Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Program closed after pressing [Closed]

Started by Leonard_420591 , Feb 21 2017 02:13 AM

  • This topic is locked This topic is locked

#1
Leonard_420591
Posted 21 February 2017 - 02:13 AM

Leonard_420591

    New Member

  • Member
  • Pip
  • 3 posts

Hi,

 

I'm running Windows 7 Home Premium,  I have noticed that some programs ( such as MiniA.exe ) will open for a couple of seconds then close immediately. I've researched about it and found out that it may be because of my antivirus programs . I have already uninstall any antivirus but the problem still persists ..

Appreciate any help, thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
Ran by Leonard (administrator) on LEONARD-PC (21-02-2017 16:05:31)
Running from C:\Users\Leonard\Downloads
Loaded Profiles: Leonard (Available Profiles: Leonard & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(BitTorrent Inc.) C:\Users\Leonard\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Leonard\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
(BitTorrent Inc.) C:\Users\Leonard\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5414\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.8394\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8394\Battle.net Helper.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8394\Battle.net Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
() C:\Program Files (x86)\Garena Plus\bbtalk\BBTalk.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msdt.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.)
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\Run: [uTorrent] => C:\Users\Leonard\AppData\Roaming\uTorrent\uTorrent.exe [2143936 2017-02-04] (BitTorrent Inc.)
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9136168 2016-12-22] ()
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\MountPoints2: {2fa86846-6bfd-11e2-8c50-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\MountPoints2: {afb4075f-d34d-11e3-aa3f-94de800e87cf} - E:\Startme.exe
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\MountPoints2: {fc54df6a-c013-11e5-bbea-94de800e87cf} - E:\startme.exe
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\Winlogon: [Shell] c:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B86F7EBB-4630-440B-9F1C-AA03D8B50414}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{BE1556D8-8934-4DE7-8F72-F3C3FF433C16}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-sg/?ocid=iehp
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-06] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-06] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
 
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-01] (Adobe Systems)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [No File]
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-26] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-26] (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-09-23] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-01] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default [2017-02-21]
CHR Extension: (Google Slides) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google Docs) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (OneTab) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-02-20]
CHR Extension: (Google Search) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Calendar) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-12]
CHR Extension: (Video Downloader professional) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-07-25]
CHR Extension: (JavaScript Editor) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhkeonpomkliaedmafeniofidolfmdd [2016-05-16]
CHR Extension: (Google Sheets) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-02-10]
CHR Extension: (Google Docs Offline) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-18]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-02-10]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2016-12-16]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-12-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Gmail) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-3108869105-240821209-1850858052-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe [72024 2017-01-03] (Google Inc.)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-03] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-03] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-08-26] (NVIDIA Corporation)
S4 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [5622376 2016-11-24] (Hola Networks Ltd.) <==== ATTENTION
S4 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [5494480 2016-05-18] (Hola Networks Ltd.) [File not signed] <==== ATTENTION
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5132656 2013-11-21] (INCA Internet Co., Ltd.)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-08-26] (NVIDIA Corporation)
S4 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-08-26] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-08-26] (NVIDIA Corporation)
S4 PAExec; C:\Windows\PAExec.exe [189112 2016-09-06] (Power Admin LLC)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-11] ()
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-11] ()
S4 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69744 2016-09-06] (Razer Inc.)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-07-20] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-10] (Microsoft Corporation)
S3 Origin Client Service; "C:\Program Files (x86)\Origin\OriginClientService.exe" [X]
S2 Origin Web Helper Service; "C:\Program Files (x86)\Origin\OriginWebHelperService.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 1394hub; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-10-17] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-10-17] (Disc Soft Ltd)
S3 gdrv; no ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-08-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56376 2016-08-26] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [51736 2016-06-23] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-05-07] (Razer, Inc.)
S2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [136312 2016-06-28] (Razer, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-02-03] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-10-13] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2017-02-09] (BigNox Corporation)
S3 X6va012; no ImagePath
R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [253384 2017-02-09] (BigNox Corporation)
U3 atqqnrvv; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 gkernel; \??\C:\Users\Leonard\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION
S3 gxxkernel; \??\C:\Windows\TEMP\gxxkernel.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va023; \??\C:\Windows\SysWOW64\Drivers\X6va023 [X]
S3 X6va034; \??\C:\Windows\SysWOW64\Drivers\X6va034 [X]
S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-21 16:04 - 2017-02-21 16:04 - 02422784 _____ (Farbar) C:\Users\Leonard\Downloads\FRST64.exe
2017-02-21 16:00 - 2017-02-21 16:00 - 00002996 _____ C:\Windows\System32\Tasks\{A879F044-1B8A-47F0-9AB9-53F83D528B9E}
2017-02-21 10:49 - 2017-02-21 11:06 - 1656372859 _____ C:\Users\Leonard\Desktop\Running.Man.E339.170219.720p-NEXT.mp4
2017-02-21 10:48 - 2017-02-21 10:48 - 00134708 _____ C:\Users\Leonard\Downloads\Running.Man.E339.170219.720p-NEXT.srt
2017-02-21 10:48 - 2017-02-21 10:48 - 00031924 _____ C:\Users\Leonard\Downloads\[avistaz.to] Running Man E339 170219 720p NEXT.torrent
2017-02-16 01:45 - 2017-02-16 01:45 - 00026527 _____ C:\Users\Leonard\Downloads\[HorribleSubs] One Piece - 776 [720p].mkv.torrent
2017-02-16 01:45 - 2017-02-16 01:45 - 00026527 _____ C:\Users\Leonard\Downloads\[HorribleSubs] One Piece - 774 [720p].mkv.torrent
2017-02-16 01:45 - 2017-02-16 01:45 - 00026527 _____ C:\Users\Leonard\Downloads\[HorribleSubs] One Piece - 772 [720p].mkv.torrent
2017-02-16 01:45 - 2017-02-16 01:45 - 00026507 _____ C:\Users\Leonard\Downloads\[HorribleSubs] One Piece - 775 [720p].mkv.torrent
2017-02-16 01:45 - 2017-02-16 01:45 - 00026507 _____ C:\Users\Leonard\Downloads\[HorribleSubs] One Piece - 773 [720p].mkv.torrent
2017-02-16 01:45 - 2017-02-16 01:45 - 00026467 _____ C:\Users\Leonard\Downloads\[HorribleSubs] One Piece - 771 [720p].mkv.torrent
2017-02-13 23:39 - 2017-02-13 23:39 - 00126584 _____ C:\Users\Leonard\Downloads\Running.Man.E338.170212.720p-NEXT.srt
2017-02-13 23:39 - 2017-02-13 23:39 - 00031944 _____ C:\Users\Leonard\Downloads\[avistaz.to] Running Man E338 170212 720p NEXT.torrent
2017-02-09 22:57 - 2017-02-09 22:57 - 00000000 ____D C:\Users\Leonard\AppData\Local\MultiPlayerManager
2017-02-09 08:12 - 2017-02-18 22:13 - 00000000 ____D C:\Users\Leonard\vmlogs
2017-02-09 08:12 - 2017-02-18 22:13 - 00000000 ____D C:\Users\Leonard\.BigNox
2017-02-09 08:12 - 2017-02-09 08:12 - 00000045 _____ C:\Users\Leonard\nuuid.ini
2017-02-09 08:12 - 2017-02-09 08:12 - 00000041 _____ C:\Users\Leonard\inst.ini
2017-02-09 08:12 - 2017-02-09 08:12 - 00000000 ____D C:\Users\Leonard\Nox_share
2017-02-09 08:10 - 2017-02-09 08:10 - 00253384 _____ (BigNox Corporation) C:\Windows\system32\Drivers\XQHDrv.sys
2017-02-09 08:10 - 2017-02-09 08:10 - 00127432 _____ (BigNox Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2017-02-09 08:10 - 2017-02-09 08:10 - 00001044 _____ C:\Users\Leonard\Desktop\Multi-Drive.lnk
2017-02-09 08:10 - 2017-02-09 08:10 - 00000963 _____ C:\Users\Leonard\Desktop\Nox.lnk
2017-02-09 08:10 - 2017-02-09 08:10 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2017-02-09 08:10 - 2017-02-09 08:10 - 00000000 ____D C:\Program Files\DIFX
2017-02-09 08:10 - 2017-02-09 08:10 - 00000000 ____D C:\Program Files (x86)\Bignox
2017-02-09 08:09 - 2017-02-18 22:56 - 00000000 ____D C:\Users\Leonard\AppData\Local\Nox
2017-02-09 08:09 - 2017-02-09 08:09 - 00000000 ____D C:\Program Files (x86)\Nox
2017-02-09 08:08 - 2017-02-09 08:08 - 309867912 _____ (Duodian Technology Co. Ltd.) C:\Users\Leonard\Downloads\nox_setup_v3.8.0.0_full_intl.exe
2017-02-08 10:55 - 2017-02-09 22:41 - 00000098 _____ C:\Users\Leonard\Desktop\Rank.txt
2017-02-08 09:38 - 2017-02-08 09:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 12:38 - 2017-02-07 12:38 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-02-07 12:38 - 2017-02-07 12:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-02-07 12:38 - 2017-02-07 12:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-07 12:38 - 2017-02-07 12:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-02-06 21:18 - 2017-02-06 21:18 - 00129242 _____ C:\Users\Leonard\Downloads\Running.Man.E337.170205.720p-NEXT.srt
2017-02-06 21:18 - 2017-02-06 21:18 - 00032784 _____ C:\Users\Leonard\Downloads\[avistaz.to] Running Man E337 170205 720p NEXT.torrent
2017-01-31 09:05 - 2017-01-31 09:05 - 00035924 _____ C:\Users\Leonard\Downloads\[avistaz.to] Running Man E336 170129 720p NEXT.torrent
2017-01-31 09:04 - 2017-01-31 09:04 - 00143298 _____ C:\Users\Leonard\Downloads\Running.Man.E336.170129.720p-NEXT.srt
2017-01-31 05:59 - 2017-01-31 05:59 - 00002747 _____ C:\Users\Public\Desktop\DeathToB Agent 3.1.lnk
2017-01-31 05:59 - 2017-01-31 05:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeathToB Network
2017-01-31 05:58 - 2017-01-31 05:58 - 02655232 _____ C:\Users\Leonard\Downloads\Setup_SEA31_Agent.msi
2017-01-29 13:01 - 2017-01-29 13:01 - 00262543 _____ C:\Users\Leonard\Downloads\[HorribleSubs] Akame ga Kill! (01-24) [1080p] (Batch).torrent
2017-01-24 20:31 - 2017-01-24 20:31 - 00136708 _____ C:\Users\Leonard\Downloads\Running.Man.E335.170122.720p-NEXT.srt
2017-01-24 20:31 - 2017-01-24 20:31 - 00031904 _____ C:\Users\Leonard\Downloads\[avistaz.to] Running Man E335 170122 720p NEXT.torrent
2017-01-23 16:53 - 2017-01-24 13:07 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\obs-studio
2017-01-23 16:52 - 2017-01-23 16:52 - 00001198 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-01-23 16:52 - 2017-01-23 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-01-23 16:51 - 2017-01-23 16:52 - 00000000 ____D C:\Program Files (x86)\obs-studio
2017-01-23 16:49 - 2017-01-23 16:51 - 120703968 _____ (obsproject.com) C:\Users\Leonard\Downloads\OBS-Studio-17.0.2-Full-Installer.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-21 16:06 - 2016-11-01 14:27 - 00022804 _____ C:\Users\Leonard\Downloads\FRST.txt
2017-02-21 16:05 - 2016-11-20 23:26 - 00000000 ____D C:\Users\Leonard\AppData\Local\Battle.net
2017-02-21 16:05 - 2016-11-01 14:17 - 00000000 ____D C:\FRST
2017-02-21 16:05 - 2013-02-03 01:18 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\uTorrent
2017-02-21 16:01 - 2016-09-06 14:25 - 00000000 ____D C:\Users\Leonard\AppData\Local\CrashDumps
2017-02-21 16:01 - 2013-02-02 09:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-21 15:33 - 2016-01-03 17:10 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-21 14:46 - 2016-11-24 14:44 - 00001088 _____ C:\Users\Leonard\Desktop\Settings.ini
2017-02-21 14:10 - 2013-02-02 09:39 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-21 12:33 - 2016-01-03 17:10 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-21 11:54 - 2013-02-02 09:55 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\vlc
2017-02-21 11:40 - 2013-06-26 22:07 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\GarenaPlus
2017-02-21 11:40 - 2013-06-26 22:06 - 00000000 ____D C:\ProgramData\GarenaMessenger
2017-02-21 10:37 - 2014-10-31 06:21 - 00000000 ____D C:\Users\Leonard\Desktop\fjewof
2017-02-20 18:16 - 2016-11-20 23:27 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-02-20 18:02 - 2016-11-20 23:25 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-02-20 14:45 - 2009-07-14 12:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-20 14:45 - 2009-07-14 12:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-20 13:11 - 2016-12-02 12:33 - 00000000 ____D C:\Program Files (x86)\GarenaLoLLCU
2017-02-18 22:14 - 2013-12-08 01:13 - 00000000 ____D C:\Users\Leonard\.android
2017-02-18 14:51 - 2016-01-03 17:12 - 00000000 ___RD C:\Users\Leonard\Dropbox
2017-02-18 14:49 - 2016-11-11 19:30 - 00003476 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
2017-02-18 14:30 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-18 07:36 - 2013-02-02 10:42 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2017-02-18 05:04 - 2014-01-28 22:01 - 00000000 ____D C:\Users\Leonard\Desktop\Veeviisme
2017-02-18 05:03 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-13 23:54 - 2015-01-14 20:31 - 00000000 ____D C:\Users\Leonard\Desktop\NIPOU
2017-02-09 08:12 - 2017-01-12 02:48 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\NVIDIA
2017-02-09 08:12 - 2013-01-31 15:34 - 00000000 ____D C:\Users\Leonard
2017-02-09 08:10 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\registration
2017-02-08 09:38 - 2016-01-03 17:10 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-07 16:53 - 2014-11-26 03:18 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-31 16:52 - 2013-02-02 09:32 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-31 05:57 - 2015-02-24 16:11 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-01-24 20:20 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Public\Libraries
 
==================== Files in the root of some directories =======
 
2015-06-18 20:33 - 2015-06-18 20:58 - 0000115 _____ () C:\Users\Leonard\AppData\Roaming\LogFile.txt
2014-12-04 19:14 - 2014-12-04 19:14 - 0045270 _____ () C:\Users\Leonard\AppData\Roaming\room_v3.dat
2013-08-29 19:50 - 2013-08-29 19:50 - 0007605 _____ () C:\Users\Leonard\AppData\Local\Resmon.ResmonCfg
2015-07-24 16:04 - 2015-07-24 16:04 - 0000000 _____ () C:\Users\Leonard\AppData\Local\{7DC4F3B8-5CF6-4FED-8202-3CD8FD5B1641}
2015-06-04 01:03 - 2015-06-04 01:03 - 0000006 __RSH () C:\ProgramData\eab07bde6d703f8ffe34d4f76a2b462f0628a44a
2016-09-20 22:48 - 2016-09-20 22:48 - 0000016 _____ () C:\ProgramData\mntemp
 
Some files in TEMP:
====================
2017-01-18 04:19 - 2017-01-18 04:19 - 0739904 _____ (Oracle Corporation) C:\Users\Leonard\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-01-31 09:16 - 2017-01-31 09:16 - 0095088 _____ () C:\Users\Leonard\AppData\Local\Temp\LCU_patch_20161125to20161208_1.exe
2017-01-31 09:21 - 2017-01-31 09:21 - 0088888 _____ () C:\Users\Leonard\AppData\Local\Temp\LCU_patch_20161208to20161219.exe
2017-01-31 09:23 - 2017-01-31 09:23 - 0095568 _____ () C:\Users\Leonard\AppData\Local\Temp\LCU_patch_20161219to20170112.exe
2017-02-03 06:48 - 2017-02-03 06:48 - 0092304 _____ () C:\Users\Leonard\AppData\Local\Temp\LCU_patch_20170112to20170126.exe
2017-02-03 06:57 - 2017-02-03 06:57 - 0088672 _____ () C:\Users\Leonard\AppData\Local\Temp\LCU_patch_20170126to20170201.exe
2016-09-13 12:55 - 2016-09-13 12:55 - 0096608 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20160825to20160913.exe
2016-09-28 01:13 - 2016-09-28 01:13 - 0097456 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20160913to20160922.exe
2016-09-28 01:19 - 2016-09-28 01:19 - 0088664 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20160922to20160923.exe
2016-10-01 17:05 - 2016-10-01 17:05 - 0090232 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20160923to20160929.exe
2016-10-08 23:02 - 2016-10-08 23:02 - 0094728 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20160929to20161006_1.exe
2016-10-20 07:39 - 2016-10-20 07:39 - 0095016 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20161006to20161020.exe
2016-11-10 14:18 - 2016-11-10 14:18 - 0098312 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20161020to20161110_1.exe
2016-11-22 20:50 - 2016-11-22 20:51 - 0093984 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20161110to20161122.exe
2016-12-08 19:06 - 2016-12-08 19:07 - 0096376 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20161122to20161208_1.exe
2016-12-15 16:51 - 2016-12-15 16:52 - 0090800 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20161208to20161215.exe
2017-01-09 15:36 - 2017-01-09 15:37 - 0090736 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20161215to20170106.exe
2017-01-12 15:36 - 2017-01-12 15:36 - 0099144 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20170106to20170112.exe
2017-01-14 18:57 - 2017-01-14 18:57 - 0091008 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20170112to20170114.exe
2017-01-19 18:30 - 2017-01-19 18:30 - 0090112 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20170114to20170119.exe
2017-01-31 09:01 - 2017-01-31 09:01 - 0097744 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20170119to20170126.exe
2017-02-09 07:41 - 2017-02-09 07:41 - 0097760 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20170126to20170209.exe
2016-12-04 08:34 - 2016-12-04 19:51 - 0948120 _____ (Nexon) C:\Users\Leonard\AppData\Local\Temp\NGMDll.dll
2016-12-04 08:34 - 2016-12-04 19:51 - 0294912 _____ (Nexon) C:\Users\Leonard\AppData\Local\Temp\NGMResource.dll
2016-12-04 08:34 - 2016-12-04 11:17 - 3620864 _____ (Nexon) C:\Users\Leonard\AppData\Local\Temp\NGMSetup.exe
2016-11-01 22:47 - 2016-12-09 03:42 - 43573720 _____ (Skype Technologies S.A.) C:\Users\Leonard\AppData\Local\Temp\SkypeSetup.exe
2017-01-15 22:00 - 2017-01-15 22:00 - 0091520 _____ () C:\Users\Leonard\AppData\Local\Temp\TW_patch_20170112to20170114_EmotelsBack.exe
2016-12-04 08:34 - 2016-12-04 19:51 - 0258352 _____ (Microsoft Corporation) C:\Users\Leonard\AppData\Local\Temp\unicows.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-12 15:18
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-02-2017
Ran by Leonard (21-02-2017 16:07:01)
Running from C:\Users\Leonard\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-01-31 07:34:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3108869105-240821209-1850858052-500 - Administrator - Disabled)
Guest (S-1-5-21-3108869105-240821209-1850858052-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3108869105-240821209-1850858052-1005 - Limited - Enabled)
Leonard (S-1-5-21-3108869105-240821209-1850858052-1000 - Administrator - Enabled) => C:\Users\Leonard
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.0.447 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Ansel (Version: 372.70 - NVIDIA Corporation) Hidden
AuditionSEA version 6221 (HKLM-x32\...\{0BB9651A-2DFC-4E8E-82BF-A37194E323ED}}_is1) (Version: 6221 - Asiasoft Online Pte. Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Chrome Remote Desktop Host (HKLM-x32\...\{0F4FB60A-EBD8-445B-8117-128E8351647E}) (Version: 56.0.2924.51 - Google Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DeathToB Agent 3.1 (HKLM-x32\...\{9A639A0A-5BBF-4560-B3A8-981E4F412FC7}) (Version: 3.1 -  DeathToB Network)
Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version:  - EnTech Taiwan)
Discord (HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Garena - League of Legends (HKLM-x32\...\LoL) (Version:  - Garena Online Pte Ltd.)
Garena - League of Legends (HKLM-x32\...\LoLLCU) (Version:  - Garena Online Pte Ltd.)
Garena 英雄聯盟(台灣) (HKLM-x32\...\LoLTW) (Version:  - Garena Taiwan)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hola™ 1.21.641 - Better Internet (HKLM\...\Hola) (Version: 1.21.641 - Hola Networks Ltd.) <==== ATTENTION
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Macro Recorder 5.8.0 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mouse and Keyboard Recorder 3.2.3.4 (HKLM-x32\...\{3408E5D6-4925-4496-AB67-AB8643C3685C}_is1) (Version:  - Robot-Soft.com, Inc.)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.8.0.0 - Duodian Technology Co. Ltd.)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.70 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.70 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.2 - OBS Project)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.8.13 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.822 - Razer Inc.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab Detection (HKLM-x32\...\{62675278-956B-4041-9454-411710FB6956}) (Version: 2.2.3.0 - Husdawg, LLC)
TalkTalk (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Driver Package - BigNox Corporation VBoxUSBMon System  (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation XQHDrv System  (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3108869105-240821209-1850858052-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3108869105-240821209-1850858052-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3108869105-240821209-1850858052-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3108869105-240821209-1850858052-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3108869105-240821209-1850858052-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3108869105-240821209-1850858052-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {011C63E1-62C5-436D-8D6E-82BA8275C127} - System32\Tasks\Garena+ Plugin Host Service => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2016-06-01] ()
Task: {06DFCD9F-6DCF-4B6F-BF90-3CC2E8B0A647} - System32\Tasks\{63B916EE-DB7C-411D-BC16-091D590FD37A} => Chrome.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {0D8D94DA-FE13-4BAC-92AD-8557CECA7D54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {0EBB2D98-7008-4C88-B291-E16C42090734} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3108869105-240821209-1850858052-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe 
Task: {1286F89B-D704-4518-A972-8C4FE74DDDBD} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-03] (Dropbox, Inc.)
Task: {19B25E1A-3655-4FAE-BC88-590C76B5DA66} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3108869105-240821209-1850858052-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe 
Task: {1D626CF8-182A-4AA0-9841-D41C6768543E} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-06-22] (Oracle Corporation)
Task: {26425567-C107-4530-8D42-9433DF7D8DD9} - System32\Tasks\{25C77E2D-61C2-44A5-AE2F-587B7535576A} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {2AA74840-CB24-4FA5-85F5-09FF86D88AAD} - System32\Tasks\Hoolapp For Android => C:\Users\Leonard\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE  <==== ATTENTION
Task: {33250D88-1D90-429E-B597-A49E8E3A439D} - System32\Tasks\{A8185759-8DD2-4100-817B-9823B1F74D77} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {3D71F965-F9B2-4EF7-98CD-FED51B36DF60} - System32\Tasks\{A879F044-1B8A-47F0-9AB9-53F83D528B9E} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {40A88854-CC1F-48D5-9E13-C7B8B7A64748} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-03] (Dropbox, Inc.)
Task: {46534AF0-8AAE-494B-91D4-759F94D35CFF} - System32\Tasks\{9D6ED9F9-8F28-46FA-808B-32E52B7DC10D} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-11-15] (Skype Technologies S.A.)
Task: {4C57ABAC-C59B-4DAE-96F5-6A25C100D917} - System32\Tasks\{9B3AB650-8D74-43F3-B673-FC783C258EF3} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.6.0.106&amp;LastError=12002
Task: {4E84BA7B-0E04-44B1-A016-0DEDBF3D6652} - System32\Tasks\{227B4E95-D4F9-4D3C-A031-A2B4F562A192} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {4F972B37-3B69-4AF4-BC5F-33BD1B19D68A} - System32\Tasks\{EAB95980-E7EC-4A94-8357-62B2227F3309} => pcalua.exe -a "C:\Users\Leonard\Desktop\IcyPopX Elite Trainer\IcyPopX Elite Trainer.exe" -d "C:\Users\Leonard\Desktop\IcyPopX Elite Trainer"
Task: {515AD66A-E548-444A-AADC-C23374D8A0F5} - System32\Tasks\{95B30E3A-0062-4AFE-9B69-12C00FFAC6A6} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {59C2C77B-01E1-41B0-A6BB-96B7E38F2739} - System32\Tasks\{45EFC095-7C65-4EBD-A3A3-4187E1582FCA} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {6A1B95EA-5949-4054-90E0-4D89BEE21616} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {83B86917-ACFB-4364-812E-527B6AD72C90} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe 
Task: {8AACE462-BB3E-4FFA-AF84-DA0D554019AA} - System32\Tasks\{CC445D76-0605-4064-81AD-ED9011D0ABBD} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {9F1752C7-8A28-427F-95DE-26D8ABC22444} - System32\Tasks\{A533A0A7-3E77-447F-91DC-23B010667F9D} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {AD73C38C-5DB5-4900-87BB-BF2DED1AAAC2} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
Task: {B7699718-6C47-4863-B34A-57513AED7C03} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {BE317DC1-108A-4C0E-8FE4-1382A4E71641} - System32\Tasks\{DF30BD63-BB26-4051-A9F4-8CB80A0F8BB6} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {C0D040A6-F404-4B05-A2A2-BB959AF7C630} - System32\Tasks\{529A3603-A247-45B2-88C6-F1E1534B3EB4} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {CCF8F04F-0117-435B-B0B2-2D4C813B7DA0} - System32\Tasks\{E557B1E2-E322-4E1C-98D6-309016A3ACF3} => C:\Program Files (x86)\DeathToB Network\Agent 3.1\Patcher.exe [2016-05-11] (Asnpnet Software)
Task: {E9D8AEA8-0366-41F7-ABCF-2B5F61A5BBAD} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe 
Task: {EC26C7CF-1038-4157-AF98-08CE626B9FA1} - System32\Tasks\Hoolapp Init => C:\Users\Leonard\AppData\Roaming\HOOLAP~1\Hoolapp.exe  <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Leonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-02-20 18:01 - 2017-02-20 18:01 - 01455080 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8394\Battle.net Helper.exe
2016-07-01 20:01 - 2016-12-22 01:47 - 09136168 _____ () C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
2016-07-29 11:10 - 2017-01-16 17:54 - 07340536 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\BBtalk.exe
2017-02-08 09:38 - 2017-02-07 12:48 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-02-08 09:38 - 2017-01-14 07:53 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-02-08 09:38 - 2017-01-14 07:53 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-02-08 09:38 - 2017-01-14 07:53 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-02-08 09:38 - 2017-01-14 07:53 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-02-08 09:38 - 2017-01-14 07:54 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-02-08 09:38 - 2017-01-14 07:53 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-02-08 09:38 - 2017-01-14 07:54 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-02-08 09:38 - 2017-01-14 07:53 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-02-08 09:38 - 2017-01-14 07:56 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-02-08 09:38 - 2017-01-14 07:53 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-02-08 09:38 - 2017-01-14 07:56 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-02-08 09:38 - 2017-01-14 07:56 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-02-08 09:38 - 2017-01-14 07:57 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-02-08 09:38 - 2017-01-14 07:56 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-02-08 09:38 - 2017-01-14 07:56 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-02-08 09:38 - 2017-01-14 07:56 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-02-08 09:38 - 2017-01-14 07:57 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-02-08 09:38 - 2017-01-14 07:57 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-02-08 09:38 - 2017-01-14 07:57 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-02-08 09:38 - 2017-01-14 07:56 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-02-08 09:38 - 2017-01-14 07:57 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-02-08 09:38 - 2017-01-14 07:55 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-02-08 09:38 - 2017-01-14 07:57 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-02-08 09:38 - 2017-01-14 07:54 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-02-08 09:38 - 2017-01-14 07:57 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-02-08 09:38 - 2017-01-14 07:51 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-02-08 09:38 - 2017-02-07 12:50 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-02-08 09:38 - 2017-01-14 08:02 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-02-08 09:38 - 2017-01-14 08:02 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-02-08 09:38 - 2017-02-07 12:50 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-02-08 09:38 - 2017-01-14 07:57 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-02-08 09:38 - 2017-02-07 12:50 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-07-29 11:11 - 2016-10-25 21:05 - 00079824 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\InputHook.dll
2016-07-29 11:11 - 2016-12-22 00:10 - 02499024 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\Overlay.dll
2016-07-29 11:11 - 2016-07-29 11:11 - 00076240 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\PluginKernel.dll
2016-07-29 11:10 - 2016-07-29 11:10 - 00116728 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\CommonLib.dll
2017-02-07 16:53 - 2017-02-01 17:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 16:53 - 2017-02-01 17:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2013-03-12 17:10 - 2016-12-24 02:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 10:24 - 2016-09-01 09:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 10:24 - 2016-09-01 09:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 10:24 - 2016-09-01 09:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-23 13:37 - 2017-01-19 09:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 18:35 - 2016-01-27 15:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 18:35 - 2016-01-27 15:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 18:35 - 2016-01-27 15:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 18:35 - 2016-01-27 15:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 18:35 - 2016-01-27 15:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-02-02 10:31 - 2017-01-19 09:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-11 23:59 - 2016-07-05 06:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-13 07:20 - 2017-01-05 11:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2013-02-02 10:31 - 2017-01-19 09:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2017-02-20 18:01 - 2017-02-20 18:01 - 00540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8394\ortp.dll
2017-02-20 18:01 - 2017-02-20 18:01 - 37247976 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8394\libcef.dll
2017-02-20 18:01 - 2017-02-20 18:01 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8394\libEGL.dll
2017-02-20 18:01 - 2017-02-20 18:01 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8394\libGLESv2.dll
2017-02-20 18:01 - 2017-02-20 18:01 - 00990696 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8394\ffmpegsumo.dll
2017-02-20 18:01 - 2017-02-20 18:01 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8394\libglesv2.dll
2017-02-20 18:01 - 2017-02-20 18:01 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8394\libegl.dll
2016-06-01 19:17 - 2016-06-01 19:17 - 00116776 _____ () C:\Program Files (x86)\Garena Plus\CommonLib.dll
2016-07-01 20:01 - 2017-02-03 18:17 - 03402744 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2016-06-01 19:17 - 2016-06-01 19:17 - 00045608 _____ () C:\Program Files (x86)\Garena Plus\DibModule.dll
2016-07-29 20:12 - 2017-02-14 18:39 - 00047096 _____ () C:\Program Files (x86)\Garena Plus\VersionModule.dll
2016-06-01 19:17 - 2016-06-01 19:17 - 00063528 _____ () C:\Program Files (x86)\Garena Plus\FileLoader.dll
2016-06-01 19:18 - 2016-06-01 19:18 - 00099368 _____ () C:\Program Files (x86)\Garena Plus\PluginKernel.dll
2016-06-01 19:17 - 2016-06-01 19:17 - 00499240 _____ () C:\Program Files (x86)\Garena Plus\CxImage.dll
2016-06-01 19:18 - 2016-06-01 19:18 - 00037416 _____ () C:\Program Files (x86)\Garena Plus\PluginModule.dll
2016-06-01 19:18 - 2016-06-01 19:18 - 00182824 _____ () C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
2016-06-24 20:05 - 2016-06-24 20:05 - 00379744 _____ () C:\Program Files (x86)\Garena Plus\lib\Http.dll
2016-06-01 19:18 - 2016-06-01 19:18 - 00196648 _____ () C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00162304 _____ () C:\Program Files (x86)\Garena Plus\lame_enc.DLL
2016-06-01 19:18 - 2016-06-01 19:18 - 00231976 _____ () C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
2016-06-01 19:18 - 2016-06-01 19:18 - 00164392 _____ () C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
2016-06-01 19:18 - 2016-06-01 19:18 - 00970280 _____ () C:\Program Files (x86)\Garena Plus\lib\XLL.dll
2016-06-01 19:18 - 2016-06-01 19:18 - 00067112 _____ () C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00573100 _____ () C:\Program Files (x86)\Garena Plus\sqlite3.dll
2016-06-01 19:18 - 2016-06-01 19:18 - 00237608 _____ () C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
2016-06-24 20:05 - 2016-11-25 18:53 - 02217424 _____ () C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
2016-06-01 19:18 - 2016-06-01 19:18 - 00204840 _____ () C:\Program Files (x86)\Garena Plus\ImageModule.dll
2016-06-01 19:18 - 2016-06-01 19:18 - 00167464 _____ () C:\Program Files (x86)\Garena Plus\libmpg123.dll
2016-07-01 20:01 - 2016-08-29 15:48 - 04892664 _____ () C:\Program Files (x86)\Garena Plus\ggdownloader.dll
2016-06-01 19:18 - 2016-06-01 19:18 - 00077864 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
2016-06-01 19:18 - 2016-06-01 19:18 - 00028712 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
2016-06-01 19:18 - 2016-06-01 19:18 - 01557544 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 13:42 - 2013-02-01 13:42 - 00153088 _____ () C:\Program Files (x86)\Garena Plus\libzmq.dll
2016-06-01 19:18 - 2016-06-01 19:18 - 00968232 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
2016-06-01 19:18 - 2016-06-01 19:18 - 00257064 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
2016-06-01 19:18 - 2016-06-01 19:18 - 00038440 _____ () C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
2016-06-01 19:18 - 2016-06-01 19:18 - 00528936 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
2016-06-01 19:18 - 2016-06-01 19:18 - 00080424 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
2016-06-01 19:18 - 2016-06-01 19:18 - 00113192 _____ () C:\Program Files (x86)\Garena Plus\Plugins\PlatformPlugin.dll
2016-06-01 19:18 - 2016-11-30 21:35 - 00242680 _____ () C:\Program Files (x86)\Garena Plus\Plugins\PluginNews.dll
2016-06-01 19:18 - 2016-06-01 19:18 - 00410152 _____ () C:\Program Files (x86)\Garena Plus\Plugins\GarenaTalkPlugin.dll
2016-06-24 20:05 - 2016-11-10 14:00 - 00237560 _____ () C:\Program Files (x86)\Garena Plus\Plugins\GameSalePlugin.dll
2016-07-29 11:10 - 2016-09-23 19:05 - 00046032 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\DibModule.dll
2016-07-29 11:11 - 2017-01-13 21:16 - 00394744 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\ImageModule.dll
2016-07-29 11:11 - 2016-09-23 19:05 - 00829944 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\gagmhook.dll
2016-07-29 11:11 - 2016-09-23 19:05 - 00053752 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lollauncher.dll
2016-07-29 19:41 - 2017-01-16 17:55 - 00035792 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\VersionModule.dll
2016-07-29 11:11 - 2016-07-29 11:11 - 00460648 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\sqlite3.dll
2016-07-29 11:11 - 2016-07-29 11:11 - 00121336 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\AudioMixerLib.dll
2016-07-29 11:11 - 2016-07-29 11:11 - 00042960 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\ChannelUrlDll.dll
2016-07-29 11:11 - 2016-07-29 11:11 - 00437712 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\exchndl.dll
2016-07-29 11:11 - 2016-09-23 19:06 - 00089592 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\FileManager.dll
2016-07-29 11:11 - 2016-10-25 21:05 - 00065064 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\FileSystem.dll
2016-07-29 11:11 - 2016-10-13 16:41 - 00387024 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\Http.dll
2016-07-29 11:11 - 2016-10-13 16:41 - 00059856 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\InputHookLib.dll
2016-07-29 11:11 - 2016-09-23 19:06 - 00054736 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\IPCLib.dll
2016-07-29 11:11 - 2016-09-23 19:06 - 00067624 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\LangLib.dll
2016-07-29 11:10 - 2016-09-23 19:05 - 00102864 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\audiohost.dll
2016-07-29 11:11 - 2016-07-29 11:11 - 00147920 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\MessagePumpLib.dll
2016-07-29 11:11 - 2016-07-29 11:11 - 00043472 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\MP3Saver.dll
2016-07-29 11:11 - 2016-07-29 11:11 - 00251344 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\libmp3lame.DLL
2016-07-29 11:11 - 2016-09-23 19:06 - 01060344 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\RealTimeVideoEngine.dll
2016-07-29 11:11 - 2016-09-23 19:06 - 00068648 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\ResLib.dll
2016-07-29 11:11 - 2016-07-29 11:11 - 00111144 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\PngModule.dll
2016-07-29 11:11 - 2016-07-29 11:11 - 00140280 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\TcpClient.dll
2016-07-29 11:11 - 2016-07-29 11:11 - 00150008 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UdpClient.dll
2016-07-29 11:11 - 2016-07-29 11:11 - 00123384 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UILayout.dll
2016-07-29 11:11 - 2016-10-25 21:06 - 00879056 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UILib.dll
2016-07-29 11:11 - 2016-09-23 19:06 - 00068560 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\XmlUIModule.dll
2012-12-13 08:12 - 2012-12-13 08:12 - 00111104 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 02286592 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00219648 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00049664 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00051200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00070144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00037376 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00157696 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00093696 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00258560 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00047616 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00043520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2012-12-13 08:12 - 2012-12-13 08:12 - 00440320 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll
2012-12-13 08:12 - 2012-12-13 08:12 - 00724992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00038912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00083968 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2012-12-13 08:12 - 2012-12-13 08:12 - 00035840 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00106496 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 01544192 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00310784 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 01238016 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00051200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00037888 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00198656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 11998720 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00185856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00038400 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 01318912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00051200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 01719296 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00043008 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00372224 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00154624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00037376 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00386560 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00265216 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 01888256 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00310784 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00041472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00043008 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00263168 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00040448 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00042496 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 09263616 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00703488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00052224 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00044032 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00379392 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00139264 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00050688 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00041984 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00077824 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00040960 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00042496 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00056320 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00036352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00040960 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00044544 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00035840 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00034816 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00070656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00035840 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00182272 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00068608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00135168 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 01518080 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00034816 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00038400 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00036352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00035328 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00045568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00033792 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00040960 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00035328 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll
2012-12-13 08:12 - 2012-12-13 08:12 - 00039424 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00048640 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libvobsub_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00055296 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 01398784 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00154624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00166400 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00038912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00040960 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
2012-12-13 08:13 - 2012-12-13 08:13 - 00046080 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll
2017-02-15 05:12 - 2017-02-02 12:30 - 17840216 _____ () C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.221\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Leonard\Desktop\DSC_0162.JPG:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\aeriagames.com -> hxxp://aeriagames.com
IE trusted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\hola.org -> hxxp://hola.org
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\0scan.com -> 0scan.com
 
 
There are 4788 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2015-10-21 02:20 - 00000985 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
198.57.242.187 www.icypopx.com
198.57.242.187 icypopx.com
198.57.242.187 www.forum.icypopx.com
198.57.242.187 forum.icypopx.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Leonard\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AxAutoMntSrv => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: chromoting => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hola_svc => 2
MSCONFIG\Services: hola_updater => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: PAExec => 3
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: Razer Chroma SDK Service => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: StarWindServiceAE => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Display Manager.lnk => C:\Windows\pss\Dell Display Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Leonard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Leonard\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Discord => C:\Users\Leonard\AppData\Local\Discord\app-0.0.296\Discord.exe
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: hola => C:\Program Files\Hola\app\hola.exe --silent
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SearchProtection => "C:\Users\Leonard\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Leonard\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{17D300DF-CBB5-4237-AFA1-4CD91E9B7A50}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BB6012F3-9918-437A-BE03-7BF155C0C60F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C95B104E-2418-4D5A-8E66-D98F767DA7F7}] => (Allow) LPort=8370
FirewallRules: [{607FB0A4-5A86-4C6D-9811-A2F6E1955585}] => (Allow) LPort=8370
FirewallRules: [{E14BD4A7-3028-47F3-B89F-B80BE6D51DE4}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Air\LolClient.exe
FirewallRules: [{1C9EC190-3E23-450D-A525-357456E406F2}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Air\LolClient.exe
FirewallRules: [{D1CE3B01-25BF-40A2-920E-F21610870D26}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Game\League of Legends.exe
FirewallRules: [{E2FEF3D5-0322-4B42-A851-4B5BAB4524E8}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Game\League of Legends.exe
FirewallRules: [TCP Query User{1A05D263-CA51-49AE-84AE-0A8494F157D5}C:\users\leonard\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\leonard\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{2148F55C-2275-4F71-B2F0-6DE8C869B81D}C:\users\leonard\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\leonard\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{50FB3610-D656-49E7-BF7A-76CC1FB605F7}C:\program files (x86)\steam\steamapps\drsync\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\drsync\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{5B930197-4AC1-44D9-87F8-8528B217549F}C:\program files (x86)\steam\steamapps\drsync\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\drsync\team fortress 2\hl2.exe
FirewallRules: [TCP Query User{052558F9-BDC5-460F-8464-6380E56228E8}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{B589941F-7570-487B-B318-58253A9834A7}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [TCP Query User{D14D9EC3-FA32-4A67-90D0-FEDB24FE1B59}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{46827D9C-2756-4DD8-A521-0878B237A1B1}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{34E65F92-30AC-4F64-A22C-F280DE230DC0}] => (Allow) C:\Users\Leonard\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{733136E9-14E3-4C72-A54F-5291473FE8BB}] => (Allow) C:\Users\Leonard\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{6868EFC3-9976-41FF-A0E7-1DD0E816190E}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Block) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [UDP Query User{2FB7351E-CD3A-4F5E-A057-5EA2F58AA08E}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Block) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [TCP Query User{263350E5-10EF-4FA2-8B54-A2722760E158}C:\program files (x86)\garena plus\updatemanager.exe] => (Allow) C:\program files (x86)\garena plus\updatemanager.exe
FirewallRules: [UDP Query User{DDA95320-B77D-4621-99D6-67676626E836}C:\program files (x86)\garena plus\updatemanager.exe] => (Allow) C:\program files (x86)\garena plus\updatemanager.exe
FirewallRules: [{8746C142-B2E8-4651-9D62-EF4308060C87}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\121\Tencentdl.exe
FirewallRules: [{0FF16F88-D33E-4E1F-9D9F-3E65FDA6D353}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\121\Tencentdl.exe
FirewallRules: [{983E82AF-670B-4263-837C-D588C345C449}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{D02C3662-B158-4FCF-AB24-4AF69612CA29}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{83C0ED7A-AF60-42A8-B1A6-50FC0A609EAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{A4AB8DA9-0E7F-4B28-B083-D68FDFBCACF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{7B3B2C8F-1882-4613-8A34-A8062F7B60A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{E4F5E1F1-3FA0-4D09-A1D0-883FD111E39A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{D4B033AC-961D-4410-9CC5-CC69B1D18FE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{46EADCC8-98AB-4683-825D-372197D9AA78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{5D4FA99C-362F-4AEC-90A7-C8ECB35C6B77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{E529529B-0B7F-4A73-A6EC-1E1599DF1F3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{621A0D3F-9DFB-40E5-A6D6-92088C5152FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{5ADDE868-288C-4765-93F9-EB5D8AFB854F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{1D9D9896-D4EC-44F1-89FC-527611D0C72F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{88F40F52-2DFD-4DA0-A44C-2BFBE8F06DC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{93732ABF-43FD-41F5-AB92-2708FF3B6BD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{3D28742F-2277-4993-8869-588FB8DE42A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{10C45940-929B-4EAE-8E87-CB6B8D68F8AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{F9A74F42-89F2-47FD-BB42-CB43C76FF9A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{448A78E0-A98A-4D0E-A3CF-DCEEC7FE0740}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{35A8B147-DCDB-489D-950F-3EE5DF46D6EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{07AF0482-C3FD-4016-905A-FFA799F43443}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{223447B3-3FBA-42F5-A658-6198EC14E479}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{ED88BEE1-9543-4A84-9863-A479037B3C79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{A2D0D42F-5CA4-4B98-B97D-555209BE462A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{2756B401-91F2-4765-A6F3-7B9EBAF90130}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{1EBBFEA2-0963-421F-8927-A0D5A92B7686}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{71FFD945-EB09-4244-AFD4-DB4CACCBA381}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{5D1AB53E-FD6E-4896-9939-6B2190F3121D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{42FF6C97-D294-4E7E-8161-6B1A77E0F502}] => (Allow) C:\Users\Leonard\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E7842442-94D7-4A51-B9C7-BD6C20E3BAD4}] => (Allow) C:\Users\Leonard\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4D001961-999E-4C3A-B24A-28C9F766F7A2}] => (Allow) LPort=59712
FirewallRules: [{9B86A5BD-7F29-4F29-A001-675A9230F5E3}] => (Allow) LPort=5000
FirewallRules: [{3EFEE38F-A035-4C1F-B506-84D77D26FB21}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{28826986-687D-4CA6-82D9-C85C2D685E27}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{300E968B-69CE-4AE8-86FD-5BBC79276E76}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{85360CA5-25E1-4AE3-9014-0B1F4D113C3E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{AAA39346-8D11-4EB4-81A2-98FC63702441}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8ADB0CEB-C35B-4318-A4E1-84799E765B8E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8CBBA20F-B44E-432B-A06F-3339D3F6BF97}] => (Allow) C:\Program Files (x86)\Garena Plus\Room\garena_room.exe
FirewallRules: [{276D3CC4-327B-4AF5-BD32-72EB4DCD484D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{40D05FD2-A357-4AC1-9A3A-E1916CB8A8FE}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{9D849E94-0917-484A-BDBD-58829E51C12F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{E4EE2FC1-FB2F-4943-AF39-91CC4BF045BE}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{896ADC68-90AF-4686-81C9-D8C0C9251853}] => (Allow) C:\Users\Leonard\AppData\Roaming\Andy\Setup.exe
FirewallRules: [{DBEE11C2-61E0-4E0E-9A51-E4AF4369B09A}] => (Allow) C:\Users\Leonard\AppData\Roaming\Andy\Setup.exe
FirewallRules: [{4D6B7829-CEEC-49AF-BBB2-B0A5158B34A5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{83E85CA2-AE40-4678-9B44-84842E7E4E57}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{29401C1A-4B33-410E-85F8-873555F9C794}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7694AF5D-D352-440B-899D-1CAC4B68B4FF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{98613E6C-0FE4-435F-9046-047344A03D75}] => (Allow) C:\Program Files (x86)\GarenaLoLTW\GameData\Apps\LoLTW\Air\LolClient.exe
FirewallRules: [{27495609-0566-4DC7-943B-2D436A8A57D8}] => (Allow) C:\Program Files (x86)\GarenaLoLTW\GameData\Apps\LoLTW\Air\LolClient.exe
FirewallRules: [{8F2AA7A6-93A3-4967-8BE4-629DC3D65AB4}] => (Allow) C:\Program Files (x86)\GarenaLoLTW\GameData\Apps\LoLTW\Game\League of Legends.exe
FirewallRules: [{BA2E145B-7099-419C-B194-CCDA89C6F023}] => (Allow) C:\Program Files (x86)\GarenaLoLTW\GameData\Apps\LoLTW\Game\League of Legends.exe
FirewallRules: [{E7FE3DFF-73C5-457B-92FA-8739EDA79670}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2CCD1F88-8466-4DE9-9D68-59D600F86C31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A1BA1A17-1B29-4AEF-AC8E-4CAD18B6C0BD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{FECF42E0-2594-473A-8210-46BC90E07527}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{161F297B-3BD5-49D7-B0CA-FDA1A02DFAF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5EA7AEE0-2E96-4A34-96CC-7199739280FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E04AC794-F537-421B-952E-AE93AD7A976D}] => (Allow) C:\GarenaDownload\Games\lol\LoLInstaller.exe
FirewallRules: [{CCFF9966-051C-4CFC-BEB0-71FD780C24E8}] => (Allow) C:\GarenaDownload\Games\lol\LoLInstaller.exe
FirewallRules: [{09D100B3-02B4-4566-8EC8-D87771BC6DB0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9A678C65-4791-4EDE-9C4C-704895CE23BD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EC188C0C-E513-4416-A069-7FBBD72C6C07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1730554E-D7AE-4A84-A3B2-EBAC57A5D30E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{256DDD82-459E-4E75-AAD5-227E5867B4B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{0BB82178-A913-43FD-944A-36FD9C5EDA67}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{470669AC-AAAE-4B10-AA5C-D66A52C07F84}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5B52D31B-FB16-4E79-86E1-5620BE938B51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{7A140228-0667-4C2C-B5F3-909AFDB074FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{5539D183-55CB-4F31-B352-6DD7B2499041}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{9BB92BA6-C802-4BBC-BDBE-070693A753C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{D5BA9C02-88E6-4A69-B462-3FBC38750169}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{59908E3B-00B1-4E25-9D83-018C30438E78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E36D3DF9-F01F-4829-972C-8528D85108B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B7D30C4B-15B7-4411-9906-1DB3E18A8857}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{058D09DD-AB97-4517-BDBB-0EAB65316091}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BDC4FAEA-D458-49F9-A534-364814AD5D93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CB2D979E-22A1-4BB3-99E0-C28DF1C4F1E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{75299C9B-3CC2-461D-8BD1-239B17E1A342}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9222B4F8-C7B2-43BA-A236-9E55151858FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4801B1A3-DA90-441D-B0BA-F12052B15C29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7660729C-CCEB-4407-9972-73EAB399D906}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FACCBDA9-9F83-433E-942A-C388E70CDDDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3C20DEE2-D3C0-4ED7-9749-C2B26F9A0EFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{573DBA7F-A388-456E-AACC-ABCBBA07E9EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E17B88D9-6C0F-43C0-9299-BD1490EA9AD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B9550807-0CC2-4B27-9FED-F154BCE09604}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DA2832B5-B1F7-47E3-A028-537B996C9509}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{03BC176F-71CA-492A-B87E-23E53257B78A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8086E5C2-ADE2-409E-88FF-6F487B5BBAC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EDD1BE8F-B56C-460F-B9A5-C19B2E139D36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AC26CD75-9A76-4E91-922A-DB32388F1231}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{13290486-3289-4227-9657-6C624428DA87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{26A2BFC4-A8A8-4C2F-8132-5F05698155EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C60DE347-F61E-43F7-B155-54C5284D2159}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{92451C2E-72F1-43BC-AC10-A9369326DB34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{73301FE5-8F5E-47ED-9B40-DF5FB96C3D11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2A89D475-BE3C-4673-9C08-AAB0260C325F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{75303DEC-F503-427E-A807-DE59128F8F2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AFE44F45-76BB-4BB2-A6A3-A8D465B542EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FDF20BEB-FE9B-4E56-A2FB-D0ED96CABE94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BD3AF799-9368-447E-B089-A38017238B47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0755643B-8385-400E-947F-A53BB6D066F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E0EC1B51-71CD-4148-AD9B-F73CDD0FAD04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{31BABE80-9543-4ACB-82A9-6DF79C20DA5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{22F6EAC8-D52C-456F-82BB-CA8322E47B24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{41404B6B-69F4-469F-A339-35F58AAA10B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EB56107A-8240-4D02-934A-085D6B5AEA90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1BB72BFB-8BC0-4010-9319-24883715AB56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FF681C98-3111-4E1E-A25C-800135FEB8E9}] => (Allow) LPort=6928
FirewallRules: [{D713BB60-012D-4118-A395-D9D3D3B45DEA}] => (Allow) LPort=6928
FirewallRules: [{4C172051-4FB0-4848-B7AA-911C3D0C84A9}] => (Allow) LPort=6881
FirewallRules: [{5288950E-E5C8-4F3B-9097-834142187A6B}] => (Allow) LPort=6881
FirewallRules: [{AEC0F893-AB93-4712-BEB3-61854BB9939B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3AD15D53-CD7E-423F-9FF6-9220E3243609}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5CF9E319-4BFC-40D1-9C30-FE82721ADBCE}] => (Allow) LPort=8370
FirewallRules: [{BB91D343-369B-427D-8225-B85B80575510}] => (Allow) LPort=8370
FirewallRules: [{53D3CE0A-919D-4979-AD8E-0C5D213424BD}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Air\LolClient.exe
FirewallRules: [{63EEC47A-1DD1-41E3-A725-541A85B1D360}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Air\LolClient.exe
FirewallRules: [{84D58492-983F-405F-9225-BF20C2C3D079}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Game\League of Legends.exe
FirewallRules: [{5C3F3C85-D279-424B-B544-1136549FFABF}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Game\League of Legends.exe
FirewallRules: [{D12CB895-04AE-416C-AEFE-0D1CA00B3929}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D2DBAB6A-922B-425D-BB5A-FF160BFAC9C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{DC69B0C2-F57A-460B-B212-CD82195376C8}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{8355860C-2671-41C6-BFA4-65B6729649B3}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{3F736911-34FA-4687-BDC0-CFEFC6529FAE}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Allow) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [UDP Query User{59E28E13-C0FD-4383-A1E7-0AA6BB803BA5}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Allow) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [TCP Query User{D8F6B0CB-942C-4253-9366-2E485887401B}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{09F587BE-08DE-4A95-9B21-6D8A2338046D}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [{D7723D47-D874-43F6-BAAE-9CB9E5B64094}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{551748D5-6F61-4143-8F67-D5B700A6DD9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6F960C69-0D14-4EF7-83BE-EE676D38083F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{90559ED5-A76E-4FF6-9C91-1F0C517528FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BF3E9B5D-A640-4F9A-B9F6-24D5C4121265}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{ED61C7CA-6E6F-4BF0-9DBD-E00EC3ABF3C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{17A44C25-C28C-4F7D-8907-FA91D01F6142}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FD692D7D-B925-4EF5-A792-150F32F8BCBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{A905C31D-EA3A-4A87-A34E-FA3722171212}C:\garenadownload\games\lollcu\lollcuinstaller.exe] => (Allow) C:\garenadownload\games\lollcu\lollcuinstaller.exe
FirewallRules: [UDP Query User{1F5F7D79-CFDA-4037-A82D-6FDED4478CDD}C:\garenadownload\games\lollcu\lollcuinstaller.exe] => (Allow) C:\garenadownload\games\lollcu\lollcuinstaller.exe
FirewallRules: [{10C8904D-7F93-4352-8213-3A28A477749F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{099EABF0-6A48-4E8F-921F-E4361AF9B56D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{1D8BEB25-EEFB-4FDC-84B0-CD10ECA9C92F}C:\users\leonard\desktop\maplestory\appdata\aries.exe] => (Allow) C:\users\leonard\desktop\maplestory\appdata\aries.exe
FirewallRules: [UDP Query User{2FE93C18-5E2D-441E-A968-3A88618D0955}C:\users\leonard\desktop\maplestory\appdata\aries.exe] => (Allow) C:\users\leonard\desktop\maplestory\appdata\aries.exe
FirewallRules: [TCP Query User{59C606E0-693C-4B12-B6A0-07E544287A43}C:\users\leonard\desktop\maplestory\appdata\maplestory.exe] => (Allow) C:\users\leonard\desktop\maplestory\appdata\maplestory.exe
FirewallRules: [UDP Query User{6C8629E0-601C-4D85-AE11-58A68AC21F85}C:\users\leonard\desktop\maplestory\appdata\maplestory.exe] => (Allow) C:\users\leonard\desktop\maplestory\appdata\maplestory.exe
FirewallRules: [{83B17816-FEC7-47FB-8550-B0D049E3FE0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{502CC001-CDB1-4B5E-B23B-983044E622F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{97C37335-4AC8-407F-9D7F-E8B2C3BBF9C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{30A406CD-537E-4C42-B9FB-BBC5CCA940E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0D6E78B1-56CE-4816-BCD3-97A4542D4920}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2D575AF6-846C-41E4-9783-6DA4AEFE0B6D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6B20555D-6593-4698-BDB2-BC0DBB24109C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2B15B9EE-BFEA-4589-A458-03E987978C08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CD9A240C-F339-4F19-8AE6-24D4C0811EF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4E28A41A-EF71-4396-B3F3-462EF84B0E8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A29DD25F-6C8E-4B85-B9B0-0E7D5770D8F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0B53A31B-A892-4450-AF6D-1B6EBB5E12CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{ED3CAB70-5111-4B91-8144-41E314F692EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DD72CADE-5B28-4971-817C-7B484C01C294}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D1BC9F3E-8D03-49DA-8449-0DCAD75F20C2}] => (Allow) LPort=6915
FirewallRules: [{BFAC2664-9CCF-4C88-B51D-A04A2EE3C6D1}] => (Allow) LPort=6915
FirewallRules: [{6F382BF4-1295-49D7-8491-28A81CA1DD42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{11D88627-D172-4430-B249-0B8F4C755B07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{415EB3DE-C925-43B8-A545-F24E471DE652}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F9CB4D1E-00C8-4812-AE03-01CB7A6A43B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BD0B2584-49A9-44C9-8762-68BDB9832D1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2A3ED3A4-1461-4541-A7F8-F9C405DB61A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E8671580-14EB-4E9A-BFBC-CCF9C825DFAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9959E0DD-F9D4-423F-B829-62FC3DE3C264}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{341FFE48-F9F9-4798-9E05-4774AF636A73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D44F4AFD-86FD-4781-A993-8AC4C8777CC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{44239538-39EA-4447-9A1B-BA21F813703F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{44E048B4-533C-4B6D-A345-1505F4E021D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F01E00B3-538E-472D-AD38-CB4557350A47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C26490D1-F93F-4263-A52C-5FAF48E3FE4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{67C94DA5-0163-4EC1-A1BF-CE686D19207C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{40270FD4-6AF4-424B-BEC0-CDAC0ABD6958}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7F1AD204-7C67-46E0-9D23-5ADBDDD2CEED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0104B534-D064-4448-96FE-C98E5232755B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{982B0AD3-0742-4A19-8A84-3ADDAB316253}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9137EAFD-0FFF-41B9-98F3-EC787B517F31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{63E5FDB3-6C61-4DF0-BCE9-7C0EDDA443D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6417FA38-3AA0-4840-A813-873FCB7BA45F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{18F220AC-8D5B-4817-84C8-44F1B011A987}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{20B9600D-AFF0-4F61-9252-FCC4324A8AA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5082832C-E768-4E48-BA83-0098C4830F24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3A25EDF2-7615-4609-A087-3DC0E99A24DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{371F77CD-13FE-44A1-A396-CEBD0F6936CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B2663D68-75B8-422E-B66B-7E7E4A4DA76C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9BCC4683-9EAE-4B7A-9644-E23B138AFB47}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{DE982092-9269-47CE-825F-1BBC1AAAC233}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{A18D20F4-9065-4126-97E9-65C5B3822393}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9CF85EEA-4E1E-4A5B-B77D-9BB42E7CF1D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CDAC4153-62C1-4025-83E0-FE1779BEEDEB}] => (Allow) LPort=6949
FirewallRules: [{D2FB4A82-D1F5-42A6-8847-3D788E28BEAF}] => (Allow) LPort=6949
FirewallRules: [{E23C87D8-FD62-4E66-9BBC-E15ED9D233F2}] => (Allow) C:\Program Files (x86)\GarenaLoLTW\GameData\Apps\LoLTW\Air\LolClient.exe
FirewallRules: [{F617F919-DA3E-4E8C-8FA0-36DB863D13EC}] => (Allow) C:\Program Files (x86)\GarenaLoLTW\GameData\Apps\LoLTW\Air\LolClient.exe
FirewallRules: [{D94F9EF4-D3A0-4163-A46D-AC200AE0FEAD}] => (Allow) C:\Program Files (x86)\GarenaLoLTW\GameData\Apps\LoLTW\Game\League of Legends.exe
FirewallRules: [{58E587C7-DC89-4112-88AA-6A6D79B66590}] => (Allow) C:\Program Files (x86)\GarenaLoLTW\GameData\Apps\LoLTW\Game\League of Legends.exe
FirewallRules: [{3001D15D-0C91-4372-9124-3AF879876117}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E9F53F61-4FE8-4FD3-B261-FE8B9DF4D91F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{348EF472-4B33-4A35-B155-9D5FFA3EA3CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4CB0C91C-36AA-4878-87F8-34E4D4E0195E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C25C1E61-7DEB-4D46-866D-D4DD2A5FC0D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B39DB64E-DDD7-4E95-8B62-902605A0D07A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F4A43EB2-5496-45D4-A572-7ED68FFD1EA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F5AE414D-C738-4299-95A2-51209A1751EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{484FB1F3-BCDE-4E1F-AE8C-68F4143C18CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{815776F1-ECCE-4F93-BEBF-B58D5E6257F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{32F93117-6787-4F90-AF2A-4F1384E0BDE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{86F0057D-EEAA-4A0C-B9C0-FF8433491F92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E795E5DC-FF0D-44CE-BF20-445C8471B1FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{229C20BA-C525-40F2-B3D3-D2D1F82B7CDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{20E44FA8-F54B-43C5-AEF4-888B9C190B2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6D9096F7-418F-4259-A543-D818F834950F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F7740E65-FC46-4D88-AB52-239CF5214CDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F3199F46-9A5E-4A99-85EF-8CEAA5AEA445}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{58B31EFA-C7E6-4145-8B53-4E3861006333}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B424BE36-4EC1-4A9E-9C1E-566A0A31684F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0EE7C032-F39C-4B86-B3CE-1814763832EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{531DE108-18A5-4EA8-8738-034E4F9A24DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9051C722-1412-4DF0-ACF8-C142A0BEC6D2}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
FirewallRules: [{7CA8A25B-2460-44D1-9EF6-E19B8121357E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{98930D11-F1F0-4821-9762-598777C71651}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D65C234C-2889-4FD0-A797-6A3399838740}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{922301CD-F3E1-4304-804F-D073EC3EBE0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B03A1D6F-2B4E-4526-BA01-C877A2FEF7A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{271C4BC7-9F29-4E81-A18E-36D4E954BEF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4A041B8A-A4FF-4B48-A3A1-BBA8D4E4874A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D951709C-8CE7-4710-B39F-9C8D0C87A30F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9351C021-3094-4884-80AF-719CA13A2B85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{61947DDA-7FA8-4A7B-AA9E-EAC1B1B1F63E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{199EE9FD-20D2-4F6D-A49F-34C1CF313E36}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1EF30619-D8C2-4E50-BFD9-2874D36CDAA7}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{9D21C19F-CA80-4A2A-9F82-F2C5BE3CF7C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C99C93FC-F8BA-4342-B627-D1D5E0D01DBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{989DFB98-A3D7-47A9-9A46-69BC70B23C57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FD57491C-8B31-4E80-A22D-07CB3B15143F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9D00B06B-406B-4CF8-A516-2456135FDF0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C987F1AF-8F7D-40D7-BE9E-B813349CD985}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E4D25239-41E1-47BE-809D-758963EF571D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AC3FA391-24C9-4FA4-A804-EF0CB8DD58E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1D37C1FA-D17D-42C5-9BB7-C33D149929DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4A1F9F34-9839-443D-8528-ECFECB64D319}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1E8422DE-BA54-4638-804C-30E9BCB9A8BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{81335DC9-A310-4E0B-8E53-8C0D7B7B7D4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D083F5DF-C852-424F-8C71-1981B2DA876E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{99305BDC-060E-4EE2-8E3D-ACB5048B0A4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{882C1074-4414-47B9-8DB1-B54B9771067E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3AB75251-6223-4717-82B9-4CA7ADC9E31F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
 
==================== Restore Points =========================
 
21-02-2017 14:42:05 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: AAKXXVIK IDE Controller
Description: AAKXXVIK IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: atqqnrvv
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/21/2017 04:00:57 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program App Simulation v 1.1 because of this error.
 
Program: App Simulation v 1.1
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (02/21/2017 04:00:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MiniA.exe, version: 1.1.0.0, time stamp: 0x58a7eec4
Faulting module name: MiniA.exe, version: 1.1.0.0, time stamp: 0x58a7eec4
Exception code: 0xc0000096
Fault offset: 0x005990b9
Faulting process id: 0x2058
Faulting application start time: 0x01d28c18a20012bd
Faulting application path: C:\Program Files (x86)\DeathToB Network\Agent 3.1\MiniA.exe
Faulting module path: C:\Program Files (x86)\DeathToB Network\Agent 3.1\MiniA.exe
Report Id: dfbe39b8-f80b-11e6-b121-94de800e87cf
 
Error: (02/21/2017 04:00:12 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program App Simulation v 1.1 because of this error.
 
Program: App Simulation v 1.1
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (02/21/2017 04:00:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MiniA.exe, version: 1.1.0.0, time stamp: 0x58a7eec4
Faulting module name: MiniA.exe, version: 1.1.0.0, time stamp: 0x58a7eec4
Exception code: 0xc0000096
Fault offset: 0x005990b9
Faulting process id: 0xf28
Faulting application start time: 0x01d28c18862b0829
Faulting application path: C:\Program Files (x86)\DeathToB Network\Agent 3.1\MiniA.exe
Faulting module path: C:\Program Files (x86)\DeathToB Network\Agent 3.1\MiniA.exe
Report Id: c510ea99-f80b-11e6-b121-94de800e87cf
 
Error: (02/21/2017 08:04:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.0.5.0, time stamp: 0x50c91d8b
Faulting module name: vlc.exe, version: 2.0.5.0, time stamp: 0x50c91d8b
Exception code: 0xc0000005
Fault offset: 0x00001665
Faulting process id: 0x196c
Faulting application start time: 0x01d28bd0efb91d5e
Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Report Id: 5c86f344-f7c9-11e6-b121-94de800e87cf
 
Error: (02/21/2017 04:31:34 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (02/18/2017 02:31:31 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/18/2017 02:30:10 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
 
Error: (02/18/2017 10:41:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.0.5.0, time stamp: 0x50c91d8b
Faulting module name: vlc.exe, version: 2.0.5.0, time stamp: 0x50c91d8b
Exception code: 0xc0000005
Fault offset: 0x00001665
Faulting process id: 0xe98
Faulting application start time: 0x01d288b2ea427d09
Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Report Id: bcb7b77c-f583-11e6-80e6-94de800e87cf
 
Error: (02/18/2017 07:37:37 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-679A73509D2812B61092D18C5C0521C355EF6273.bin.79 for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Antimalware Service Executable because of this error.
 
Program: Antimalware Service Executable
File: C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-679A73509D2812B61092D18C5C0521C355EF6273.bin.79
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C000007F
Disk type: 3
 
 
System errors:
=============
Error: (02/20/2017 02:28:52 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (02/18/2017 02:30:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rzpnk service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (02/18/2017 02:30:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (02/18/2017 02:29:47 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:28:22 PM on ‎2/‎18/‎2017 was unexpected.
 
Error: (02/18/2017 07:37:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (02/18/2017 07:37:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.
 
Error: (02/18/2017 07:37:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.
 
Error: (02/18/2017 07:36:51 AM) (Source: Microsoft Antimalware) (EventID: 5008) (User: )
Description: Microsoft Antimalware engine has been terminated due to an unexpected error.
 
Failure Type: Crash
 
Exception code: 0xc0000006
 
Resource: file:C:\Program Files (x86)\Garena Plus\VersionModule.dll
 
Error: (02/18/2017 06:58:26 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (02/14/2017 10:51:05 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
 
CodeIntegrity:
===================================
  Date: 2017-02-18 14:30:19.801
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzpnk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-18 14:30:19.754
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzpnk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-14 10:45:59.166
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzpnk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-14 10:45:59.134
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzpnk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-13 14:29:07.976
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzpnk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-13 14:29:07.929
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzpnk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-13 12:53:06.887
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzpnk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-13 12:53:06.840
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzpnk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-10 15:40:23.577
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzpnk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-10 15:40:23.530
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\rzpnk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 69%
Total physical RAM: 8134.46 MB
Available physical RAM: 2456.13 MB
Total Virtual: 16267.1 MB
Available Virtual: 9664.5 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.54 GB) (Free:20.79 GB) NTFS
Drive d: (Jul 23 2015) (CDROM) (Total:0.69 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Edited by Leonard_420591, 21 February 2017 - 02:15 AM.

  • 0

Advertisements

#2
JSntgRvr
Posted 25 February 2017 - 10:32 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Welcome. :)
 
Remove Hola from your programs.

Download the attached file [attachment=84188:Fixlist.txt] and save it in the same directory FRST64 is saved.

  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

iO5EZayK.png

  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg

  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

  • 0

#3
Leonard_420591
Posted 25 February 2017 - 07:04 PM

Leonard_420591

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

FRST

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017
Ran by Leonard (26-02-2017 05:06:16) Run:1
Running from C:\Users\Leonard\Desktop\New folder
Loaded Profiles: Leonard (Available Profiles: Leonard & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\...\Winlogon: [Shell] c:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
S4 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [5622376 2016-11-24] (Hola Networks Ltd.) <==== ATTENTION
S4 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [5494480 2016-05-18] (Hola Networks Ltd.) [File not signed] <==== ATTENTION
S3 gkernel; \??\C:\Users\Leonard\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION
HolaT 1.21.641 - Better Internet (HKLM\...\Hola) (Version: 1.21.641 - Hola Networks Ltd.) <==== ATTENTION
Task: {2AA74840-CB24-4FA5-85F5-09FF86D88AAD} - System32\Tasks\Hoolapp For Android => C:\Users\Leonard\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE  <==== ATTENTION
Task: {EC26C7CF-1038-4157-AF98-08CE626B9FA1} - System32\Tasks\Hoolapp Init => C:\Users\Leonard\AppData\Roaming\HOOLAP~1\Hoolapp.exe  <==== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [No File]
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
S3 gkernel; \??\C:\Users\Leonard\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION
2017-01-18 04:19 - 2017-01-18 04:19 - 0739904 _____ (Oracle Corporation) C:\Users\Leonard\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-01-31 09:16 - 2017-01-31 09:16 - 0095088 _____ () C:\Users\Leonard\AppData\Local\Temp\LCU_patch_20161125to20161208_1.exe
2017-01-31 09:21 - 2017-01-31 09:21 - 0088888 _____ () C:\Users\Leonard\AppData\Local\Temp\LCU_patch_20161208to20161219.exe
2017-01-31 09:23 - 2017-01-31 09:23 - 0095568 _____ () C:\Users\Leonard\AppData\Local\Temp\LCU_patch_20161219to20170112.exe
2017-02-03 06:48 - 2017-02-03 06:48 - 0092304 _____ () C:\Users\Leonard\AppData\Local\Temp\LCU_patch_20170112to20170126.exe
2017-02-03 06:57 - 2017-02-03 06:57 - 0088672 _____ () C:\Users\Leonard\AppData\Local\Temp\LCU_patch_20170126to20170201.exe
2016-09-13 12:55 - 2016-09-13 12:55 - 0096608 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20160825to20160913.exe
2016-09-28 01:13 - 2016-09-28 01:13 - 0097456 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20160913to20160922.exe
2016-09-28 01:19 - 2016-09-28 01:19 - 0088664 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20160922to20160923.exe
2016-10-01 17:05 - 2016-10-01 17:05 - 0090232 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20160923to20160929.exe
2016-10-08 23:02 - 2016-10-08 23:02 - 0094728 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20160929to20161006_1.exe
2016-10-20 07:39 - 2016-10-20 07:39 - 0095016 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20161006to20161020.exe
2016-11-10 14:18 - 2016-11-10 14:18 - 0098312 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20161020to20161110_1.exe
2016-11-22 20:50 - 2016-11-22 20:51 - 0093984 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20161110to20161122.exe
2016-12-08 19:06 - 2016-12-08 19:07 - 0096376 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20161122to20161208_1.exe
2016-12-15 16:51 - 2016-12-15 16:52 - 0090800 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20161208to20161215.exe
2017-01-09 15:36 - 2017-01-09 15:37 - 0090736 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20161215to20170106.exe
2017-01-12 15:36 - 2017-01-12 15:36 - 0099144 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20170106to20170112.exe
2017-01-14 18:57 - 2017-01-14 18:57 - 0091008 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20170112to20170114.exe
2017-01-19 18:30 - 2017-01-19 18:30 - 0090112 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20170114to20170119.exe
2017-01-31 09:01 - 2017-01-31 09:01 - 0097744 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20170119to20170126.exe
2017-02-09 07:41 - 2017-02-09 07:41 - 0097760 _____ () C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20170126to20170209.exe
2016-12-04 08:34 - 2016-12-04 19:51 - 0948120 _____ (Nexon) C:\Users\Leonard\AppData\Local\Temp\NGMDll.dll
2016-12-04 08:34 - 2016-12-04 19:51 - 0294912 _____ (Nexon) C:\Users\Leonard\AppData\Local\Temp\NGMResource.dll
2016-12-04 08:34 - 2016-12-04 11:17 - 3620864 _____ (Nexon) C:\Users\Leonard\AppData\Local\Temp\NGMSetup.exe
2016-11-01 22:47 - 2016-12-09 03:42 - 43573720 _____ (Skype Technologies S.A.) C:\Users\Leonard\AppData\Local\Temp\SkypeSetup.exe
2017-01-15 22:00 - 2017-01-15 22:00 - 0091520 _____ () C:\Users\Leonard\AppData\Local\Temp\TW_patch_20170112to20170114_EmotelsBack.exe
2016-12-04 08:34 - 2016-12-04 19:51 - 0258352 _____ (Microsoft Corporation) C:\Users\Leonard\AppData\Local\Temp\unicows.dll
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
*****************
 
HKU\S-1-5-21-3108869105-240821209-1850858052-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\System\CurrentControlSet\Services\hola_svc => key removed successfully
hola_svc => service removed successfully
HKLM\System\CurrentControlSet\Services\hola_updater => key removed successfully
hola_updater => service removed successfully
HKLM\System\CurrentControlSet\Services\gkernel => key removed successfully
gkernel => service removed successfully
HolaT 1.21.641 - Better Internet (HKLM\...\Hola) (Version: 1.21.641 - Hola Networks Ltd.) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AA74840-CB24-4FA5-85F5-09FF86D88AAD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AA74840-CB24-4FA5-85F5-09FF86D88AAD} => key removed successfully
C:\Windows\System32\Tasks\Hoolapp For Android => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hoolapp For Android => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EC26C7CF-1038-4157-AF98-08CE626B9FA1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC26C7CF-1038-4157-AF98-08CE626B9FA1} => key removed successfully
C:\Windows\System32\Tasks\Hoolapp Init => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hoolapp Init => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1 => key removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4 => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.3.0 => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.5.1 => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame => key removed successfully
gkernel => service not found.
C:\Users\Leonard\AppData\Local\Temp\jre-8u121-windows-au.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LCU_patch_20161125to20161208_1.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LCU_patch_20161208to20161219.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LCU_patch_20161219to20170112.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LCU_patch_20170112to20170126.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LCU_patch_20170126to20170201.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20160825to20160913.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20160913to20160922.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20160922to20160923.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20160923to20160929.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20160929to20161006_1.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20161006to20161020.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20161020to20161110_1.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20161110to20161122.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20161122to20161208_1.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20161208to20161215.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20161215to20170106.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20170106to20170112.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20170112to20170114.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20170114to20170119.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20170119to20170126.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\LOL_patch_20170126to20170209.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\NGMDll.dll => moved successfully
C:\Users\Leonard\AppData\Local\Temp\NGMResource.dll => moved successfully
C:\Users\Leonard\AppData\Local\Temp\NGMSetup.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\TW_patch_20170112to20170114_EmotelsBack.exe => moved successfully
C:\Users\Leonard\AppData\Local\Temp\unicows.dll => moved successfully
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {5AFA1F6D-57FD-45D0-BBB3-B877E4733CD4}.
Unable to cancel {B16EFC7E-55B3-42A6-87D6-9F5935E35FEB}.
0 out of 2 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5683863 B
Java, Flash, Steam htmlcache => 441850912 B
Windows/system/drivers => 64457804 B
Edge => 0 B
Chrome => 822604707 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 569541026 B
systemprofile32 => 33058 B
LocalService => 66228 B
NetworkService => 581774 B
Leonard => 6694491526 B
Guest => 173442 B
 
RecycleBin => 2680441458 B
EmptyTemp: => 10.5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 05:07:57 ====
 
JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Leonard (Administrator) on Sun 02/26/2017 at  5:30:51.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 15 
 
Failed to delete: C:\ProgramData\185341 (Folder) 
Successfully deleted: C:\end (File) 
Successfully deleted: C:\ProgramData\185241 (Folder) 
Successfully deleted: C:\ProgramData\iwin games (Folder) 
Successfully deleted: C:\ProgramData\iwin (Folder) 
Successfully deleted: C:\ProgramData\mntemp (File) 
Successfully deleted: C:\ProgramData\tencent (Folder) 
Successfully deleted: C:\Users\Leonard\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\Leonard\AppData\Local\torch (Folder) 
Successfully deleted: C:\Users\Leonard\AppData\Roaming\drivercure (Folder) 
Successfully deleted: C:\Users\Leonard\AppData\Roaming\search protection (Folder) 
Successfully deleted: C:\Users\Leonard\AppData\Roaming\tencent (Folder) 
Successfully deleted: C:\Program Files (x86)\Common Files\tencent (Folder) 
Successfully deleted: C:\Users\Leonard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WY80CASX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WY80CASX (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/26/2017 at  5:33:28.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
ADW
 
# AdwCleaner v6.043 - Logfile created 26/02/2017 at 08:55:52
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-24.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Leonard - LEONARD-PC
# Running from : C:\Users\Leonard\Desktop\adwcleaner_6.043.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\Leonard\AppData\Roaming\Hola
Folder Found:  C:\Users\Leonard\AppData\Roaming\HoolappforAndroid
Folder Found:  C:\Users\Leonard\AppData\Roaming\ParetoLogic
Folder Found:  C:\Users\Leonard\AppData\Roaming\PARETOLOGIC
Folder Found:  C:\Users\Leonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pogo Games
Folder Found:  C:\Users\Guest\AppData\Local\torch
Folder Found:  C:\Program Files\Hola
Folder Found:  C:\ProgramData\ParetoLogic
Folder Found:  C:\ProgramData\PARETOLOGIC
Folder Found:  C:\ProgramData\Application Data\ParetoLogic
Folder Found:  C:\ProgramData\Application Data\PARETOLOGIC
Folder Found:  C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
 
 
***** [ Files ] *****
 
File Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hola.lnk
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\hola_svc
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\hola_updater
Key Found:  HKLM\SOFTWARE\Classes\FaiNNdBestDeeali.FaiNNdBestDeeali
Key Found:  HKLM\SOFTWARE\Classes\FaiNNdBestDeeali.FaiNNdBestDeeali.1.5
Key Found:  HKLM\SOFTWARE\Classes\RReguluarDeealS.RReguluarDeealS
Key Found:  HKLM\SOFTWARE\Classes\RReguluarDeealS.RReguluarDeealS.7.2
Key Found:  [x64] HKLM\SOFTWARE\Classes\FaiNNdBestDeeali.FaiNNdBestDeeali
Key Found:  [x64] HKLM\SOFTWARE\Classes\FaiNNdBestDeeali.FaiNNdBestDeeali.1.5
Key Found:  [x64] HKLM\SOFTWARE\Classes\RReguluarDeealS.RReguluarDeealS
Key Found:  [x64] HKLM\SOFTWARE\Classes\RReguluarDeealS.RReguluarDeealS.7.2
Key Found:  HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
Key Found:  HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Key Found:  HKU\.DEFAULT\Software\Hola
Key Found:  HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found:  HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found:  HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found:  HKU\S-1-5-21-3108869105-240821209-1850858052-1000\Software\distromatic
Key Found:  HKU\S-1-5-21-3108869105-240821209-1850858052-1000\Software\Hola
Key Found:  HKU\S-1-5-21-3108869105-240821209-1850858052-1000\Software\ParetoLogic
Key Found:  HKU\S-1-5-21-3108869105-240821209-1850858052-1000\Software\SafetyNut
Key Found:  HKU\S-1-5-21-3108869105-240821209-1850858052-1000\Software\Softonic
Key Found:  HKU\S-1-5-21-3108869105-240821209-1850858052-1000\Software\speedypc software
Key Found:  HKU\S-1-5-21-3108869105-240821209-1850858052-1000\Software\PogoDGC
Key Found:  HKU\S-1-5-21-3108869105-240821209-1850858052-1000\Software\SAFETYNUT
Key Found:  HKU\S-1-5-21-3108869105-240821209-1850858052-1000\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found:  HKU\S-1-5-18\Software\Hola
Key Found:  HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found:  HKCU\Software\distromatic
Key Found:  HKCU\Software\Hola
Key Found:  HKCU\Software\ParetoLogic
Key Found:  HKCU\Software\SafetyNut
Key Found:  HKCU\Software\Softonic
Key Found:  HKCU\Software\speedypc software
Key Found:  HKCU\Software\PogoDGC
Key Found:  HKCU\Software\SAFETYNUT
Key Found:  HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found:  HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found:  HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found:  HKLM\SOFTWARE\ParetoLogic
Key Found:  HKLM\SOFTWARE\speedypc software
Key Found:  HKLM\SOFTWARE\PogoDGC
Key Found:  [x64] HKCU\Software\distromatic
Key Found:  [x64] HKCU\Software\Hola
Key Found:  [x64] HKCU\Software\ParetoLogic
Key Found:  [x64] HKCU\Software\SafetyNut
Key Found:  [x64] HKCU\Software\Softonic
Key Found:  [x64] HKCU\Software\speedypc software
Key Found:  [x64] HKCU\Software\PogoDGC
Key Found:  [x64] HKCU\Software\SAFETYNUT
Key Found:  [x64] HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found:  [x64] HKLM\SOFTWARE\Hola
Key Found:  [x64] HKLM\SOFTWARE\PogoDGC
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hola
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\hola
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\SearchProtection
Key Found:  HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Web data] - dts.search.ask.com
Chrome pref Found:  [C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com_
Chrome pref Found:  [C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Web data] - autobot.en.softonic.com
Chrome pref Found:  [C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Web data] - plants-v-zombies.en.softonic.com
Chrome pref Found:  [C:\Users\Leonard\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - pbjikboenpfhbbejgkoklgkhjpfogcam
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [7950 Bytes] - [26/02/2017 08:55:52]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8023 Bytes] ##########
 

  • 0

#4
JSntgRvr
Posted 26 February 2017 - 07:26 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Open Adwcleaner as an administrator and click on the Clean button. All found should be removed.

 

MiniA.exe is part of the C:\Program Files (x86)\DeathToB Network\Agent 3.1 application. I am unfamiliar with this application. Attempt to run the program, if unsuccessful, reinstall the application.

 

How is the computer doing?


  • 0

#5
JSntgRvr
Posted 16 March 2017 - 02:07 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP