Jump to content

Programs open then close immediately.


Recommended Posts

Hi,

 

I'm running Windows 7 Home Premium,  I have noticed that some programs will open for a couple of seconds then close immediately. I've researched about it and found out that it may be because of my antivirus programs . I have already uninstall any antivirus but the problem still persists ..

Appreciate any help, thanks

Link to post
Share on other sites

I'm still experiencing issues after running Malwarebytes Anti-Malware . 

Here is my log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2016
Ran by Leonard (administrator) on LEONARD-PC (01-11-2016 14:27:48)
Running from C:\Users\Leonard\Downloads
Loaded Profiles: Leonard (Available Profiles: Leonard & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Garena Online                   ) C:\Program Files (x86)\Garena\Garena\2.0.1607.2718\gxxsvc.exe
(Garena Online                   ) C:\Program Files (x86)\Garena\Garena\2.0.1607.2718\ah\gxxah.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_svc.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_updater.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [2166376 2016-10-18] (Hola Networks Ltd.) <===== ATTENTION
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-08-26] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-08-26] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-22] (Razer Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25424008 2016-10-24] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9131560 2016-10-20] ()
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd)
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\RunOnce: [Uninstall C:\Users\Leonard\AppData\Local\Microsoft\OneDrive\17.3.4604.0120] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Leonard\AppData\Local\Microsoft\OneDrive\17.3.4604.0120"
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\MountPoints2: {2fa86846-6bfd-11e2-8c50-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\MountPoints2: {afb4075f-d34d-11e3-aa3f-94de800e87cf} - E:\Startme.exe
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\MountPoints2: {fc54df6a-c013-11e5-bbea-94de800e87cf} - E:\startme.exe
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\Winlogon: [Shell] c:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B86F7EBB-4630-440B-9F1C-AA03D8B50414}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{BE1556D8-8934-4DE7-8F72-F3C3FF433C16}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.sg/
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://xin.msn.com/?rd=1&ucc=SG&dcc=SG&opt=0&ocid=iehp
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-06] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-06] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-01] (Adobe Systems)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [No File]
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-26] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-26] (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-09-23] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-01] (Adobe Systems)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default [2016-11-01]
CHR Extension: (Google Slides) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google Docs) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (OneTab) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-06-06]
CHR Extension: (Google Search) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Calendar) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-08-17]
CHR Extension: (Video Downloader professional) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-07-25]
CHR Extension: (JavaScript Editor) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhkeonpomkliaedmafeniofidolfmdd [2016-05-16]
CHR Extension: (Google Sheets) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-09-03]
CHR Extension: (Google Docs Offline) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-01]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-11-01]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2016-06-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-01]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [76616 2016-06-20] (Google Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-03] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [41576 2016-10-24] (Dropbox, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
R2 GarenaPlatform; C:\Program Files (x86)\Garena\Garena\2.0.1607.2718\gxxsvc.exe [211448 2016-07-27] (Garena Online                   )
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-08-26] (NVIDIA Corporation)
R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [5622376 2016-10-18] (Hola Networks Ltd.) <==== ATTENTION
R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [5494480 2016-05-18] (Hola Networks Ltd.) [File not signed] <==== ATTENTION
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5132656 2013-11-21] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-08-26] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-08-26] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-08-26] (NVIDIA Corporation)
S3 PAExec; C:\Windows\PAExec.exe [189112 2016-09-06] (Power Admin LLC)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-11] ()
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-11] ()
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69744 2016-09-06] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-07-20] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-03] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-10] (Microsoft Corporation)
S3 Origin Client Service; "C:\Program Files (x86)\Origin\OriginClientService.exe" [X]
S2 Origin Web Helper Service; "C:\Program Files (x86)\Origin\OriginWebHelperService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 1394hub; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-10-17] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-10-17] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 gdrv; no ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-01] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-08-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56376 2016-08-26] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [51736 2016-06-23] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-05-07] (Razer, Inc.)
S2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [136312 2016-06-28] (Razer, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-02-03] (Duplex Secure Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 X6va012; no ImagePath
U3 a47ftlmt; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 gkernel; \??\C:\Users\Leonard\AppData\Local\Temp\gkernel.sys [X]
R3 gxxkernel; \??\C:\Windows\TEMP\gxxkernel.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va023; \??\C:\Windows\SysWOW64\Drivers\X6va023 [X]
S3 X6va034; \??\C:\Windows\SysWOW64\Drivers\X6va034 [X]
S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-01 14:27 - 2016-11-01 14:28 - 00024510 _____ C:\Users\Leonard\Downloads\FRST.txt
2016-11-01 14:17 - 2016-11-01 14:27 - 00000000 ____D C:\FRST
2016-11-01 14:17 - 2016-11-01 14:17 - 02408960 _____ (Farbar) C:\Users\Leonard\Downloads\FRST64.exe
2016-11-01 13:32 - 2016-11-01 14:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-01 13:32 - 2016-11-01 13:32 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-01 13:32 - 2016-11-01 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-01 13:32 - 2016-11-01 13:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-01 13:32 - 2016-11-01 13:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-01 13:32 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-01 13:32 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-01 13:32 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-01 07:14 - 2016-11-01 07:14 - 00000000 ____D C:\Users\Leonard\AppData\Local\V3-Games
2016-11-01 07:11 - 2016-11-01 07:11 - 00001106 _____ C:\Users\Public\Desktop\O2Jam (V3-Games).lnk
2016-11-01 07:11 - 2016-11-01 07:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\V3-Games
2016-11-01 07:11 - 2016-11-01 07:11 - 00000000 ____D C:\Program Files (x86)\V3-Games
2016-10-30 12:42 - 2016-10-30 12:42 - 00026507 _____ C:\Users\Leonard\Downloads\[HorribleSubs] One Piece - 761 [720p].mkv.torrent
2016-10-30 12:41 - 2016-10-30 12:41 - 00026507 _____ C:\Users\Leonard\Downloads\[HorribleSubs] One Piece - 762 [720p].mkv.torrent
2016-10-30 12:41 - 2016-10-30 12:41 - 00026487 _____ C:\Users\Leonard\Downloads\[HorribleSubs] One Piece - 759 [720p].mkv.torrent
2016-10-30 12:41 - 2016-10-30 12:41 - 00026447 _____ C:\Users\Leonard\Downloads\[HorribleSubs] One Piece - 760 [720p].mkv.torrent
2016-10-28 03:25 - 2016-10-28 03:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-24 21:06 - 2016-10-24 21:06 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-10-24 21:06 - 2016-10-24 21:06 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-10-24 21:06 - 2016-10-24 21:06 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-10-24 21:06 - 2016-10-24 21:06 - 00041576 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-10-17 04:13 - 2016-10-17 04:14 - 00000000 ____D C:\Users\Leonard\Documents\Mirrors Edge Catalyst
2016-10-17 04:09 - 2016-10-17 04:09 - 00000993 _____ C:\Users\Public\Desktop\Origin.lnk
2016-10-17 04:09 - 2016-10-17 04:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-10-17 04:08 - 2016-10-17 04:08 - 00000000 ____D C:\Users\Leonard\.QtWebEngineProcess
2016-10-17 04:08 - 2016-10-17 04:08 - 00000000 ____D C:\Users\Leonard\.Origin
2016-10-17 03:49 - 2016-10-17 03:49 - 00272380 _____ C:\Users\Leonard\Downloads\W (2016) Complete 720p NEXT [English Subtitle].rar
2016-10-17 03:43 - 2016-10-23 10:28 - 00000000 ____D C:\ProgramData\Origin
2016-10-17 03:43 - 2016-10-17 03:43 - 00000000 ____D C:\Users\Leonard\AppData\Local\Disc_Soft_Ltd
2016-10-17 03:28 - 2016-10-17 03:28 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2016-10-17 03:26 - 2016-10-17 03:26 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2016-10-17 03:25 - 2016-10-17 03:29 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\DAEMON Tools Lite
2016-10-17 03:25 - 2016-10-17 03:26 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2016-10-17 03:25 - 2016-10-17 03:25 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2016-10-17 03:25 - 2016-10-17 03:25 - 00001773 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-10-17 03:25 - 2016-10-17 03:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2016-10-17 03:24 - 2016-10-17 03:24 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-10-17 03:23 - 2016-10-17 03:23 - 00692072 _____ (Disc Soft Ltd.) C:\Users\Leonard\Downloads\DTLiteInstaller.exe
2016-10-16 17:58 - 2016-10-16 17:58 - 00053731 _____ C:\Users\Leonard\Downloads\[avistaz.to] W (2016) Complete 720p NEXT.torrent
2016-10-16 17:47 - 2016-10-16 17:47 - 00059950 _____ C:\Users\Leonard\Downloads\Mirrors.Edge.Catalyst-CPY.torrent
2016-10-14 01:46 - 2016-10-14 01:46 - 00067349 _____ C:\Users\Leonard\Downloads\mike-and-dave-need-wedding-dates_HI_english-1405541.zip
2016-10-08 18:36 - 2016-10-08 18:36 - 00243202 _____ C:\Users\Leonard\Downloads\the-fresh-prince-of-bel-air-first-season_english-76055.zip
2016-10-08 03:02 - 2016-10-08 03:02 - 00274837 _____ C:\Users\Leonard\Downloads\the-fresh-prince-of-bel-air-first-season_english-758901.zip
2016-10-03 01:28 - 2016-10-03 01:28 - 00000000 ____D C:\Users\Leonard\Desktop\[UTW] Angel Beats! [BD][h264-1080p FLAC]
2016-10-03 01:27 - 2016-10-03 01:27 - 00079117 _____ C:\Users\Leonard\Downloads\[UTW] Angel Beats! [BD][h264-1080p FLAC].torrent
2016-10-02 20:24 - 2016-10-02 20:25 - 00000000 ____D C:\Users\Leonard\Desktop\[Coalgirls]_Guilty_Crown_(1920x1080_Blu-ray_FLAC)
2016-10-02 20:24 - 2016-10-02 20:24 - 00328886 _____ C:\Users\Leonard\Downloads\[Coalgirls]_Guilty_Crown_(1920x1080_Blu-ray_FLAC).torrent
2016-10-02 20:23 - 2016-10-02 20:23 - 00026527 _____ C:\Users\Leonard\Downloads\[HorribleSubs] One Piece - 756 [720p].mkv.torrent
2016-10-02 20:23 - 2016-10-02 20:23 - 00026527 _____ C:\Users\Leonard\Downloads\[HorribleSubs] One Piece - 754 [720p].mkv.torrent
2016-10-02 20:23 - 2016-10-02 20:23 - 00026507 _____ C:\Users\Leonard\Downloads\[HorribleSubs] One Piece - 757 [720p].mkv.torrent
2016-10-02 20:23 - 2016-10-02 20:23 - 00026487 _____ C:\Users\Leonard\Downloads\[HorribleSubs] One Piece - 758 [720p].mkv.torrent
2016-10-02 20:23 - 2016-10-02 20:23 - 00026487 _____ C:\Users\Leonard\Downloads\[HorribleSubs] One Piece - 755 [720p].mkv.torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-01 14:27 - 2014-10-31 06:21 - 00000000 ____D C:\Users\Leonard\Desktop\fjewof
2016-11-01 14:26 - 2016-09-06 14:25 - 00000000 ____D C:\Users\Leonard\AppData\Local\CrashDumps
2016-11-01 14:22 - 2009-07-14 12:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-01 14:22 - 2009-07-14 12:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-01 14:15 - 2016-01-03 17:10 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-11-01 14:08 - 2015-06-18 17:40 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-11-01 14:04 - 2016-01-03 17:12 - 00000000 ___RD C:\Users\Leonard\Dropbox
2016-11-01 14:03 - 2016-08-01 21:56 - 00003476 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
2016-11-01 14:03 - 2016-01-03 17:10 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-11-01 14:03 - 2014-07-06 02:01 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-11-01 14:03 - 2013-02-02 09:32 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-01 14:01 - 2016-02-29 10:35 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-11-01 14:01 - 2013-01-31 16:11 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-01 14:01 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-01 14:01 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\L2Schemas
2016-11-01 13:59 - 2013-02-03 01:18 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\uTorrent
2016-11-01 13:58 - 2015-06-18 20:33 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\ParetoLogic
2016-11-01 13:58 - 2015-06-18 20:32 - 00000000 ____D C:\ProgramData\ParetoLogic
2016-11-01 13:58 - 2014-08-20 20:07 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\Search Protection
2016-11-01 13:45 - 2013-02-02 09:32 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-01 13:01 - 2013-02-02 09:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-01 08:52 - 2013-02-02 09:55 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\vlc
2016-10-31 23:59 - 2013-02-02 09:32 - 00000000 ____D C:\Users\Leonard\AppData\Local\Google
2016-10-31 23:21 - 2013-02-02 09:39 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-31 22:22 - 2013-06-26 22:06 - 00000000 ____D C:\ProgramData\GarenaMessenger
2016-10-30 12:43 - 2016-09-22 22:42 - 00000000 ____D C:\Users\Leonard\AppData\LocalLow\uTorrent
2016-10-29 20:56 - 2013-06-26 22:07 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\GarenaPlus
2016-10-29 20:47 - 2013-02-02 10:42 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2016-10-29 15:11 - 2015-01-14 20:31 - 00000000 ____D C:\Users\Leonard\Desktop\NIPOU
2016-10-29 14:06 - 2015-11-25 14:50 - 00000000 ____D C:\Program Files (x86)\GarenaLoL
2016-10-28 09:22 - 2010-11-21 11:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-28 03:25 - 2016-01-03 17:10 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-10-25 08:47 - 2014-11-26 03:18 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-23 10:27 - 2014-06-03 15:28 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\Origin
2016-10-17 04:08 - 2014-06-03 15:28 - 00000000 ____D C:\Users\Leonard\AppData\Local\Origin
2016-10-17 04:08 - 2013-01-31 15:34 - 00000000 ____D C:\Users\Leonard
2016-10-17 04:05 - 2016-06-01 15:20 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-17 03:27 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2016-10-14 12:35 - 2016-09-10 13:36 - 00000000 ____D C:\Users\Leonard\AppData\Local\Battle.net
2016-10-14 12:35 - 2016-09-10 13:34 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-10-08 03:20 - 2016-09-18 13:44 - 00000000 ____D C:\Users\Leonard\Desktop\TFPoBA Season #1
2016-10-08 02:57 - 2013-03-15 22:11 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\dvdcss
2016-10-05 04:12 - 2016-09-10 13:36 - 00000000 ____D C:\Program Files (x86)\Hearthstone

==================== Files in the root of some directories =======

2015-06-18 20:33 - 2015-06-18 20:58 - 0000115 _____ () C:\Users\Leonard\AppData\Roaming\LogFile.txt
2014-12-04 19:14 - 2014-12-04 19:14 - 0045270 _____ () C:\Users\Leonard\AppData\Roaming\room_v3.dat
2013-08-29 19:50 - 2013-08-29 19:50 - 0007605 _____ () C:\Users\Leonard\AppData\Local\Resmon.ResmonCfg
2015-07-24 16:04 - 2015-07-24 16:04 - 0000000 _____ () C:\Users\Leonard\AppData\Local\{7DC4F3B8-5CF6-4FED-8202-3CD8FD5B1641}
2015-06-04 01:03 - 2015-06-04 01:03 - 0000006 __RSH () C:\ProgramData\eab07bde6d703f8ffe34d4f76a2b462f0628a44a
2016-09-20 22:48 - 2016-09-20 22:48 - 0000016 _____ () C:\ProgramData\mntemp

Files to move or delete:
====================
C:\Program Files\Hola\app\hola.exe


Some files in TEMP:
====================
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20160825to20160913.exe
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20160913to20160922.exe
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20160922to20160923.exe
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20160923to20160929.exe
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20160929to20161006_1.exe
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20161006to20161020.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-25 15:15

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2016
Ran by Leonard (01-11-2016 14:28:10)
Running from C:\Users\Leonard\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-01-31 07:34:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3108869105-240821209-1850858052-500 - Administrator - Disabled)
Guest (S-1-5-21-3108869105-240821209-1850858052-501 - Limited - Disabled) => C:\Users\Guest
Leonard (S-1-5-21-3108869105-240821209-1850858052-1000 - Administrator - Enabled) => C:\Users\Leonard

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.0.447 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Ansel (Version: 372.70 - NVIDIA Corporation) Hidden
AuditionSEA version 6221 (HKLM-x32\...\{0BB9651A-2DFC-4E8E-82BF-A37194E323ED}}_is1) (Version: 6221 - Asiasoft Online Pte. Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
Chrome Remote Desktop Host (HKLM-x32\...\{159AA592-31AA-4EAC-A6CB-B47AB2CB1476}) (Version: 52.0.2743.48 - Google Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
DeathToB Agent 3.1 (HKLM-x32\...\{9A639A0A-5BBF-4560-B3A8-981E4F412FC7}) (Version: 3.1 -  DeathToB Network)
Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version:  - EnTech Taiwan)
Dirty Bomb (HKLM\...\Steam App 333930) (Version:  - Splash Damage®)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 13.4.21 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
Garena - League of Legends (HKLM-x32\...\LoL) (Version:  - Garena Online Pte Ltd.)
Garena (remove only) (HKLM-x32\...\gxx) (Version: 2.0.1607.2718 - Garena)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hola™ 1.17.142 - Better Internet (HKLM\...\Hola) (Version: 1.17.142 - Hola Networks Ltd.) <==== ATTENTION
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
JPEXS Free Flash Decompiler (HKLM-x32\...\{E618D276-6596-41F4-8A98-447D442A77DB}_is1) (Version: 8.0.1 - JPEXS)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Natural8 (HKLM-x32\...\{9ABFFE5C-2C7F-4207-8797-8CAA38A7817B}) (Version: 1.0.0.20 - 88Brothers)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.70 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.70 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
O2Jam (V3-Games) version 1.9 (HKLM-x32\...\{70503F71-6483-406C-8810-8A6C0C0C3B60}_is1) (Version: 1.9 - V3-Games)
Origin (HKLM-x32\...\Origin) (Version: 10.1.1.35466 - Electronic Arts, Inc.)
Plants Vs Zombies: Game of the Year Edition (HKLM-x32\...\Plants Vs Zombies: Game of the Year Edition) (Version: 1.2.0.1073 - iWin.com)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.8.13 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.822 - Razer Inc.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab Detection (HKLM-x32\...\{62675278-956B-4041-9454-411710FB6956}) (Version: 2.2.3.0 - Husdawg, LLC)
TalkTalk (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Uplay (HKLM-x32\...\Uplay) (Version: 22.2 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06DFCD9F-6DCF-4B6F-BF90-3CC2E8B0A647} - System32\Tasks\{63B916EE-DB7C-411D-BC16-091D590FD37A} => Chrome.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {0D8D94DA-FE13-4BAC-92AD-8557CECA7D54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {0EBB2D98-7008-4C88-B291-E16C42090734} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3108869105-240821209-1850858052-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {1286F89B-D704-4518-A972-8C4FE74DDDBD} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-03] (Dropbox, Inc.)
Task: {19B25E1A-3655-4FAE-BC88-590C76B5DA66} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3108869105-240821209-1850858052-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {1D626CF8-182A-4AA0-9841-D41C6768543E} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-06-22] (Oracle Corporation)
Task: {26425567-C107-4530-8D42-9433DF7D8DD9} - System32\Tasks\{25C77E2D-61C2-44A5-AE2F-587B7535576A} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {2AA74840-CB24-4FA5-85F5-09FF86D88AAD} - System32\Tasks\Hoolapp For Android => C:\Users\Leonard\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {33250D88-1D90-429E-B597-A49E8E3A439D} - System32\Tasks\{A8185759-8DD2-4100-817B-9823B1F74D77} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {40A88854-CC1F-48D5-9E13-C7B8B7A64748} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-03] (Dropbox, Inc.)
Task: {46534AF0-8AAE-494B-91D4-759F94D35CFF} - System32\Tasks\{9D6ED9F9-8F28-46FA-808B-32E52B7DC10D} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-06-29] (Skype Technologies S.A.)
Task: {4C57ABAC-C59B-4DAE-96F5-6A25C100D917} - System32\Tasks\{9B3AB650-8D74-43F3-B673-FC783C258EF3} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.6.0.106&amp;LastError=12002
Task: {4E84BA7B-0E04-44B1-A016-0DEDBF3D6652} - System32\Tasks\{227B4E95-D4F9-4D3C-A031-A2B4F562A192} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {4F972B37-3B69-4AF4-BC5F-33BD1B19D68A} - System32\Tasks\{EAB95980-E7EC-4A94-8357-62B2227F3309} => pcalua.exe -a "C:\Users\Leonard\Desktop\IcyPopX Elite Trainer\IcyPopX Elite Trainer.exe" -d "C:\Users\Leonard\Desktop\IcyPopX Elite Trainer"
Task: {515AD66A-E548-444A-AADC-C23374D8A0F5} - System32\Tasks\{95B30E3A-0062-4AFE-9B69-12C00FFAC6A6} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {59C2C77B-01E1-41B0-A6BB-96B7E38F2739} - System32\Tasks\{45EFC095-7C65-4EBD-A3A3-4187E1582FCA} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {6A1B95EA-5949-4054-90E0-4D89BEE21616} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {83B86917-ACFB-4364-812E-527B6AD72C90} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {8AACE462-BB3E-4FFA-AF84-DA0D554019AA} - System32\Tasks\{CC445D76-0605-4064-81AD-ED9011D0ABBD} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {9F1752C7-8A28-427F-95DE-26D8ABC22444} - System32\Tasks\{A533A0A7-3E77-447F-91DC-23B010667F9D} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {AD73C38C-5DB5-4900-87BB-BF2DED1AAAC2} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
Task: {B7699718-6C47-4863-B34A-57513AED7C03} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {BE317DC1-108A-4C0E-8FE4-1382A4E71641} - System32\Tasks\{DF30BD63-BB26-4051-A9F4-8CB80A0F8BB6} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {C0D040A6-F404-4B05-A2A2-BB959AF7C630} - System32\Tasks\{529A3603-A247-45B2-88C6-F1E1534B3EB4} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {CA0DEAFD-EA7F-4FE0-A753-C2808CE6B3C2} - System32\Tasks\Garena+ Plugin Host Service => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2016-06-01] ()
Task: {CCF8F04F-0117-435B-B0B2-2D4C813B7DA0} - System32\Tasks\{E557B1E2-E322-4E1C-98D6-309016A3ACF3} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {E4E41AF3-143F-40EA-B840-8DCD9D307ED2} - System32\Tasks\gxx speed launcher => C:\Program Files (x86)\Garena\Garena\Garena.exe [2016-07-27] (Garena Online                   )
Task: {E9D8AEA8-0366-41F7-ABCF-2B5F61A5BBAD} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {EC26C7CF-1038-4157-AF98-08CE626B9FA1} - System32\Tasks\Hoolapp Init => C:\Users\Leonard\AppData\Roaming\HOOLAP~1\Hoolapp.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Leonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

==================== Loaded Modules (Whitelisted) ==============

2016-09-06 14:12 - 2016-08-26 05:10 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-06 14:14 - 2016-08-26 07:28 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-09-06 14:14 - 2016-08-26 07:28 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-09-06 14:14 - 2016-08-26 07:28 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-09-06 14:14 - 2016-08-26 07:28 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-07-20 08:10 - 2016-07-20 08:11 - 00187824 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-09-06 14:14 - 2016-08-26 07:28 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-09-06 14:14 - 2016-08-26 07:28 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-09-06 14:14 - 2016-08-26 07:28 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-09-06 14:14 - 2016-08-26 07:28 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-09-06 14:14 - 2016-08-26 07:28 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-09-06 14:14 - 2016-08-26 07:28 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-06-01 19:17 - 2016-06-01 19:17 - 00174632 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2016-08-08 11:37 - 2016-08-08 11:37 - 00298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2016-03-03 14:49 - 2016-03-03 14:49 - 00139776 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1607.2718\libprotobuf-lite.dll
2016-07-01 20:01 - 2016-09-29 12:26 - 03437008 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2016-09-06 14:14 - 2016-08-26 07:28 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-08-29 16:09 - 2016-08-29 16:09 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-09-03 16:21 - 2016-10-11 02:19 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-10-28 03:24 - 2016-10-11 02:19 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-10-28 03:24 - 2016-10-11 02:19 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-10-28 03:24 - 2016-10-11 02:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-09-03 16:21 - 2016-10-11 02:19 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-09-03 16:20 - 2016-10-11 02:19 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-09-03 16:20 - 2016-10-24 21:16 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-09-03 16:20 - 2016-10-11 02:19 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-10-28 03:24 - 2016-10-24 21:15 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-09-03 16:21 - 2016-10-11 02:20 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-10-28 03:24 - 2016-10-24 21:15 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-10-28 03:24 - 2016-10-24 21:15 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-09-03 16:20 - 2016-10-11 02:21 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-09-03 16:21 - 2016-10-24 21:16 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-10-28 03:24 - 2016-10-24 21:15 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-10-28 03:24 - 2016-10-24 21:15 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-10-28 03:24 - 2016-10-11 02:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-10-28 03:24 - 2016-10-11 02:21 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-09-03 16:20 - 2016-10-11 02:21 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-09-03 16:20 - 2016-10-11 02:21 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-09-03 16:20 - 2016-10-24 21:16 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-09-03 16:20 - 2016-10-11 02:21 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-09-03 16:21 - 2016-10-24 21:16 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-09-03 16:20 - 2016-10-11 02:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-09-03 16:20 - 2016-10-11 02:21 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-09-03 16:20 - 2016-10-11 02:21 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-09-03 16:20 - 2016-10-11 02:21 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-09-03 16:20 - 2016-10-11 02:21 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-09-03 16:20 - 2016-10-11 02:21 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-09-03 16:20 - 2016-10-11 02:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-10-28 03:24 - 2016-10-24 21:15 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-10-28 03:24 - 2016-10-24 21:15 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-09-03 16:21 - 2016-10-11 02:20 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-10-28 03:24 - 2016-10-24 21:15 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-09-03 16:21 - 2016-10-11 02:21 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-09-03 16:21 - 2016-10-24 21:16 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-09-03 16:21 - 2016-10-24 21:16 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-09-03 16:21 - 2016-10-24 21:16 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-09-03 16:21 - 2016-10-24 21:16 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-09-03 16:21 - 2016-10-11 02:21 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-09-03 16:21 - 2016-10-24 21:16 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-10-28 03:24 - 2016-10-24 21:15 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-10-28 03:24 - 2016-10-11 02:17 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-10-28 03:24 - 2016-10-24 21:15 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-10-28 03:24 - 2016-10-24 21:15 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-09-03 16:20 - 2016-10-11 02:19 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-10-28 03:24 - 2016-10-24 21:16 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-10-28 03:24 - 2016-10-24 21:16 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-10-28 03:24 - 2016-10-24 21:15 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-10-28 03:24 - 2016-10-24 21:16 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-10-28 03:24 - 2016-10-24 21:16 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-10-28 03:24 - 2016-10-24 21:16 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-09-03 16:21 - 2016-10-24 21:16 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-10-28 03:24 - 2016-10-11 02:24 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-10-28 03:24 - 2016-10-11 02:24 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-09-03 16:20 - 2016-10-11 02:21 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-09-03 16:21 - 2016-10-24 21:16 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-10-28 03:24 - 2016-10-24 21:16 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-10-28 03:24 - 2016-10-24 21:16 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-10-28 03:24 - 2016-10-24 21:16 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-10-28 03:24 - 2016-10-24 21:16 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-09-18 13:12 - 2016-06-28 05:57 - 50663704 _____ () C:\Users\Leonard\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2016-10-25 08:47 - 2016-10-20 16:47 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-25 08:47 - 2016-10-20 16:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Leonard\Desktop\DSC_0162.JPG:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\aeriagames.com -> hxxp://aeriagames.com
IE trusted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\hola.org -> hxxp://hola.org
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2015-10-21 02:20 - 00000985 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
198.57.242.187 www.icypopx.com
198.57.242.187 icypopx.com
198.57.242.187 www.forum.icypopx.com
198.57.242.187 forum.icypopx.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3108869105-240821209-1850858052-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Leonard\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AxAutoMntSrv => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: StarWindServiceAE => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Display Manager.lnk => C:\Windows\pss\Dell Display Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Leonard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Leonard\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SearchProtection => "C:\Users\Leonard\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{17D300DF-CBB5-4237-AFA1-4CD91E9B7A50}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BB6012F3-9918-437A-BE03-7BF155C0C60F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C95B104E-2418-4D5A-8E66-D98F767DA7F7}] => (Allow) LPort=8370
FirewallRules: [{607FB0A4-5A86-4C6D-9811-A2F6E1955585}] => (Allow) LPort=8370
FirewallRules: [{E14BD4A7-3028-47F3-B89F-B80BE6D51DE4}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Air\LolClient.exe
FirewallRules: [{1C9EC190-3E23-450D-A525-357456E406F2}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Air\LolClient.exe
FirewallRules: [{D1CE3B01-25BF-40A2-920E-F21610870D26}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Game\League of Legends.exe
FirewallRules: [{E2FEF3D5-0322-4B42-A851-4B5BAB4524E8}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Game\League of Legends.exe
FirewallRules: [TCP Query User{1A05D263-CA51-49AE-84AE-0A8494F157D5}C:\users\leonard\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\leonard\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{2148F55C-2275-4F71-B2F0-6DE8C869B81D}C:\users\leonard\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\leonard\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{50FB3610-D656-49E7-BF7A-76CC1FB605F7}C:\program files (x86)\steam\steamapps\drsync\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\drsync\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{5B930197-4AC1-44D9-87F8-8528B217549F}C:\program files (x86)\steam\steamapps\drsync\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\drsync\team fortress 2\hl2.exe
FirewallRules: [TCP Query User{052558F9-BDC5-460F-8464-6380E56228E8}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{B589941F-7570-487B-B318-58253A9834A7}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [TCP Query User{D14D9EC3-FA32-4A67-90D0-FEDB24FE1B59}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{46827D9C-2756-4DD8-A521-0878B237A1B1}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{34E65F92-30AC-4F64-A22C-F280DE230DC0}] => (Allow) C:\Users\Leonard\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{733136E9-14E3-4C72-A54F-5291473FE8BB}] => (Allow) C:\Users\Leonard\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{6868EFC3-9976-41FF-A0E7-1DD0E816190E}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Block) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [UDP Query User{2FB7351E-CD3A-4F5E-A057-5EA2F58AA08E}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Block) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [TCP Query User{263350E5-10EF-4FA2-8B54-A2722760E158}C:\program files (x86)\garena plus\updatemanager.exe] => (Allow) C:\program files (x86)\garena plus\updatemanager.exe
FirewallRules: [UDP Query User{DDA95320-B77D-4621-99D6-67676626E836}C:\program files (x86)\garena plus\updatemanager.exe] => (Allow) C:\program files (x86)\garena plus\updatemanager.exe
FirewallRules: [{8746C142-B2E8-4651-9D62-EF4308060C87}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\121\Tencentdl.exe
FirewallRules: [{0FF16F88-D33E-4E1F-9D9F-3E65FDA6D353}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\121\Tencentdl.exe
FirewallRules: [{983E82AF-670B-4263-837C-D588C345C449}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{D02C3662-B158-4FCF-AB24-4AF69612CA29}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{83C0ED7A-AF60-42A8-B1A6-50FC0A609EAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{A4AB8DA9-0E7F-4B28-B083-D68FDFBCACF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{7B3B2C8F-1882-4613-8A34-A8062F7B60A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{E4F5E1F1-3FA0-4D09-A1D0-883FD111E39A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{D4B033AC-961D-4410-9CC5-CC69B1D18FE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{46EADCC8-98AB-4683-825D-372197D9AA78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{5D4FA99C-362F-4AEC-90A7-C8ECB35C6B77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{E529529B-0B7F-4A73-A6EC-1E1599DF1F3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{621A0D3F-9DFB-40E5-A6D6-92088C5152FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{5ADDE868-288C-4765-93F9-EB5D8AFB854F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{1D9D9896-D4EC-44F1-89FC-527611D0C72F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{88F40F52-2DFD-4DA0-A44C-2BFBE8F06DC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{93732ABF-43FD-41F5-AB92-2708FF3B6BD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{3D28742F-2277-4993-8869-588FB8DE42A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{10C45940-929B-4EAE-8E87-CB6B8D68F8AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{F9A74F42-89F2-47FD-BB42-CB43C76FF9A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{448A78E0-A98A-4D0E-A3CF-DCEEC7FE0740}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{35A8B147-DCDB-489D-950F-3EE5DF46D6EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{07AF0482-C3FD-4016-905A-FFA799F43443}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{223447B3-3FBA-42F5-A658-6198EC14E479}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{ED88BEE1-9543-4A84-9863-A479037B3C79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{A2D0D42F-5CA4-4B98-B97D-555209BE462A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{2756B401-91F2-4765-A6F3-7B9EBAF90130}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{1EBBFEA2-0963-421F-8927-A0D5A92B7686}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{71FFD945-EB09-4244-AFD4-DB4CACCBA381}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{5D1AB53E-FD6E-4896-9939-6B2190F3121D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{42FF6C97-D294-4E7E-8161-6B1A77E0F502}] => (Allow) C:\Users\Leonard\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E7842442-94D7-4A51-B9C7-BD6C20E3BAD4}] => (Allow) C:\Users\Leonard\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4D001961-999E-4C3A-B24A-28C9F766F7A2}] => (Allow) LPort=59712
FirewallRules: [{9B86A5BD-7F29-4F29-A001-675A9230F5E3}] => (Allow) LPort=5000
FirewallRules: [{3EFEE38F-A035-4C1F-B506-84D77D26FB21}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{28826986-687D-4CA6-82D9-C85C2D685E27}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{300E968B-69CE-4AE8-86FD-5BBC79276E76}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{85360CA5-25E1-4AE3-9014-0B1F4D113C3E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{AAA39346-8D11-4EB4-81A2-98FC63702441}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8ADB0CEB-C35B-4318-A4E1-84799E765B8E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8CBBA20F-B44E-432B-A06F-3339D3F6BF97}] => (Allow) C:\Program Files (x86)\Garena Plus\Room\garena_room.exe
FirewallRules: [{276D3CC4-327B-4AF5-BD32-72EB4DCD484D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{40D05FD2-A357-4AC1-9A3A-E1916CB8A8FE}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{9D849E94-0917-484A-BDBD-58829E51C12F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{E4EE2FC1-FB2F-4943-AF39-91CC4BF045BE}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{896ADC68-90AF-4686-81C9-D8C0C9251853}] => (Allow) C:\Users\Leonard\AppData\Roaming\Andy\Setup.exe
FirewallRules: [{DBEE11C2-61E0-4E0E-9A51-E4AF4369B09A}] => (Allow) C:\Users\Leonard\AppData\Roaming\Andy\Setup.exe
FirewallRules: [{4D6B7829-CEEC-49AF-BBB2-B0A5158B34A5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{83E85CA2-AE40-4678-9B44-84842E7E4E57}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{29401C1A-4B33-410E-85F8-873555F9C794}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7694AF5D-D352-440B-899D-1CAC4B68B4FF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{98613E6C-0FE4-435F-9046-047344A03D75}] => (Allow) C:\Program Files (x86)\GarenaLoLTW\GameData\Apps\LoLTW\Air\LolClient.exe
FirewallRules: [{27495609-0566-4DC7-943B-2D436A8A57D8}] => (Allow) C:\Program Files (x86)\GarenaLoLTW\GameData\Apps\LoLTW\Air\LolClient.exe
FirewallRules: [{8F2AA7A6-93A3-4967-8BE4-629DC3D65AB4}] => (Allow) C:\Program Files (x86)\GarenaLoLTW\GameData\Apps\LoLTW\Game\League of Legends.exe
FirewallRules: [{BA2E145B-7099-419C-B194-CCDA89C6F023}] => (Allow) C:\Program Files (x86)\GarenaLoLTW\GameData\Apps\LoLTW\Game\League of Legends.exe
FirewallRules: [{E7FE3DFF-73C5-457B-92FA-8739EDA79670}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2CCD1F88-8466-4DE9-9D68-59D600F86C31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{87DF2C2A-19BE-4CC3-A040-E35448E45D18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{6C7F8177-B4AD-4FF7-B31E-67FECCC6DAAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{A1BA1A17-1B29-4AEF-AC8E-4CAD18B6C0BD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{FECF42E0-2594-473A-8210-46BC90E07527}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{161F297B-3BD5-49D7-B0CA-FDA1A02DFAF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5EA7AEE0-2E96-4A34-96CC-7199739280FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E332B61B-3147-4F52-8E23-E524A294D133}] => (Allow) LPort=6894
FirewallRules: [{FB9E7137-E4FB-439B-BE71-71EC67041A52}] => (Allow) LPort=6894
FirewallRules: [{E04AC794-F537-421B-952E-AE93AD7A976D}] => (Allow) C:\GarenaDownload\Games\lol\LoLInstaller.exe
FirewallRules: [{CCFF9966-051C-4CFC-BEB0-71FD780C24E8}] => (Allow) C:\GarenaDownload\Games\lol\LoLInstaller.exe
FirewallRules: [{4C6A7115-7955-4C48-9DC1-E327C688618A}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
FirewallRules: [{09D100B3-02B4-4566-8EC8-D87771BC6DB0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9A678C65-4791-4EDE-9C4C-704895CE23BD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EC188C0C-E513-4416-A069-7FBBD72C6C07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1730554E-D7AE-4A84-A3B2-EBAC57A5D30E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{256DDD82-459E-4E75-AAD5-227E5867B4B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{0BB82178-A913-43FD-944A-36FD9C5EDA67}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{470669AC-AAAE-4B10-AA5C-D66A52C07F84}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5B52D31B-FB16-4E79-86E1-5620BE938B51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{7A140228-0667-4C2C-B5F3-909AFDB074FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{5539D183-55CB-4F31-B352-6DD7B2499041}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{9BB92BA6-C802-4BBC-BDBE-070693A753C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{D5BA9C02-88E6-4A69-B462-3FBC38750169}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{59908E3B-00B1-4E25-9D83-018C30438E78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E36D3DF9-F01F-4829-972C-8528D85108B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B7D30C4B-15B7-4411-9906-1DB3E18A8857}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{058D09DD-AB97-4517-BDBB-0EAB65316091}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BDC4FAEA-D458-49F9-A534-364814AD5D93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CCDE318D-5CDE-4B81-8842-49A246D1E5E2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CB2D979E-22A1-4BB3-99E0-C28DF1C4F1E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{75299C9B-3CC2-461D-8BD1-239B17E1A342}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9222B4F8-C7B2-43BA-A236-9E55151858FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4801B1A3-DA90-441D-B0BA-F12052B15C29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7660729C-CCEB-4407-9972-73EAB399D906}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FACCBDA9-9F83-433E-942A-C388E70CDDDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B6BDB709-0CE5-4F14-B187-13E240BB69B9}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{3C20DEE2-D3C0-4ED7-9749-C2B26F9A0EFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{573DBA7F-A388-456E-AACC-ABCBBA07E9EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E17B88D9-6C0F-43C0-9299-BD1490EA9AD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B9550807-0CC2-4B27-9FED-F154BCE09604}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DA2832B5-B1F7-47E3-A028-537B996C9509}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{03BC176F-71CA-492A-B87E-23E53257B78A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8086E5C2-ADE2-409E-88FF-6F487B5BBAC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EDD1BE8F-B56C-460F-B9A5-C19B2E139D36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

==================== Restore Points =========================

27-10-2016 11:10:12 Windows Update
30-10-2016 19:00:15 Windows Backup
31-10-2016 11:10:09 Windows Update

==================== Faulty Device Manager Devices =============

Name: gkernel
Description: gkernel
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: gkernel
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: AAKXXVIK IDE Controller
Description: AAKXXVIK IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: a47ftlmt
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/01/2016 02:26:45 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program App Simulation v 1.1 because of this error.

Program: App Simulation v 1.1
File: 

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (11/01/2016 02:26:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MiniA.exe, version: 1.1.0.0, time stamp: 0x5800ee9e
Faulting module name: MiniA.exe, version: 1.1.0.0, time stamp: 0x5800ee9e
Exception code: 0xc0000096
Fault offset: 0x005930b9
Faulting process id: 0x1ab8
Faulting application start time: 0x01d23408ea41bb98
Faulting application path: C:\Program Files (x86)\DeathToB Network\Agent 3.1\MiniA.exe
Faulting module path: C:\Program Files (x86)\DeathToB Network\Agent 3.1\MiniA.exe
Report Id: 28e4c7ad-9ffc-11e6-a9b0-94de800e87cf

Error: (11/01/2016 02:08:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: O2JamV3.exe, version: 1.0.0.0, time stamp: 0x43983f46
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00038e19
Faulting process id: 0x1b78
Faulting application start time: 0x01d2340661949951
Faulting application path: C:\Program Files (x86)\V3-Games\O2Jam\O2JamV3.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 9ffdf6ee-9ff9-11e6-a9b0-94de800e87cf

Error: (11/01/2016 02:08:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: O2JamV3.exe, version: 1.0.0.0, time stamp: 0x43983f46
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00c65158
Faulting process id: 0x1b78
Faulting application start time: 0x01d2340661949951
Faulting application path: C:\Program Files (x86)\V3-Games\O2Jam\O2JamV3.exe
Faulting module path: unknown
Report Id: 9f775fd5-9ff9-11e6-a9b0-94de800e87cf

Error: (11/01/2016 02:07:29 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program App Simulation v 1.1 because of this error.

Program: App Simulation v 1.1
File: 

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (11/01/2016 02:07:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MiniA.exe, version: 1.1.0.0, time stamp: 0x5800ee9e
Faulting module name: MiniA.exe, version: 1.1.0.0, time stamp: 0x5800ee9e
Exception code: 0xc0000096
Fault offset: 0x005930b9
Faulting process id: 0x1af8
Faulting application start time: 0x01d2340639d4b181
Faulting application path: C:\Program Files (x86)\DeathToB Network\Agent 3.1\MiniA.exe
Faulting module path: C:\Program Files (x86)\DeathToB Network\Agent 3.1\MiniA.exe
Report Id: 77928a5b-9ff9-11e6-a9b0-94de800e87cf

Error: (11/01/2016 02:06:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: O2JamV3.exe, version: 1.0.0.0, time stamp: 0x43983f46
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00038e19
Faulting process id: 0x1140
Faulting application start time: 0x01d23406169d4900
Faulting application path: C:\Program Files (x86)\V3-Games\O2Jam\O2JamV3.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 5f862eb6-9ff9-11e6-a9b0-94de800e87cf

Error: (11/01/2016 02:06:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: O2JamV3.exe, version: 1.0.0.0, time stamp: 0x43983f46
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00b75158
Faulting process id: 0x1140
Faulting application start time: 0x01d23406169d4900
Faulting application path: C:\Program Files (x86)\V3-Games\O2Jam\O2JamV3.exe
Faulting module path: unknown
Report Id: 5e86e369-9ff9-11e6-a9b0-94de800e87cf

Error: (11/01/2016 02:02:58 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/01/2016 02:01:23 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.


System errors:
=============
Error: (11/01/2016 02:01:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rzpnk service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (11/01/2016 02:01:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (10/24/2016 11:00:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rzpnk service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (10/24/2016 11:00:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (10/24/2016 11:00:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (10/14/2016 12:35:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (10/14/2016 12:35:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (10/13/2016 01:17:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.229.1594.0).

Error: (10/13/2016 01:17:08 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version: 

    Previous Signature Version: 1.229.1562.0

    Update Source: Microsoft Update Server

    Update Stage: Install

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: 

    Previous Engine Version: 1.1.13103.0

    Error code: 0x80070643

    Error description: Fatal error during installation.

Error: (10/08/2016 08:03:22 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


CodeIntegrity:
===================================
  Date: 2016-11-01 14:03:38.527
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Leonard\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-01 14:03:38.485
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Leonard\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-01 14:03:38.429
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Leonard\AppData\Local\Temp\gkernel.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-01 14:03:38.228
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Leonard\AppData\Local\Temp\gkernel.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-01 14:01:44.155
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzpnk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-01 14:01:44.102
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzpnk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-10-29 20:47:57.562
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Leonard\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-10-29 20:47:57.505
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Leonard\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-10-28 01:40:12.490
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Leonard\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-10-28 01:40:12.455
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Leonard\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 45%
Total physical RAM: 8134.46 MB
Available physical RAM: 4418.66 MB
Total Virtual: 16267.1 MB
Available Virtual: 11952.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.54 GB) (Free:157.65 GB) NTFS
Drive d: (Jul 23 2015) (CDROM) (Total:0.69 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.