRules: [UDP Query User{C3A3BAE5-6E5B-4433-8429-AF7047DDCBB2}E:\games\vertical drop heroes hd\vertical drop heroes hd.exe] => (Allow) E:\games\vertical drop heroes hd\vertical drop heroes hd.exe
FirewallRules: [{4EA352AB-68E2-4E73-B6E1-AE8A51720F31}] => (Allow) E:\Games\Dont Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{9AEBA047-95C9-4044-81CA-A516366DC04C}] => (Allow) E:\Games\Dont Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{4402BD17-98C2-4A16-BDC7-F35A4F5CDA72}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CAC1502D-9A1E-4C18-AF40-1742AD1844CF}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{F2134DEB-2A0D-4A0F-8F6C-8A680E01F963}E:\games\re-volt (remote controlled car-racing, 1999)(fullypcgames.blogspot.com)\revolt.exe] => (Allow) E:\games\re-volt (remote controlled car-racing, 1999)(fullypcgames.blogspot.com)\revolt.exe
FirewallRules: [UDP Query User{B0BCC59A-BBD7-4CCE-865A-65323BE90498}E:\games\re-volt (remote controlled car-racing, 1999)(fullypcgames.blogspot.com)\revolt.exe] => (Allow) E:\games\re-volt (remote controlled car-racing, 1999)(fullypcgames.blogspot.com)\revolt.exe
FirewallRules: [{081E104B-2E2A-4F59-B57C-F2800B9051FF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CB2199DB-9F70-4CD0-9839-9D6F35584634}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5F121F3E-B114-4339-8B17-91F5CFF4839B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{99AB8BB1-E955-41B7-ABDB-014CB5243EB4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{14AFC718-BD1E-4E84-AD96-3466C49B0318}E:\games\counter-strike\hlds.exe] => (Allow) E:\games\counter-strike\hlds.exe
FirewallRules: [UDP Query User{C922D9FA-9CF3-4712-9DED-BA5277E51AE7}E:\games\counter-strike\hlds.exe] => (Allow) E:\games\counter-strike\hlds.exe
FirewallRules: [TCP Query User{63E9C499-23F0-4ECD-A487-29157B97FA9D}E:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) E:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{89BBF109-45AB-4E34-9950-BD0A81C3D4CC}E:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) E:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{7B91ECD2-5876-4A84-AA33-F95AE3B9DD65}] => (Allow) E:\Steam\steamapps\common\World of Tanks Blitz\wotblitz.exe
FirewallRules: [{E6A11C23-35DE-4889-BB6A-9EC2E1EC8837}] => (Allow) E:\Steam\steamapps\common\World of Tanks Blitz\wotblitz.exe
FirewallRules: [{5F8321CD-50C1-46C3-823D-219FD042EF76}] => (Allow) E:\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{D79D442D-A408-4DAA-85E5-2E1DC63576D9}] => (Allow) E:\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{B26070DA-CD58-475F-95F4-61C06A9DD154}] => (Allow) C:\Users\Lavin\AppData\Local\Vivaldi\Application\vivaldi.exe
FirewallRules: [TCP Query User{76941E9B-C44A-4889-895C-F16ECD467C2E}E:\game engine\unity\editor\unity.exe] => (Allow) E:\game engine\unity\editor\unity.exe
FirewallRules: [UDP Query User{DCAB08F7-D0EE-428C-8316-7565CAB20A9C}E:\game engine\unity\editor\unity.exe] => (Allow) E:\game engine\unity\editor\unity.exe
FirewallRules: [TCP Query User{FD316F44-B3F2-4E46-8116-18C7D8552EBC}E:\game engine\unity\monodevelop\bin\monodevelop.exe] => (Allow) E:\game engine\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{C375F22A-41F4-4F1F-A587-1E440136D3DC}E:\game engine\unity\monodevelop\bin\monodevelop.exe] => (Allow) E:\game engine\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{898D0F8E-6333-4AFC-BD5A-2C15BEABFC57}E:\game engine\unity\editor\unity.exe] => (Allow) E:\game engine\unity\editor\unity.exe
FirewallRules: [UDP Query User{A1F171B7-A351-4821-A0D4-DF847D83D7AE}E:\game engine\unity\editor\unity.exe] => (Allow) E:\game engine\unity\editor\unity.exe
FirewallRules: [{D54FB4F0-9578-45F3-9E58-C322FDC25CCA}] => (Allow) E:\Program Files (x86)\Command and Conquer 3 Tiberium Wars Complete Collection\Command and Conquer 3\RetailExe\1.9\cnc3game.dat
FirewallRules: [{5E7E7E40-9C44-434D-92F0-7916495F6E28}] => (Allow) E:\Steam\steamapps\common\Crazy Taxi\AppLauncher.exe
FirewallRules: [{981ADF1A-B7C6-4248-869F-9BC2320306E3}] => (Allow) E:\Steam\steamapps\common\Crazy Taxi\AppLauncher.exe
FirewallRules: [TCP Query User{9831ABFB-E57E-414E-9D34-09594F971553}E:\games\cscz\condition zero\condition zero\hl.exe] => (Allow) E:\games\cscz\condition zero\condition zero\hl.exe
FirewallRules: [UDP Query User{26ED8A97-1ED9-42DE-AD0F-04FBC94F63C4}E:\games\cscz\condition zero\condition zero\hl.exe] => (Allow) E:\games\cscz\condition zero\condition zero\hl.exe
FirewallRules: [TCP Query User{44FE07EB-89E6-414C-97A4-E1972656258D}E:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) E:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{07CD5B98-5AA3-45E8-817D-ADBF90C0313D}E:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) E:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{C8D2D085-FC2D-4DC3-A85E-EF6E34217AE1}C:\users\lavin\downloads\programs\lolidinstaller.exe] => (Allow) C:\users\lavin\downloads\programs\lolidinstaller.exe
FirewallRules: [UDP Query User{942F4C67-389A-46AF-8748-416BBFE028A9}C:\users\lavin\downloads\programs\lolidinstaller.exe] => (Allow) C:\users\lavin\downloads\programs\lolidinstaller.exe
FirewallRules: [TCP Query User{24E4117C-78D7-4B9B-BE02-82256D69021D}C:\garenadownload\games\ava\avainstaller.exe] => (Allow) C:\garenadownload\games\ava\avainstaller.exe
FirewallRules: [UDP Query User{41E5EE18-F4CE-4FE6-AB72-01F6257080C3}C:\garenadownload\games\ava\avainstaller.exe] => (Allow) C:\garenadownload\games\ava\avainstaller.exe
FirewallRules: [TCP Query User{DFD990CD-8943-424E-BE1A-9D15DEBA7BB5}C:\garenadownload\games\pbid\pbidinstaller.exe] => (Allow) C:\garenadownload\games\pbid\pbidinstaller.exe
FirewallRules: [UDP Query User{C15311BE-9FAF-4E83-812B-3E5483260BE1}C:\garenadownload\games\pbid\pbidinstaller.exe] => (Allow) C:\garenadownload\games\pbid\pbidinstaller.exe
FirewallRules: [TCP Query User{FBBD6665-5847-4F5D-8EF5-D2A4C8D4CD71}E:\games\starcraft ii\versions\base59587\sc2_x64.exe] => (Allow) E:\games\starcraft ii\versions\base59587\sc2_x64.exe
FirewallRules: [UDP Query User{142AA500-FAD2-4345-B77E-BD589822B842}E:\games\starcraft ii\versions\base59587\sc2_x64.exe] => (Allow) E:\games\starcraft ii\versions\base59587\sc2_x64.exe
FirewallRules: [TCP Query User{71BEF17B-A098-4B11-880B-56D2D6558027}E:\games\star wars - galactic battlegrounds\game\battlegrounds_x1.exe] => (Allow) E:\games\star wars - galactic battlegrounds\game\battlegrounds_x1.exe
FirewallRules: [UDP Query User{D0C58D5F-D08A-49A2-A943-C4F1F4E81ED4}E:\games\star wars - galactic battlegrounds\game\battlegrounds_x1.exe] => (Allow) E:\games\star wars - galactic battlegrounds\game\battlegrounds_x1.exe
FirewallRules: [TCP Query User{05B4A359-701A-4F9D-8DCB-D7FF8BBDE3D3}E:\games\star wars - galactic battlegrounds\game\battlegrounds_x1.exe] => (Allow) E:\games\star wars - galactic battlegrounds\game\battlegrounds_x1.exe
FirewallRules: [UDP Query User{96067A4B-0E85-4D57-BBC0-A992C4035A53}E:\games\star wars - galactic battlegrounds\game\battlegrounds_x1.exe] => (Allow) E:\games\star wars - galactic battlegrounds\game\battlegrounds_x1.exe
FirewallRules: [{FF07A17E-C1BA-43D2-B222-6B6D67B6B8BB}] => (Allow) E:\Steam\steamapps\common\CS2D\CS2D.exe
FirewallRules: [{D9D0C88B-4DA3-492E-B4B1-3C3D4C45F5C4}] => (Allow) E:\Steam\steamapps\common\CS2D\CS2D.exe
FirewallRules: [{3E23B081-A455-4BBB-A536-96EE2EA4670A}] => (Allow) C:\Program Files (x86)\Opera\49.0.2725.47\opera.exe
FirewallRules: [{C2BCBFB8-59B3-48F8-BF43-7807A5FD402F}] => (Allow) E:\Games\BlackShoot SEA\BlackShot_SEA\BlackShot\System\BlackShot.exe
FirewallRules: [{0A797065-423D-4320-97A5-33A22B4993A1}] => (Allow) E:\Games\BlackShoot SEA\BlackShot_SEA\BlackShot\System\BlackShot.exe
FirewallRules: [{C00902BF-EC40-4CEC-A1B6-3318ABA1ABDE}] => (Allow) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
FirewallRules: [{F2E348F6-5950-4D3D-9ED4-681A91DBA3AB}] => (Allow) E:\Games\Ubisoft Game Launcher\games\World in Conflict\wic.exe
FirewallRules: [{DAA61998-B19D-4A40-BBA1-CBD60E8C0110}] => (Allow) E:\Games\Ubisoft Game Launcher\games\World in Conflict\wic.exe
FirewallRules: [{0339B63B-FB38-4945-BFB6-19EEC7F1A4B6}] => (Allow) E:\Games\Ubisoft Game Launcher\games\World in Conflict\wic_online.exe
FirewallRules: [{8C3ED2FC-3D6D-4A90-9655-20128A972239}] => (Allow) E:\Games\Ubisoft Game Launcher\games\World in Conflict\wic_online.exe
FirewallRules: [{2B288F7B-A0A9-42E5-ADD7-A3E5E91FBB9D}] => (Allow) E:\Games\Ubisoft Game Launcher\games\World in Conflict\wic_ds.exe
FirewallRules: [{7C85E66B-A409-4435-B992-C7EBA9640ED3}] => (Allow) E:\Games\Ubisoft Game Launcher\games\World in Conflict\wic_ds.exe
FirewallRules: [{C8B26046-ECA1-485E-B8E1-F675A38EBE24}] => (Allow) C:\MicroVolts Package\MicroVolts Downloader.exe
FirewallRules: [{1F69691D-B7A1-499E-BE2B-1B65371C576F}] => (Allow) C:\MicroVolts Package\MicroVolts Downloader.exe
FirewallRules: [{0199E4DB-5379-4A67-ABC7-48479447DE77}] => (Allow) E:\Steam\steamapps\common\Dead Maze\DeadMaze.exe
FirewallRules: [{0D1F2205-EEE1-4DC6-BC02-7E56F4857FCE}] => (Allow) E:\Steam\steamapps\common\Dead Maze\DeadMaze.exe
FirewallRules: [{591A4CA8-F169-44C4-8368-0B0EFF35A21A}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{A2FD4C06-47D5-4E7C-92A9-2EF294D18541}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F9099677-7319-4EFA-B9B0-03546FF1CCCD}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{1E316534-E70A-4A12-9E08-7063A249CC3F}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F104061F-A94B-4110-AE97-685D09478798}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{7472EDBF-C0C1-43D9-95C0-BE7DBAD4F210}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{2A7D3814-D4B7-4F9B-BFC6-9E3813A3CC65}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{415D9BC8-0997-4809-B025-8C9BC5E2BC26}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{5B829081-8CB2-4BF5-A249-C917663E8DF6}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{F11811AD-B52D-428A-8BFA-3CA335172E6D}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{75DB2029-8517-4E34-BA55-D4E597507D37}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{A74726EA-31B8-4B88-80E3-25DC507332ED}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{739C14EC-766F-4E4C-BE2D-E15203DF304D}] => (Allow) E:\Games\Counter-Strike Online\Bin\cstrike-online.exe
FirewallRules: [{54E2757E-DF32-4AAC-AC84-B523D4BA62DC}] => (Allow) E:\Games\Counter-Strike Online\Bin\cstrike-online.exe
FirewallRules: [{810331DF-A6FB-4DA6-A6B7-4FE0A8B1BB04}] => (Allow) E:\Games\Counter-Strike Online\Bin\NMService.exe
FirewallRules: [{EA5BFBDA-CD66-42D9-BF5E-E557473F150D}] => (Allow) E:\Games\Counter-Strike Online\Bin\NMService.exe
FirewallRules: [{41ABB26D-7C0B-453A-B07B-AB67DFF2AD4F}] => (Allow) E:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{02F62CD2-53FD-44F6-923A-C50E5463D934}] => (Allow) E:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{E4AA2FAE-5013-4EE0-93E1-CF725E71895C}] => (Allow) E:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{52FC348F-0B51-4B42-98B3-65BEDE190A79}] => (Allow) E:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [TCP Query User{6A6440C2-F6AB-4A1E-9E5D-3D002A9B3F27}E:\games\counter-strike-1.6-full-zm-with-bots\hl.exe] => (Allow) E:\games\counter-strike-1.6-full-zm-with-bots\hl.exe
FirewallRules: [UDP Query User{5864E762-0DB4-4DD0-B3B5-DA537F68A228}E:\games\counter-strike-1.6-full-zm-with-bots\hl.exe] => (Allow) E:\games\counter-strike-1.6-full-zm-with-bots\hl.exe
FirewallRules: [TCP Query User{4AE25FF3-7E42-4BE9-9866-28CFDC6466DF}E:\games\counter-strike\hl.exe] => (Allow) E:\games\counter-strike\hl.exe
FirewallRules: [UDP Query User{B58A8B93-6039-4A2C-8BE6-FF31EFD224EC}E:\games\counter-strike\hl.exe] => (Allow) E:\games\counter-strike\hl.exe
FirewallRules: [TCP Query User{55DF692A-5766-43E2-B316-A34E136A182C}C:\users\lavin\appdata\local\temp\rarsfx0\hlds.exe] => (Block) C:\users\lavin\appdata\local\temp\rarsfx0\hlds.exe
FirewallRules: [UDP Query User{34892E74-8523-4707-BC51-0DD9BA16488A}C:\users\lavin\appdata\local\temp\rarsfx0\hlds.exe] => (Block) C:\users\lavin\appdata\local\temp\rarsfx0\hlds.exe
 
==================== Restore Points =========================
 
27-02-2018 03:31:43 Installed DirectX
04-03-2018 13:49:24 Removed Counter Strike Xtreme
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Ralink_RT3290_Bluetooth_01
Description: Ralink_RT3290_Bluetooth_01
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Encryption/Decryption Controller
Description: PCI Encryption/Decryption Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/04/2018 07:10:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSANHost.exe, version: 4.0.2.0, time stamp: 0x58a00964
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x8b72ce21
Faulting process id: 0x804
Faulting application start time: 0x01d3b3b0a3a143a4
Faulting application path: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
Faulting module path: unknown
Report Id: 0e81319c-1fa5-11e8-881b-3464a9bfb809
 
Error: (03/04/2018 07:02:41 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.
 
Error: (03/04/2018 07:02:41 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x80070422
 
Error: (03/04/2018 06:50:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SpyHunter4.exe version 4.25.6.4782 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 68c
 
Start Time: 01d3b3ad1b868bc3
 
Termination Time: 1655
 
Application Path: C:\Users\Lavin\Downloads\Programs\[www.gigapurbalingga.com]_SpyHv42564782x86P\App\SpyHunter\SpyHunter4.exe
 
Report Id: 386dc34d-1fa2-11e8-92a9-3464a9bfb809
 
Error: (03/04/2018 06:36:59 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.
 
Error: (03/04/2018 06:36:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x80070422
 
Error: (03/04/2018 06:10:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSANHost.exe, version: 4.0.2.0, time stamp: 0x58a00964
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xe85018c0
Faulting process id: 0x15dc
Faulting application start time: 0x01d3b3a160bf1202
Faulting application path: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
Faulting module path: unknown
Report Id: ac054711-1f9c-11e8-8068-3464a9bfb809
 
Error: (03/04/2018 05:10:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSANHost.exe, version: 4.0.2.0, time stamp: 0x58a00964
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x804
Faulting application start time: 0x01d3b39d2b7cead7
Faulting application path: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
Faulting module path: unknown
Report Id: 4b62dc93-1f94-11e8-8068-3464a9bfb809
 
 
System errors:
=============
Error: (03/04/2018 07:12:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Protection Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (03/04/2018 07:04:22 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (03/04/2018 07:00:35 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (03/04/2018 07:00:34 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (03/04/2018 06:59:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Protection Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (03/04/2018 06:58:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Origin Web Helper Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/04/2018 06:58:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® HD Graphics Control Panel Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/04/2018 06:58:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Andrea RT Filters Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Windows Defender:
===================================
Date: 2016-03-13 22:19:25.138
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:Worm:Win32/Dorkbot
ID:160471
Severity:Severe
Category:Worm
Path Found:file:C:\Users\Lavin\AppData\Local\Temp\SCMHx\ndAAzmu.exe
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:
 
Date: 2016-03-13 21:22:26.123
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:Worm:Win32/Dorkbot
ID:160471
Severity:Severe
Category:Worm
Path Found:file:C:\Users\Lavin\AppData\Local\Temp\SCMHx\ndAAzmu.exe;process:pid:3596;process:pid:4124;process:pid:5032;process:pid:5356;process:pid:5608;process:pid:5704
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
 
Date: 2016-03-13 21:22:24.073
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:Worm:Win32/Dorkbot
ID:160471
Severity:Severe
Category:Worm
Path Found:file:C:\Users\Lavin\AppData\Local\Temp\SCMHx\ndAAzmu.exe;process:pid:3596;process:pid:5032;process:pid:5356;process:pid:5608;process:pid:5704
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
 
Date: 2016-03-13 21:21:48.442
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:Worm:Win32/Dorkbot
ID:160471
Severity:Severe
Category:Worm
Path Found:file:C:\Users\Lavin\AppData\Local\Temp\SCMHx\ndAAzmu.exe;process:pid:5032;process:pid:5356;process:pid:5608;process:pid:5704
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
 
Date: 2016-03-13 21:21:45.989
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:Worm:Win32/Dorkbot
ID:160471
Severity:Severe
Category:Worm
Path Found:file:C:\Users\Lavin\AppData\Local\Temp\SCMHx\ndAAzmu.exe;process:pid:5032;process:pid:5356;process:pid:5608
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
 
CodeIntegrity:
===================================
 
Date: 2018-03-04 03:39:21.987
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-03-04 03:39:21.987
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-03-04 03:39:21.987
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-03-04 03:39:21.971
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-03-04 03:39:21.971
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-03-04 03:39:21.955
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-03-04 03:39:21.940
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\NNStlsc\NNStlsc.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-03-04 03:39:21.924
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\NNStlsc\NNStlsc.sys because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
Percentage of memory in use: 67%
Total physical RAM: 1941.86 MB
Available physical RAM: 627.64 MB
Total Virtual: 7632.47 MB
Available Virtual: 6073.91 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:60.06 GB) (Free:2.9 GB) NTFS
Drive d: () (Fixed) (Total:7.78 GB) (Free:1.12 GB) FAT32
Drive e: () (Fixed) (Total:390.01 GB) (Free:45.92 GB) NTFS
 
\\?\Volume{74c3d344-f716-11e5-b165-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 397A8933)
Partition 1: (Not Active) - (Size=7.8 GB) - (Type=0B)
Partition 2: (Not Active) - (Size=390 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=60.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,508 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:40 AM

Posted 04 March 2018 - 11:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1594911143-2086658988-593811238-1000\...\Run: [valveauto] => C:\Users\Lavin\Documents\don.vbs [18078 2018-03-03] ()
GroupPolicyScripts: Restriction <==== ATTENTION
URLSearchHook: HKU\S-1-5-21-1594911143-2086658988-593811238-1000 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll No File
URLSearchHook: HKU\S-1-5-21-1594911143-2086658988-593811238-1000 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll No File
BHO: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll => No File
BHO-x32: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll => No File
Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll No File
Toolbar: HKLM-x32 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll No File
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1220162.dll [No File]
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
S3 dump_wmimmc; \??\E:\Games\Seal Online Private Server\Seal Online Zen Full Client v3.5\GameGuard\dump_wmimmc.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 gkernel; \??\C:\Users\Lavin\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION
S3 npkcrypt; \??\E:\Games\Ragnarok Online Indonesia\npkcrypt.sys [X]
S3 npkycryp; \??\E:\Games\Ragnarok Online Indonesia\npkycryp.sys [X]
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va064; \??\C:\Windows\SysWOW64\Drivers\X6va064 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} =>  -> No File
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File[/B]

C:\Users\Lavin\Documents\don.vbs

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 74 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Java SE Development Kit 8 Update 74 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180740}) (Version: 8.0.740.2 - Oracle Corporation)
===

Please post the log and let me know what problem persists.

#4 lidner2

lidner2
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 05 March 2018 - 03:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1594911143-2086658988-593811238-1000\...\Run: [valveauto] => C:\Users\Lavin\Documents\don.vbs [18078 2018-03-03] ()
GroupPolicyScripts: Restriction <==== ATTENTION
URLSearchHook: HKU\S-1-5-21-1594911143-2086658988-593811238-1000 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll No File
URLSearchHook: HKU\S-1-5-21-1594911143-2086658988-593811238-1000 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll No File
BHO: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll => No File
BHO-x32: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll => No File
Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll No File
Toolbar: HKLM-x32 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll No File
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1220162.dll [No File]
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
S3 dump_wmimmc; \??\E:\Games\Seal Online Private Server\Seal Online Zen Full Client v3.5\GameGuard\dump_wmimmc.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 gkernel; \??\C:\Users\Lavin\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION
S3 npkcrypt; \??\E:\Games\Ragnarok Online Indonesia\npkcrypt.sys [X]
S3 npkycryp; \??\E:\Games\Ragnarok Online Indonesia\npkycryp.sys [X]
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va064; \??\C:\Windows\SysWOW64\Drivers\X6va064 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} =>  -> No File
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File[/B]

C:\Users\Lavin\Documents\don.vbs

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 74 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Java SE Development Kit 8 Update 74 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180740}) (Version: 8.0.740.2 - Oracle Corporation)
===

Please post the log and let me know what problem persists.

 

 

 

hello nasdaq thank for the response,I just finished what you told and here the log

 

and and finished scan with esset online scan,after restart from fix the problem its gone i dunno its fix my issue or still need crosscheck from you

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Lavin (05-03-2018 15:29:16) Run:1
Running from C:\Users\Lavin\Downloads
Loaded Profiles: Lavin (Available Profiles: Lavin & LavinCoba)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-21-1594911143-2086658988-593811238-1000\...\Run: [valveauto] => C:\Users\Lavin\Documents\don.vbs [18078 2018-03-03] ()
GroupPolicyScripts: Restriction <==== ATTENTION
URLSearchHook: HKU\S-1-5-21-1594911143-2086658988-593811238-1000 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll No File
URLSearchHook: HKU\S-1-5-21-1594911143-2086658988-593811238-1000 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll No File
BHO: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll => No File
BHO-x32: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll => No File
Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll No File
Toolbar: HKLM-x32 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll No File
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1220162.dll [No File]
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
S3 dump_wmimmc; \??\E:\Games\Seal Online Private Server\Seal Online Zen Full Client v3.5\GameGuard\dump_wmimmc.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 gkernel; \??\C:\Users\Lavin\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION
S3 npkcrypt; \??\E:\Games\Ragnarok Online Indonesia\npkcrypt.sys [X]
S3 npkycryp; \??\E:\Games\Ragnarok Online Indonesia\npkycryp.sys [X]
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va064; \??\C:\Windows\SysWOW64\Drivers\X6va064 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} =>  -> No File
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File[/B]
 
C:\Users\Lavin\Documents\don.vbs
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1594911143-2086658988-593811238-1000\Software\Microsoft\Windows\CurrentVersion\Run\\valveauto" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKU\S-1-5-21-1594911143-2086658988-593811238-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => removed successfully
"HKU\S-1-5-21-1594911143-2086658988-593811238-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => removed successfully
HKLM\Software\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => removed successfully
HKLM\Software\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/AuthorwarePlayer" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@t.garena.com/garenatalk" => removed successfully
"HKLM\System\CurrentControlSet\Services\dump_wmimmc" => removed successfully
dump_wmimmc => service removed successfully
"HKLM\System\CurrentControlSet\Services\EsgScanner" => removed successfully
EsgScanner => service removed successfully
"HKLM\System\CurrentControlSet\Services\gkernel" => removed successfully
gkernel => service removed successfully
"HKLM\System\CurrentControlSet\Services\npkcrypt" => removed successfully
npkcrypt => service removed successfully
"HKLM\System\CurrentControlSet\Services\npkycryp" => removed successfully
npkycryp => service removed successfully
"HKLM\System\CurrentControlSet\Services\panda_url_filteringd" => removed successfully
panda_url_filteringd => service removed successfully
"HKLM\System\CurrentControlSet\Services\Synth3dVsc" => removed successfully
Synth3dVsc => service removed successfully
"HKLM\System\CurrentControlSet\Services\tsusbhub" => removed successfully
tsusbhub => service removed successfully
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully
VGPU => service removed successfully
"HKLM\System\CurrentControlSet\Services\X6va064" => removed successfully
X6va064 => service removed successfully
"HKLM\System\CurrentControlSet\Services\xhunter1" => removed successfully
xhunter1 => service removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AIMP" => removed successfully
HKLM\Software\Classes\CLSID\{1F77B17B-F531-44DB-ACA4-76ABB5010A28} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\AIMP" => removed successfully
HKLM\Software\Classes\CLSID\{1F77B17B-F531-44DB-ACA4-76ABB5010A28} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\Users\Lavin\Documents\don.vbs => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5148603 B
Java, Flash, Steam htmlcache => 107080437 B
Windows/system/drivers => 67224304 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 2392494 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 62672735 B
systemprofile32 => 4872550 B
LocalService => 132244 B
NetworkService => 66228 B
Lavin => 151778985 B
LavinCoba => 8180879 B
 
RecycleBin => 0 B
EmptyTemp: => 398.6 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:35:02 ====


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,508 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:40 AM

Posted 05 March 2018 - 08:39 AM

Hi,

You are looking good.

Just to make sure run this scan,

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.
Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===

Let me know of any issues.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,508 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:40 AM

Posted 12 March 2018 - 08:21 AM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users