Jump to content

*32.exe processes in task manager


mugetsu

Recommended Posts

Attached is the FRST and Addtion log. Please advise me if i did any of the steps wrongly. Thank you.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by gamer (administrator) on GAMER-PC on 01-01-2015 02:46:45
Running from C:\Users\gamer\Desktop
Loaded Profile: gamer (Available profiles: gamer)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-05-13] (Echobit LLC)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-12-31] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5132656 2013-11-21] (INCA Internet Co., Ltd.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed]
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-12-30] (Emsisoft GmbH)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-10-31] (Qualcomm Atheros)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-12-30] (Emsisoft GmbH)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-08-04] (Intel Corporation)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-03-16] (Echobit, LLC)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-03] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2014-12-03] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-03] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-18] (Razer, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-31] ()
R3 ALSysIO; \??\C:\Users\gamer\AppData\Local\Temp\ALSysIO64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\D:\Program Files\Garena Plus\Room\safedrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-01 02:46 - 2015-01-01 02:46 - 00018255 _____ () C:\Users\gamer\Desktop\FRST.txt
2015-01-01 02:39 - 2015-01-01 02:39 - 00000000 ____D () C:\Users\gamer\Desktop\FRST-OlderVersion
2014-12-31 08:52 - 2014-12-31 08:54 - 00000000 ____D () C:\AdwCleaner
2014-12-31 08:47 - 2014-12-31 08:47 - 02173952 _____ () C:\Users\gamer\Desktop\AdwCleaner.exe
2014-12-31 08:39 - 2014-12-31 08:39 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-31 08:39 - 2014-12-31 08:39 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-31 08:38 - 2014-12-31 08:38 - 15298136 _____ () C:\Users\gamer\Desktop\RogueKiller.exe
2014-12-31 07:18 - 2014-12-31 07:28 - 00000000 ____D () C:\EEK
2014-12-31 07:18 - 2014-12-31 07:18 - 00000743 _____ () C:\Users\gamer\Desktop\Start Emsisoft Emergency Kit.lnk
2014-12-31 07:08 - 2014-12-31 07:08 - 00002608 _____ () C:\Windows\system32\.crusader
2014-12-31 07:06 - 2014-12-31 07:06 - 00001857 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-12-31 07:06 - 2014-12-31 07:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-12-31 07:05 - 2014-12-31 07:06 - 00000000 ____D () C:\Program Files\HitmanPro
2014-12-31 07:04 - 2014-12-31 07:08 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-31 06:50 - 2014-12-31 06:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\gamer\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-31 06:50 - 2014-12-31 06:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-31 06:50 - 2014-12-31 06:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-31 06:50 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-31 06:50 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-31 06:48 - 2014-12-31 06:49 - 00792060 _____ () C:\Users\gamer\Desktop\ESETPoweliksCleaner.exe_20141231.064852.1376.log
2014-12-31 06:48 - 2014-12-31 06:48 - 00186568 _____ (ESET) C:\Users\gamer\Desktop\ESETPoweliksCleaner.exe
2014-12-31 00:23 - 2014-12-31 00:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-30 23:16 - 2014-12-30 23:16 - 00000000 __SHD () C:\Users\gamer\AppData\Local\EmieUserList
2014-12-30 23:16 - 2014-12-30 23:16 - 00000000 __SHD () C:\Users\gamer\AppData\Local\EmieSiteList
2014-12-30 23:16 - 2014-12-30 23:16 - 00000000 __SHD () C:\Users\gamer\AppData\Local\EmieBrowserModeList
2014-12-30 23:09 - 2014-12-30 23:09 - 00000000 _____ () C:\autoexec.bat
2014-12-30 00:13 - 2014-12-13 13:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-30 00:13 - 2014-12-13 11:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-29 01:16 - 2014-11-22 10:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-28 01:18 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-12-28 01:17 - 2014-12-28 01:18 - 00008323 _____ () C:\Windows\IE11_main.log
2014-12-28 01:17 - 2014-12-28 01:17 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-28 01:17 - 2014-12-28 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-28 01:17 - 2014-12-28 01:17 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-28 01:17 - 2014-12-28 01:17 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-28 01:17 - 2014-12-28 01:17 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-12-28 01:17 - 2014-12-28 01:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-12-28 01:17 - 2014-12-28 01:17 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-28 01:17 - 2014-12-28 01:17 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-28 01:17 - 2014-12-28 01:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-12-28 01:17 - 2014-12-28 01:17 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-12-28 01:17 - 2014-12-28 01:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-24 13:56 - 2014-12-24 13:56 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-21 13:38 - 2015-01-01 02:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-21 13:38 - 2014-12-31 06:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-21 13:38 - 2014-12-22 01:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-21 12:35 - 2014-12-22 01:34 - 00000000 ____D () C:\Users\gamer\Desktop\mbar
2014-12-21 12:35 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-21 12:24 - 2015-01-01 02:46 - 00000000 ____D () C:\FRST
2014-12-21 12:22 - 2014-12-21 12:22 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-21 12:22 - 2014-12-21 12:22 - 00000000 ____D () C:\Program Files\Java
2014-12-21 12:04 - 2015-01-01 02:39 - 02123264 _____ (Farbar) C:\Users\gamer\Desktop\FRST64.exe
2014-12-21 11:02 - 2014-12-21 11:02 - 00002334 _____ () C:\Users\gamer\Desktop\Safe Money.lnk
2014-12-21 11:01 - 2015-01-01 02:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-21 11:01 - 2014-12-21 11:01 - 00002132 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-12-21 11:01 - 2014-12-21 11:01 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-12-21 11:01 - 2014-12-21 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-12-21 11:01 - 2014-12-21 11:01 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-12-21 11:01 - 2014-12-03 08:54 - 00818888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-12-21 11:01 - 2014-12-03 08:54 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-12-21 11:01 - 2014-08-12 17:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2014-12-21 11:01 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-12-20 14:52 - 2014-12-20 15:00 - 142929740 _____ () C:\Users\gamer\Desktop\The.Flash.2014.S01E09.720p.HDTV.X264-DIMENSION.mp4
2014-12-19 11:22 - 2014-12-19 11:22 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll
2014-12-18 23:51 - 2014-12-18 23:51 - 00000000 ____D () C:\Users\gamer\AppData\Roaming\MPC-HC
2014-12-18 23:50 - 2014-12-24 19:27 - 00001746 _____ () C:\Users\gamer\Desktop\MPC-HC x64.lnk
2014-12-18 23:50 - 2014-12-18 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2014-12-18 23:50 - 2014-12-18 23:50 - 00000000 ____D () C:\Program Files\MPC-HC
2014-12-18 23:49 - 2014-12-18 23:49 - 12099768 _____ (MPC-HC Team ) C:\Users\gamer\Desktop\MPC-HC.1.7.7.x64.exe
2014-12-18 23:46 - 2014-12-18 23:48 - 00000000 ____D () C:\Users\gamer\AppData\Roaming\DVDVideoSoft
2014-12-18 23:46 - 2014-12-18 23:47 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-12-18 23:46 - 2014-12-18 23:46 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-12-18 23:46 - 2014-12-18 23:46 - 00000000 ____D () C:\Users\gamer\AppData\Roaming\TuneUp Software
2014-12-18 23:46 - 2014-12-18 23:46 - 00000000 ____D () C:\Users\gamer\AppData\Local\TuneUp Software
2014-12-15 21:02 - 2015-01-01 02:46 - 00000000 ____D () C:\Users\gamer\AppData\Roaming\uTorrent
2014-12-14 21:12 - 2014-12-14 21:12 - 00000000 ____D () C:\ProgramData\RzMaelstromVAD_1.1.58.1854
2014-12-14 19:38 - 2014-12-14 19:38 - 00000000 ____D () C:\Users\gamer\AppData\Local\RzStats
2014-12-14 18:58 - 2014-12-14 19:07 - 00000000 ____D () C:\Users\gamer\AppData\Local\Razer
2014-12-14 18:57 - 2014-12-14 18:57 - 00000000 ____D () C:\Users\gamer\AppData\Local\Razer_Inc
2014-12-14 18:56 - 2014-12-14 18:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2014-12-14 18:56 - 2014-12-14 18:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzendpt_01009.Wdf
2014-12-14 18:56 - 2014-12-10 06:21 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2014-12-14 18:56 - 2014-11-18 05:37 - 00129600 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
2014-12-14 18:55 - 2014-12-14 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-12-14 18:54 - 2014-12-14 19:07 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-12-14 18:54 - 2014-12-14 18:56 - 00000000 ____D () C:\ProgramData\Razer
2014-12-13 18:32 - 2014-12-21 15:07 - 00000000 ____D () C:\Users\gamer\Documents\Photo faris
2014-12-13 18:24 - 2014-12-13 18:27 - 00000000 ____D () C:\Users\gamer\AppData\Roaming\Apple Computer
2014-12-13 18:24 - 2014-12-13 18:24 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-12-13 18:24 - 2014-12-13 18:24 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\Users\gamer\AppData\Local\Apple Computer
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\Users\gamer\AppData\Local\Apple
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\Program Files\iTunes
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\Program Files\iPod
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-12-13 18:24 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-12-13 18:23 - 2014-12-13 18:24 - 00000000 ____D () C:\ProgramData\Apple
2014-12-13 18:23 - 2014-12-13 18:24 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-13 18:23 - 2014-12-13 18:23 - 00000000 ____D () C:\Program Files\Bonjour
2014-12-13 18:23 - 2014-12-13 18:23 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-12-10 07:23 - 2014-11-11 11:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 07:23 - 2014-11-11 10:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-03 08:54 - 2014-12-03 08:54 - 00077512 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-01 02:39 - 2014-01-10 14:20 - 00000000 ____D () C:\Users\gamer\AppData\Roaming\GarenaPlus
2015-01-01 02:39 - 2014-01-10 14:20 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2015-01-01 02:39 - 2009-07-14 13:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-01 02:37 - 2014-04-01 11:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-01 02:37 - 2014-01-09 23:29 - 01374328 _____ () C:\Windows\WindowsUpdate.log
2015-01-01 02:36 - 2014-04-01 11:57 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-01 02:36 - 2014-01-10 14:28 - 00003460 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_gamer
2015-01-01 02:34 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-01 02:34 - 2009-07-14 12:51 - 00065022 _____ () C:\Windows\setupact.log
2014-12-31 18:24 - 2014-02-13 14:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-31 08:55 - 2010-11-21 11:47 - 00028844 _____ () C:\Windows\PFRO.log
2014-12-31 06:36 - 2009-07-14 13:08 - 00003894 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-30 13:31 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-12-30 07:08 - 2009-07-14 12:45 - 00017040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-30 07:08 - 2009-07-14 12:45 - 00017040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 01:29 - 2014-01-09 23:29 - 00000000 ____D () C:\Users\gamer
2014-12-28 01:54 - 2014-01-09 23:29 - 00002295 _____ () C:\Users\gamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-28 01:53 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-25 11:26 - 2014-08-09 13:31 - 00000000 ____D () C:\Users\gamer\Desktop\ANDROID APK
2014-12-22 01:09 - 2014-01-10 19:59 - 00000000 ____D () C:\Users\gamer\AppData\Roaming\vlc
2014-12-21 13:37 - 2014-11-17 20:05 - 09994006 _____ () C:\Users\gamer\Desktop\FIFA 2015 Ultimate Team [ Android ] - ( FIFA 15 ) MONEY MOD v1.3.0.apk
2014-12-21 13:35 - 2014-09-13 23:40 - 00000000 ____D () C:\Users\gamer\Desktop\Brave Frontier Summoner's Mod - The Complete Project
2014-12-21 12:23 - 2014-10-15 07:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-21 12:21 - 2014-10-15 07:31 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-21 12:21 - 2014-10-15 07:31 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-21 12:21 - 2014-10-15 07:31 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-21 12:21 - 2014-10-15 07:31 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-21 12:21 - 2014-01-09 23:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-21 11:18 - 2014-03-27 19:38 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-21 11:18 - 2014-03-27 19:38 - 00000000 ____D () C:\ProgramData\Skype
2014-12-21 11:18 - 2014-03-27 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-21 11:09 - 2014-06-17 18:42 - 00000000 ____D () C:\Windows\Minidump
2014-12-21 10:57 - 2014-01-17 21:05 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-12-20 15:46 - 2014-02-11 02:51 - 00000000 ____D () C:\Users\gamer\AppData\Local\CrashDumps
2014-12-18 23:49 - 2009-07-14 13:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-18 23:43 - 2009-07-14 12:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-12-14 18:58 - 2014-01-10 00:04 - 00059192 _____ () C:\Users\gamer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-14 18:58 - 2009-07-14 12:45 - 00275072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-14 18:56 - 2014-01-10 00:12 - 00071304 _____ () C:\Windows\DPINST.LOG
2014-12-14 02:45 - 2014-07-08 05:45 - 00000000 ____D () C:\Users\gamer\AppData\Local\Adobe
2014-12-14 02:45 - 2014-02-13 14:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-14 02:45 - 2014-01-09 23:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-14 02:45 - 2014-01-09 23:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 00:47 - 2014-04-01 11:57 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 19:18 - 2014-06-30 00:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 07:25 - 2014-01-10 00:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 07:24 - 2014-01-10 00:56 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\gamer\AppData\Local\Temp\0Kraken71ChromaDevProps.dll
C:\Users\gamer\AppData\Local\Temp\dllnt_dump.dll
C:\Users\gamer\AppData\Local\Temp\Quarantine.exe
C:\Users\gamer\AppData\Local\Temp\sqlite3.dll
C:\Users\gamer\AppData\Local\Temp\utt65FE.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-25 23:19
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by gamer at 2015-01-01 02:46:59
Running from C:\Users\gamer\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CrystalDiskInfo 6.0.4 Shizuku Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.0.4 - Crystal Dew World)
Dishonored (HKLM-x32\...\Steam App 205100) (Version:  - Arkane Studios)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.4 - Echobit, LLC)
Garena - BlackShot (HKLM-x32\...\BlackShot) (Version: 2.189 - Garena Online Pte Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Intel® Network Connections 18.2.63.0 (HKLM\...\PROSetDX) (Version: 18.2.63.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.10 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
31-12-2014 11:27:23 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2014-12-23 06:31 - 00000881 ____N C:\Windows\system32\Drivers\etc\hosts
10.221.24.123 element-evil.com
10.221.24.123 ourmods.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1E8B7605-B1BF-4292-A03F-51CCC888BA3F} - System32\Tasks\Core Temp Autostart gamer => C:\Program Files\Core Temp\Core Temp.exe [2013-10-08] ()
Task: {39155A81-02BE-4773-93D3-8DC1FD9ADB00} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2212237549-3074385122-2743999999-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {4A258E21-CA89-4518-9A2C-E42B21EB502D} - System32\Tasks\gg_uac_daemon_gamer => D:\Program Files\Garena Plus\ggdllhost.exe [2013-07-10] ()
Task: {50BCBD21-C92B-4559-86FA-035CED911746} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {5E1114F8-1F88-4358-A0C8-5138EFAC17FC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {60011DCF-C8CC-4939-86AD-26F49D8AACEC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-14] (Adobe Systems Incorporated)
Task: {60F2871D-061A-4F53-8C43-0ADE6E0E7BD0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {964CAA8F-4EA9-4CDD-894D-F6D5102AF54E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2212237549-3074385122-2743999999-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {9DA74741-A960-4FBE-A51A-DDE6380EC1BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-12-10 06:22 - 2014-12-10 06:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-01-10 13:00 - 2014-10-27 15:22 - 09974576 _____ () D:\Program Files\Garena Plus\GarenaMessenger.exe
2014-01-10 14:25 - 2013-10-08 13:23 - 00890016 _____ () C:\Program Files\Core Temp\Core Temp.exe
2014-01-10 13:00 - 2013-07-10 19:54 - 00049456 _____ () D:\Program Files\Garena Plus\ggdllhost.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-30 16:12 - 2014-08-30 16:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2014-01-10 13:00 - 2013-01-30 16:26 - 00104752 _____ () D:\Program Files\Garena Plus\CommonLib.dll
2014-01-10 13:00 - 2013-08-23 17:10 - 00553776 _____ () D:\Program Files\Garena Plus\ggspawn.dll
2014-01-10 13:00 - 2013-02-07 17:11 - 00033584 _____ () D:\Program Files\Garena Plus\DibModule.dll
2014-01-10 13:00 - 2014-12-16 12:19 - 00034960 _____ () D:\Program Files\Garena Plus\VersionModule.dll
2014-01-10 13:00 - 2013-02-07 17:11 - 00051504 _____ () D:\Program Files\Garena Plus\FileLoader.dll
2014-01-10 13:00 - 2013-02-07 17:11 - 00087344 _____ () D:\Program Files\Garena Plus\PluginKernel.dll
2014-01-10 13:00 - 2013-03-07 10:10 - 00487216 _____ () D:\Program Files\Garena Plus\CxImage.dll
2014-12-21 11:16 - 2015-01-01 02:35 - 00619328 _____ () C:\Users\gamer\AppData\Local\Temp\0Kraken71ChromaDevProps.dll
2014-01-10 13:00 - 2013-02-07 17:11 - 00025392 _____ () D:\Program Files\Garena Plus\PluginModule.dll
2014-01-10 13:00 - 2013-04-10 17:23 - 00170800 _____ () D:\Program Files\Garena Plus\lib\fs\YYFileSystem.dll
2014-01-10 13:00 - 2012-02-22 16:52 - 00418304 _____ () D:\Program Files\Garena Plus\lib\exchndl.dll
2014-01-10 13:00 - 2013-03-13 18:05 - 00374064 _____ () D:\Program Files\Garena Plus\lib\Http.dll
2014-01-10 13:00 - 2012-02-22 16:52 - 00178176 _____ () D:\Program Files\Garena Plus\lib\MP3Module.dll
2014-01-10 13:00 - 2012-02-22 16:52 - 00162304 _____ () D:\Program Files\Garena Plus\lame_enc.DLL
2014-01-10 13:00 - 2013-01-14 19:57 - 00219952 _____ () D:\Program Files\Garena Plus\lib\TaskManagerLib.dll
2014-01-10 13:00 - 2013-03-07 10:10 - 00106288 _____ () D:\Program Files\Garena Plus\lib\UILayout.dll
2014-01-10 13:00 - 2014-02-21 16:41 - 00958256 _____ () D:\Program Files\Garena Plus\lib\XLL.dll
2014-01-10 13:00 - 2012-09-13 14:19 - 00048640 _____ () D:\Program Files\Garena Plus\lib\XmlUIModule.dll
2014-01-10 13:00 - 2012-02-22 16:52 - 00573100 _____ () D:\Program Files\Garena Plus\sqlite3.dll
2014-01-10 13:00 - 2013-03-07 10:10 - 00224560 _____ () D:\Program Files\Garena Plus\Plugins\StatsPlugin.dll
2014-01-10 13:00 - 2014-11-20 15:54 - 00961680 _____ () D:\Program Files\Garena Plus\Plugins\ggplugin.dll
2014-01-10 13:00 - 2014-06-11 21:45 - 00192816 _____ () D:\Program Files\Garena Plus\ImageModule.dll
2014-01-10 13:00 - 2013-04-10 17:22 - 00155440 _____ () D:\Program Files\Garena Plus\libmpg123.dll
2014-01-10 13:00 - 2013-01-30 16:26 - 02941232 _____ () D:\Program Files\Garena Plus\ggdownloader.dll
2014-01-10 13:00 - 2012-04-13 11:12 - 00059392 _____ () D:\Program Files\Garena Plus\lib\delay_load\AudioMixerLib.dll
2014-01-10 13:00 - 2012-07-27 14:59 - 00010240 _____ () D:\Program Files\Garena Plus\lib\delay_load\ClientTcp.dll
2014-01-10 13:00 - 2013-07-15 22:29 - 01545520 _____ () D:\Program Files\Garena Plus\lib\delay_load\FileSender.dll
2014-01-10 13:00 - 2013-02-01 13:42 - 00153088 _____ () D:\Program Files\Garena Plus\libzmq.dll
2014-01-10 13:00 - 2013-09-20 19:12 - 00956208 _____ () D:\Program Files\Garena Plus\lib\delay_load\GaFileTransfer.dll
2014-01-10 13:00 - 2012-04-24 09:19 - 00238592 _____ () D:\Program Files\Garena Plus\lib\delay_load\MediaEngine.dll
2014-01-10 13:00 - 2012-04-13 11:12 - 00019968 _____ () D:\Program Files\Garena Plus\ServerMemAlloc.dll
2014-01-10 13:00 - 2012-03-08 16:56 - 00510464 _____ () D:\Program Files\Garena Plus\lib\delay_load\RSALib.dll
2014-01-10 13:00 - 2012-07-27 14:59 - 00061952 _____ () D:\Program Files\Garena Plus\lib\delay_load\UdtLib.dll
2014-12-12 00:47 - 2014-12-06 09:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 00:47 - 2014-12-06 09:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 00:47 - 2014-12-06 09:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 00:47 - 2014-12-06 09:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: BtTray => "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
MSCONFIG\startupreg: BtvStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2212237549-3074385122-2743999999-500 - Administrator - Disabled)
gamer (S-1-5-21-2212237549-3074385122-2743999999-1000 - Administrator - Enabled) => C:\Users\gamer
Guest (S-1-5-21-2212237549-3074385122-2743999999-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2212237549-3074385122-2743999999-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Marvell Console ATA Device
Description: Marvell Console ATA Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/01/2015 02:36:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/01/2015 02:35:51 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (12/31/2014 08:57:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2014 08:55:33 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (12/31/2014 08:29:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2014 08:28:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/31/2014 08:27:55 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (12/31/2014 07:15:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/31/2014 07:10:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2014 07:09:06 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (01/01/2015 02:34:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (12/31/2014 08:55:29 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (12/31/2014 08:54:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (12/31/2014 08:54:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (12/31/2014 08:54:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/31/2014 08:54:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (12/31/2014 08:54:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAtheros Bt and Wlan Coex Agent service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/31/2014 08:54:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Surround Audio Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/31/2014 08:54:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/31/2014 08:54:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Razer Game Scanner service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (01/01/2015 02:36:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/01/2015 02:35:51 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (12/31/2014 08:57:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2014 08:55:33 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (12/31/2014 08:29:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2014 08:28:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\gamer\Desktop\esetsmartinstaller_enu.exe
 
Error: (12/31/2014 08:27:55 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (12/31/2014 07:15:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\gamer\Desktop\esetsmartinstaller_enu.exe
 
Error: (12/31/2014 07:10:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2014 07:09:06 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\gamer\Desktop\esetsmartinstaller_enu.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-31 02:04:45.582
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-31 02:04:45.581
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-31 02:04:45.580
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-31 02:04:45.578
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-31 02:04:45.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-31 02:04:45.576
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-30 13:24:29.694
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-30 13:24:29.693
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-30 13:24:29.692
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-30 13:24:29.686
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7-4771 CPU @ 3.50GHz
Percentage of memory in use: 15%
Total physical RAM: 16335.79 MB
Available physical RAM: 13726.82 MB
Total Pagefile: 32669.77 MB
Available Pagefile: 29557.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:3.94 GB) NTFS
Drive d: (Game) (Fixed) (Total:465.76 GB) (Free:23.88 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: C4F98430)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 685EDA64)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Hi!

Welcome to Malwarebytes' Support Forums! I am Blackbird and I will help you removing any malware that might be present on your computer.

 

Your topic might have been overlooked by our Helpers, as we look for topics with 0 replies. :)

An important WARNING to all individuals reading this topic:
All advice in this topic was given specifically for this user and this computer!! Performing instructions given by me in this topic on other computers may harm your computer's infrastructure and can cause serious damage to them!!
Please don't perform the steps given by me or other Helpers in this topic when you are not the original Topic Starter, but start your own topic with a question for help. You will get help from a trained and qualified Helper to clean up your computer from any present malware when you do so.


General rules:
  • From now on, don't use this computer anymore to access your bank account or any other serious business where you have to login for, untill I've told you your computer is clean from malware.
  • Be patient waiting for my answer. I'm doing the best I can to answer to logs as soon as possible, but I'm handling multiple topics at the same time. Please feel free to remind me of your topic by sending a link to it by private message, when I didn't get back to you after 24 hours.
  • Don't change anything on your computer in the period I'm helping you, except when I tell you to do so. So don't add/remove any software (programs, drivers, etc.) and don't change any hardware. If you really need to change something that can't wait, please inform me directly, by posting it in this topic or - if private - send me a private message containing an explanation of the changes made by you. This gives me the possibility to give you good advice.


Rules about advices from me:
  • The Helpers active on this board first got a full training in removing malware and providing support to people who got infected. Also they were trained to resolve any problems caused by malware infections. Please use the programs I provide to you only when under supervision of a trained Helper. This, because using these programs without supervision can cause damage to your computer.
  • It's possible that your virus scanner, anti-spyware program or any other malware protection program or policy tries to block one or more of the programs provided by us. If that is the case, please always allow those programs to run and/or allow the provided changes to be made. If needed to run our tools properly, temporarily disable your anti-malware programs.
  • Always Save tools provided by me to your Desktop, unless I give you other instructions. Don't ever run tools directly from the internet, because this can stop them from working properly. Also never save tools to any other locations than your Desktop.
  • If you have any problems while following my instructions, stop there and tell me the exact nature of the issue.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit.



Rules about posting results:

  • Always copy/paste the logfiles in your replies completely. If a logfile doesn't fit into one post, please add the logfile as an attachment instead. If this still won't work, please inform me.
  • Never change something in the logfiles!! Include them in your posts as they were provided by the tools. This way I'll get a clear view on your system's situation. If you change the logfiles, it will take more time to clean up your computer.
  • Don't post logs using CODE, QUOTE or FONT tags. Just post them as direct text.


Things I want you to do before performing the steps below:
  • Please enable your system to show hidden files: How to see hidden files in Windows.
  • Make sure you're subscribed to this topic. Click on the Follow This Topic button at the top right of this page, make sure that the Receive Notification box is checked and that it is set to Instantly.
  • Even though we do the best we can to help you, removing malware includes risks. Therefor I advise you to back-up all of your important files to a CD/DVD, external drive or flash drive. For instructions/help, take a look here.



-------------------------------------------------------------------------------------------------------------------------------------------------------
Thanks in advance for keeping above rules in mind. :)
Maybe they look like unnecessary rules, but practice teaches us they are needed to help.

Now, let's continue with the steps you need to do:
-------------------------------------------------------------------------------------------------------------------------------------------------------

1. We need to temporarily disable any cd-emulators active on your computer, as they can impede the interpretation of logfiles provided by our tools.

  • Download Defogger and save it to your Desktop.
  • Right-click Defogger.exe and select Run as Administrator.
  • When the program has opened, click the Disable button.
  • When Defogger asks for a confirmation, click Yes.
  • Wait untill you get the "Finished" message. Click OK.
  • When Defogger asks you to restart the system, please allow the program to do so immediately.


  • When an error occured while using Defogger, look for a file called "defogger_disable.txt", which should be located at your Desktop. Post the contents of this file into your next reply.
  • You can enable the cd-emulator software again by running Defogger again and clicking the "Re-enable" button. Only do this when I told you your computer is clean again.


2. Download AdwCleaner and save it to your Desktop.
  • Close all open windows.
  • Right-click AdwCleaner.exe and select Run as Administrator.
  • Click the Scan button.
  • When the scan has finished, please click the Report button and save the logfile that opens to the Desktop.
  • Post the contents of this logfile into your next reply.



3. Download Malwarebytes' Anti-Malware and save it to your Desktop.
If you already got Malwarebytes' Anti-Malware installed on your computer, please go to step 3-A.



3-A. Start Malwarebytes' Anti-Malware.

  • On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
  • Then click the Scan tab. Select Custom Scan and click the Start Scan button.
  • In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
  • Follow the instructions given by Malwarebytes' Anti-Malware.
  • If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
  • It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
  • Save the logfile in txt-format and copy/paste it in your next reply.
  • Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).


4. Please read and perform the steps described on this page: I'm infected - What do I do now?.
Post the logfile from Farbar Recovery Scan Tool into your next reply.

5. Download GMER Rootkit Scanner and save it to your Desktop.
NOTE: Windows 8 users can skip this step. GMER Rootkit Scanner isn't compatible with Windows 8. Don't run it.
  • Right-click the GMER executable file (which's name will contain 8 digits/characters) and select Run as Administrator.
  • If GMER warns you about possible rootkit activity and asks you to scan for rootkits, DON'T allow GMER to do so.
  • Under "Files", put a checkmark next to Quick Scan.
  • Remove the checkmark next to Show all.
  • Now, click the Scan button.
  • Note: This scan often provides False Positives in the scan results. Never fix anything found by Gmer, unless I instructed you to do so!
  • If the scan's finished, click Save and save the log to your Desktop.
  • Post GMER's logfile into your next reply.



6. Please provide me a detailed description of any computer problems you're facing, together with the logfiles mentioned in step 1 - 6.

Good luck! :)

Link to post
Share on other sites

Hi Blackbird. thank you for your prompt response. i really appreciate it. I ran all the scans that you told me to do except GMER Rootkit Scanner. i followed the instructions as you stated above but it keep crashing every time. Steps 1 to 4 doesn't require me to restart my desktop at all. is that normal?

 

My physical memory is increase even though i'm not running anything programs. I have a few process that has *32 beside it. examples like chrome, garenamessenger, gamescannerservice, ggdllhost, ituneshelper, steam, skype and etc. even the malwarebyes program has the *32 beside it in the task manager.

 

Below is the logs that you requested in order of the steps above that you have given me Please advise me what to do accordingly if you detect any infringement of piracy policy and etc so that i can rectify or remove them.

Thank you.

 

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:31 on 02/01/2015 (gamer)
 
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
 
Checking for services/drivers...
 
 
-=E.O.F=-
 
# AdwCleaner v4.106 - Report created 02/01/2015 at 23:33:12
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : gamer - GAMER-PC
# Running from : C:\Users\gamer\Desktop\adwcleaner_4.106.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [2517 octets] - [31/12/2014 08:52:53]
AdwCleaner[R1].txt - [971 octets] - [02/01/2015 21:44:25]
AdwCleaner[R2].txt - [1030 octets] - [02/01/2015 21:46:37]
AdwCleaner[R3].txt - [898 octets] - [02/01/2015 23:33:12]
AdwCleaner[s0].txt - [2568 octets] - [31/12/2014 08:54:44]
AdwCleaner[s1].txt - [1094 octets] - [02/01/2015 21:47:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1077 octets] ##########
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/2/2015
Scan Time: 11:36:30 PM
Logfile: Malwarebytes.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.02.04
Rootkit Database: v2014.12.30.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: gamer
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 683188
Time Elapsed: 1 hr, 22 min, 51 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by gamer (administrator) on GAMER-PC on 03-01-2015 01:15:34
Running from C:\Users\gamer\Desktop
Loaded Profile: gamer (Available profiles: gamer)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
S2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-05-13] (Echobit LLC)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-12-31] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5132656 2013-11-21] (INCA Internet Co., Ltd.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed]
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-12-30] (Emsisoft GmbH)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-10-31] (Qualcomm Atheros)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-12-30] (Emsisoft GmbH)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-08-04] (Intel Corporation)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-03-16] (Echobit, LLC)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-03] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2014-12-03] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-03] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-18] (Razer, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-31] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\D:\Program Files\Garena Plus\Room\safedrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-03 01:15 - 2015-01-03 01:15 - 00017768 _____ () C:\Users\gamer\Desktop\FRST.txt
2015-01-03 01:15 - 2015-01-03 01:15 - 00001069 _____ () C:\Users\gamer\Desktop\Malwarebytes.txt
2015-01-02 23:43 - 2015-01-02 23:43 - 00380416 _____ () C:\Users\gamer\Desktop\i1iwhk69.exe
2015-01-02 23:34 - 2015-01-02 23:34 - 00001157 _____ () C:\Users\gamer\Desktop\AdwCleaner[R3].txt
2015-01-02 23:32 - 2015-01-02 23:32 - 02173952 _____ () C:\Users\gamer\Desktop\adwcleaner_4.106.exe
2015-01-02 23:31 - 2015-01-02 23:31 - 00000472 _____ () C:\Users\gamer\Desktop\defogger_disable.log
2015-01-02 23:31 - 2015-01-02 23:31 - 00000000 _____ () C:\Users\gamer\defogger_reenable
2015-01-02 23:30 - 2015-01-02 23:30 - 00050477 _____ () C:\Users\gamer\Desktop\Defogger.exe
2015-01-02 22:02 - 2015-01-02 22:02 - 02347384 _____ (ESET) C:\Users\gamer\Desktop\esetsmartinstaller_enu.exe
2015-01-02 21:54 - 2015-01-02 21:54 - 36904648 _____ (Microsoft Corporation) C:\Users\gamer\Desktop\Windows-KB890830-x64-V5.19.exe
2015-01-02 21:48 - 2015-01-02 21:48 - 00000000 ____D () C:\Windows\ERUNT
2015-01-02 21:38 - 2015-01-02 21:38 - 01707939 _____ (Thisisu) C:\Users\gamer\Desktop\JRT.exe
2015-01-01 02:39 - 2015-01-01 02:39 - 00000000 ____D () C:\Users\gamer\Desktop\FRST-OlderVersion
2014-12-31 08:52 - 2015-01-02 23:33 - 00000000 ____D () C:\AdwCleaner
2014-12-31 08:39 - 2014-12-31 08:39 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-31 08:39 - 2014-12-31 08:39 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-31 08:38 - 2014-12-31 08:38 - 15298136 _____ () C:\Users\gamer\Desktop\RogueKiller.exe
2014-12-31 07:18 - 2014-12-31 07:28 - 00000000 ____D () C:\EEK
2014-12-31 07:18 - 2014-12-31 07:18 - 00000743 _____ () C:\Users\gamer\Desktop\Start Emsisoft Emergency Kit.lnk
2014-12-31 07:08 - 2014-12-31 07:08 - 00002608 _____ () C:\Windows\system32\.crusader
2014-12-31 07:06 - 2014-12-31 07:06 - 00001857 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-12-31 07:06 - 2014-12-31 07:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-12-31 07:05 - 2014-12-31 07:06 - 00000000 ____D () C:\Program Files\HitmanPro
2014-12-31 07:04 - 2014-12-31 07:08 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-31 06:50 - 2014-12-31 06:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\gamer\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-31 06:50 - 2014-12-31 06:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-31 06:50 - 2014-12-31 06:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-31 06:50 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-31 06:50 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-31 06:48 - 2014-12-31 06:48 - 00186568 _____ (ESET) C:\Users\gamer\Desktop\ESETPoweliksCleaner.exe
2014-12-31 00:23 - 2014-12-31 00:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-30 23:16 - 2014-12-30 23:16 - 00000000 __SHD () C:\Users\gamer\AppData\Local\EmieUserList
2014-12-30 23:16 - 2014-12-30 23:16 - 00000000 __SHD () C:\Users\gamer\AppData\Local\EmieSiteList
2014-12-30 23:16 - 2014-12-30 23:16 - 00000000 __SHD () C:\Users\gamer\AppData\Local\EmieBrowserModeList
2014-12-30 23:09 - 2014-12-30 23:09 - 00000000 _____ () C:\autoexec.bat
2014-12-30 00:13 - 2014-12-13 13:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-30 00:13 - 2014-12-13 11:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-29 01:16 - 2014-11-22 10:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-28 01:18 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-12-28 01:17 - 2014-12-28 01:18 - 00008323 _____ () C:\Windows\IE11_main.log
2014-12-28 01:17 - 2014-12-28 01:17 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-28 01:17 - 2014-12-28 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-28 01:17 - 2014-12-28 01:17 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-28 01:17 - 2014-12-28 01:17 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-28 01:17 - 2014-12-28 01:17 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-12-28 01:17 - 2014-12-28 01:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-12-28 01:17 - 2014-12-28 01:17 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-28 01:17 - 2014-12-28 01:17 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-28 01:17 - 2014-12-28 01:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-12-28 01:17 - 2014-12-28 01:17 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-12-28 01:17 - 2014-12-28 01:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-12-28 01:17 - 2014-12-28 01:17 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-28 01:17 - 2014-12-28 01:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-24 13:56 - 2014-12-24 13:56 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-21 13:38 - 2015-01-03 01:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-21 13:38 - 2014-12-31 06:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-21 13:38 - 2014-12-22 01:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-21 12:35 - 2014-12-22 01:34 - 00000000 ____D () C:\Users\gamer\Desktop\mbar
2014-12-21 12:35 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-21 12:24 - 2015-01-03 01:15 - 00000000 ____D () C:\FRST
2014-12-21 12:22 - 2014-12-21 12:22 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-21 12:22 - 2014-12-21 12:22 - 00000000 ____D () C:\Program Files\Java
2014-12-21 12:04 - 2015-01-01 02:39 - 02123264 _____ (Farbar) C:\Users\gamer\Desktop\FRST64.exe
2014-12-21 11:02 - 2014-12-21 11:02 - 00002334 _____ () C:\Users\gamer\Desktop\Safe Money.lnk
2014-12-21 11:01 - 2015-01-02 23:25 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-21 11:01 - 2014-12-21 11:01 - 00002132 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-12-21 11:01 - 2014-12-21 11:01 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-12-21 11:01 - 2014-12-21 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-12-21 11:01 - 2014-12-21 11:01 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-12-21 11:01 - 2014-12-03 08:54 - 00818888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-12-21 11:01 - 2014-12-03 08:54 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-12-21 11:01 - 2014-08-12 17:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2014-12-21 11:01 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-12-20 14:52 - 2014-12-20 15:00 - 142929740 _____ () C:\Users\gamer\Desktop\The.Flash.2014.S01E09.720p.HDTV.X264-DIMENSION.mp4
2014-12-19 11:22 - 2014-12-19 11:22 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll
2014-12-18 23:51 - 2014-12-18 23:51 - 00000000 ____D () C:\Users\gamer\AppData\Roaming\MPC-HC
2014-12-18 23:50 - 2014-12-24 19:27 - 00001746 _____ () C:\Users\gamer\Desktop\MPC-HC x64.lnk
2014-12-18 23:50 - 2014-12-18 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2014-12-18 23:50 - 2014-12-18 23:50 - 00000000 ____D () C:\Program Files\MPC-HC
2014-12-18 23:49 - 2014-12-18 23:49 - 12099768 _____ (MPC-HC Team ) C:\Users\gamer\Desktop\MPC-HC.1.7.7.x64.exe
2014-12-18 23:46 - 2014-12-18 23:48 - 00000000 ____D () C:\Users\gamer\AppData\Roaming\DVDVideoSoft
2014-12-18 23:46 - 2014-12-18 23:47 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-12-18 23:46 - 2014-12-18 23:46 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-12-18 23:46 - 2014-12-18 23:46 - 00000000 ____D () C:\Users\gamer\AppData\Roaming\TuneUp Software
2014-12-18 23:46 - 2014-12-18 23:46 - 00000000 ____D () C:\Users\gamer\AppData\Local\TuneUp Software
2014-12-14 21:12 - 2014-12-14 21:12 - 00000000 ____D () C:\ProgramData\RzMaelstromVAD_1.1.58.1854
2014-12-14 19:38 - 2014-12-14 19:38 - 00000000 ____D () C:\Users\gamer\AppData\Local\RzStats
2014-12-14 18:58 - 2014-12-14 19:07 - 00000000 ____D () C:\Users\gamer\AppData\Local\Razer
2014-12-14 18:57 - 2014-12-14 18:57 - 00000000 ____D () C:\Users\gamer\AppData\Local\Razer_Inc
2014-12-14 18:56 - 2014-12-14 18:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2014-12-14 18:56 - 2014-12-14 18:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzendpt_01009.Wdf
2014-12-14 18:56 - 2014-12-10 06:21 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2014-12-14 18:56 - 2014-11-18 05:37 - 00129600 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
2014-12-14 18:55 - 2014-12-14 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-12-14 18:54 - 2014-12-14 19:07 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-12-14 18:54 - 2014-12-14 18:56 - 00000000 ____D () C:\ProgramData\Razer
2014-12-13 18:32 - 2014-12-21 15:07 - 00000000 ____D () C:\Users\gamer\Documents\Photo faris
2014-12-13 18:24 - 2014-12-13 18:27 - 00000000 ____D () C:\Users\gamer\AppData\Roaming\Apple Computer
2014-12-13 18:24 - 2014-12-13 18:24 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-12-13 18:24 - 2014-12-13 18:24 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\Users\gamer\AppData\Local\Apple Computer
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\Users\gamer\AppData\Local\Apple
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\Program Files\iTunes
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\Program Files\iPod
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-12-13 18:24 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-12-13 18:23 - 2014-12-13 18:24 - 00000000 ____D () C:\ProgramData\Apple
2014-12-13 18:23 - 2014-12-13 18:24 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-13 18:23 - 2014-12-13 18:23 - 00000000 ____D () C:\Program Files\Bonjour
2014-12-13 18:23 - 2014-12-13 18:23 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-12-10 07:23 - 2014-11-11 11:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 07:23 - 2014-11-11 10:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 03:36 - 2014-02-11 01:04 - 00430080 _____ (Farbar) C:\Windows\mod_frst.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-03 00:37 - 2014-04-01 11:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-03 00:24 - 2014-02-13 14:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-02 23:37 - 2014-04-01 11:57 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-02 23:31 - 2014-01-09 23:29 - 00000000 ____D () C:\Users\gamer
2015-01-02 23:30 - 2009-07-14 13:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-02 23:29 - 2014-01-10 14:20 - 00000000 ____D () C:\Users\gamer\AppData\Roaming\GarenaPlus
2015-01-02 23:29 - 2014-01-10 14:20 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2015-01-02 23:28 - 2014-01-09 23:29 - 01477153 _____ () C:\Windows\WindowsUpdate.log
2015-01-02 23:26 - 2014-01-10 14:28 - 00003460 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_gamer
2015-01-02 23:25 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-02 23:25 - 2009-07-14 12:51 - 00065470 _____ () C:\Windows\setupact.log
2015-01-02 23:17 - 2014-06-22 16:12 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2015-01-02 21:47 - 2010-11-21 11:47 - 00029154 _____ () C:\Windows\PFRO.log
2015-01-02 21:47 - 2009-07-14 12:45 - 00017040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-02 21:47 - 2009-07-14 12:45 - 00017040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-31 06:36 - 2009-07-14 13:08 - 00004890 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-30 13:31 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-12-28 01:54 - 2014-01-09 23:29 - 00002295 _____ () C:\Users\gamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-28 01:53 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-25 11:26 - 2014-08-09 13:31 - 00000000 ____D () C:\Users\gamer\Desktop\ANDROID APK
2014-12-22 01:09 - 2014-01-10 19:59 - 00000000 ____D () C:\Users\gamer\AppData\Roaming\vlc
2014-12-21 13:37 - 2014-11-17 20:05 - 09994006 _____ () C:\Users\gamer\Desktop\FIFA 2015 Ultimate Team [ Android ] - ( FIFA 15 ) MONEY MOD v1.3.0.apk
2014-12-21 13:35 - 2014-09-13 23:40 - 00000000 ____D () C:\Users\gamer\Desktop\Brave Frontier Summoner's Mod - The Complete Project
2014-12-21 12:23 - 2014-10-15 07:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-21 12:21 - 2014-10-15 07:31 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-21 12:21 - 2014-10-15 07:31 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-21 12:21 - 2014-10-15 07:31 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-21 12:21 - 2014-10-15 07:31 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-21 12:21 - 2014-01-09 23:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-21 11:18 - 2014-03-27 19:38 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-21 11:18 - 2014-03-27 19:38 - 00000000 ____D () C:\ProgramData\Skype
2014-12-21 11:18 - 2014-03-27 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-21 11:09 - 2014-06-17 18:42 - 00000000 ____D () C:\Windows\Minidump
2014-12-21 10:57 - 2014-01-17 21:05 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-12-20 15:46 - 2014-02-11 02:51 - 00000000 ____D () C:\Users\gamer\AppData\Local\CrashDumps
2014-12-18 23:49 - 2009-07-14 13:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-18 23:43 - 2009-07-14 12:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-12-14 18:58 - 2014-01-10 00:04 - 00059192 _____ () C:\Users\gamer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-14 18:58 - 2009-07-14 12:45 - 00275072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-14 18:56 - 2014-01-10 00:12 - 00071304 _____ () C:\Windows\DPINST.LOG
2014-12-14 02:45 - 2014-07-08 05:45 - 00000000 ____D () C:\Users\gamer\AppData\Local\Adobe
2014-12-14 02:45 - 2014-02-13 14:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-14 02:45 - 2014-01-09 23:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-14 02:45 - 2014-01-09 23:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 00:47 - 2014-04-01 11:57 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 19:18 - 2014-06-30 00:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 07:25 - 2014-01-10 00:56 - 00000000 ____D () C:\Windows\system32\MRT
 
Some content of TEMP:
====================
C:\Users\gamer\AppData\Local\Temp\0Kraken71ChromaDevProps.dll
C:\Users\gamer\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-25 23:19
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by gamer at 2015-01-03 01:15:49
Running from C:\Users\gamer\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CrystalDiskInfo 6.0.4 Shizuku Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.0.4 - Crystal Dew World)
Dishonored (HKLM-x32\...\Steam App 205100) (Version:  - Arkane Studios)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.4 - Echobit, LLC)
Garena - BlackShot (HKLM-x32\...\BlackShot) (Version: 2.189 - Garena Online Pte Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Intel® Network Connections 18.2.63.0 (HKLM\...\PROSetDX) (Version: 18.2.63.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.10 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2014-12-23 06:31 - 00000881 ____N C:\Windows\system32\Drivers\etc\hosts
10.221.24.123 element-evil.com
10.221.24.123 ourmods.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1E8B7605-B1BF-4292-A03F-51CCC888BA3F} - System32\Tasks\Core Temp Autostart gamer => C:\Program Files\Core Temp\Core Temp.exe [2013-10-08] ()
Task: {39155A81-02BE-4773-93D3-8DC1FD9ADB00} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2212237549-3074385122-2743999999-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {50BCBD21-C92B-4559-86FA-035CED911746} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {5E1114F8-1F88-4358-A0C8-5138EFAC17FC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {60011DCF-C8CC-4939-86AD-26F49D8AACEC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-14] (Adobe Systems Incorporated)
Task: {60F2871D-061A-4F53-8C43-0ADE6E0E7BD0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {910F7450-4423-4745-8B58-E0A88FC211D2} - System32\Tasks\gg_uac_daemon_gamer => D:\Program Files\Garena Plus\ggdllhost.exe [2013-07-10] ()
Task: {964CAA8F-4EA9-4CDD-894D-F6D5102AF54E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2212237549-3074385122-2743999999-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {9DA74741-A960-4FBE-A51A-DDE6380EC1BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-12-10 06:22 - 2014-12-10 06:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-01-10 13:00 - 2014-10-27 15:22 - 09974576 _____ () D:\Program Files\Garena Plus\GarenaMessenger.exe
2014-01-10 13:00 - 2013-07-10 19:54 - 00049456 _____ () D:\Program Files\Garena Plus\ggdllhost.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-21 11:16 - 2015-01-02 23:25 - 00619328 _____ () C:\Users\gamer\AppData\Local\Temp\0Kraken71ChromaDevProps.dll
2014-01-10 13:00 - 2013-01-30 16:26 - 00104752 _____ () D:\Program Files\Garena Plus\CommonLib.dll
2014-01-10 13:00 - 2013-08-23 17:10 - 00553776 _____ () D:\Program Files\Garena Plus\ggspawn.dll
2014-01-10 13:00 - 2013-02-07 17:11 - 00033584 _____ () D:\Program Files\Garena Plus\DibModule.dll
2014-01-10 13:00 - 2014-12-16 12:19 - 00034960 _____ () D:\Program Files\Garena Plus\VersionModule.dll
2014-01-10 13:00 - 2013-02-07 17:11 - 00051504 _____ () D:\Program Files\Garena Plus\FileLoader.dll
2014-01-10 13:00 - 2013-02-07 17:11 - 00087344 _____ () D:\Program Files\Garena Plus\PluginKernel.dll
2014-01-10 13:00 - 2013-03-07 10:10 - 00487216 _____ () D:\Program Files\Garena Plus\CxImage.dll
2014-01-10 13:00 - 2013-02-07 17:11 - 00025392 _____ () D:\Program Files\Garena Plus\PluginModule.dll
2014-01-10 13:00 - 2013-04-10 17:23 - 00170800 _____ () D:\Program Files\Garena Plus\lib\fs\YYFileSystem.dll
2014-01-10 13:00 - 2012-02-22 16:52 - 00418304 _____ () D:\Program Files\Garena Plus\lib\exchndl.dll
2014-01-10 13:00 - 2013-03-13 18:05 - 00374064 _____ () D:\Program Files\Garena Plus\lib\Http.dll
2014-01-10 13:00 - 2012-02-22 16:52 - 00178176 _____ () D:\Program Files\Garena Plus\lib\MP3Module.dll
2014-01-10 13:00 - 2012-02-22 16:52 - 00162304 _____ () D:\Program Files\Garena Plus\lame_enc.DLL
2014-01-10 13:00 - 2013-01-14 19:57 - 00219952 _____ () D:\Program Files\Garena Plus\lib\TaskManagerLib.dll
2014-01-10 13:00 - 2013-03-07 10:10 - 00106288 _____ () D:\Program Files\Garena Plus\lib\UILayout.dll
2014-01-10 13:00 - 2014-02-21 16:41 - 00958256 _____ () D:\Program Files\Garena Plus\lib\XLL.dll
2014-01-10 13:00 - 2012-09-13 14:19 - 00048640 _____ () D:\Program Files\Garena Plus\lib\XmlUIModule.dll
2014-01-10 13:00 - 2012-02-22 16:52 - 00573100 _____ () D:\Program Files\Garena Plus\sqlite3.dll
2014-01-10 13:00 - 2013-03-07 10:10 - 00224560 _____ () D:\Program Files\Garena Plus\Plugins\StatsPlugin.dll
2014-01-10 13:00 - 2014-11-20 15:54 - 00961680 _____ () D:\Program Files\Garena Plus\Plugins\ggplugin.dll
2014-01-10 13:00 - 2014-06-11 21:45 - 00192816 _____ () D:\Program Files\Garena Plus\ImageModule.dll
2014-01-10 13:00 - 2013-04-10 17:22 - 00155440 _____ () D:\Program Files\Garena Plus\libmpg123.dll
2014-01-10 13:00 - 2013-01-30 16:26 - 02941232 _____ () D:\Program Files\Garena Plus\ggdownloader.dll
2014-01-10 13:00 - 2012-04-13 11:12 - 00059392 _____ () D:\Program Files\Garena Plus\lib\delay_load\AudioMixerLib.dll
2014-01-10 13:00 - 2012-07-27 14:59 - 00010240 _____ () D:\Program Files\Garena Plus\lib\delay_load\ClientTcp.dll
2014-01-10 13:00 - 2013-07-15 22:29 - 01545520 _____ () D:\Program Files\Garena Plus\lib\delay_load\FileSender.dll
2014-01-10 13:00 - 2013-02-01 13:42 - 00153088 _____ () D:\Program Files\Garena Plus\libzmq.dll
2014-01-10 13:00 - 2013-09-20 19:12 - 00956208 _____ () D:\Program Files\Garena Plus\lib\delay_load\GaFileTransfer.dll
2014-01-10 13:00 - 2012-04-24 09:19 - 00238592 _____ () D:\Program Files\Garena Plus\lib\delay_load\MediaEngine.dll
2014-01-10 13:00 - 2012-04-13 11:12 - 00019968 _____ () D:\Program Files\Garena Plus\ServerMemAlloc.dll
2014-01-10 13:00 - 2012-03-08 16:56 - 00510464 _____ () D:\Program Files\Garena Plus\lib\delay_load\RSALib.dll
2014-01-10 13:00 - 2012-07-27 14:59 - 00061952 _____ () D:\Program Files\Garena Plus\lib\delay_load\UdtLib.dll
2014-12-12 00:47 - 2014-12-06 09:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 00:47 - 2014-12-06 09:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-12 00:47 - 2014-12-06 09:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 00:47 - 2014-12-06 09:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: BtTray => "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
MSCONFIG\startupreg: BtvStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2212237549-3074385122-2743999999-500 - Administrator - Disabled)
gamer (S-1-5-21-2212237549-3074385122-2743999999-1000 - Administrator - Enabled) => C:\Users\gamer
Guest (S-1-5-21-2212237549-3074385122-2743999999-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2212237549-3074385122-2743999999-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Marvell Console ATA Device
Description: Marvell Console ATA Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/02/2015 11:27:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/02/2015 11:25:54 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (01/02/2015 10:21:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (01/02/2015 10:02:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (01/02/2015 11:25:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
 
Microsoft Office Sessions:
=========================
Error: (01/02/2015 11:27:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/02/2015 11:25:54 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (01/02/2015 10:21:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\gamer\Desktop\esetsmartinstaller_enu.exe
 
Error: (01/02/2015 10:02:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\gamer\Desktop\esetsmartinstaller_enu.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-02 23:40:58.236
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-02 23:40:58.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-02 23:40:58.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-02 23:37:39.399
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-02 23:37:39.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-02 23:37:39.397
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-31 02:04:45.582
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-31 02:04:45.581
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-31 02:04:45.580
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-31 02:04:45.578
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7-4771 CPU @ 3.50GHz
Percentage of memory in use: 21%
Total physical RAM: 16335.79 MB
Available physical RAM: 12826.63 MB
Total Pagefile: 32669.77 MB
Available Pagefile: 29046.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:4.43 GB) NTFS
Drive d: (Game) (Fixed) (Total:465.76 GB) (Free:26.41 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: C4F98430)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 685EDA64)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Hi,

 

The *32-extension in Task Manager only states that such a process is a 32-bit process, executed on a 64-bit system. So, all processes without *32 in the name are 32-bit, all processes without *32 are 64-bit. :)

 

I can't find any malware on your computer actually. Just a quick question: Did you install "Garena Plus" and/or Razer Kraken headphones recently? And if so, did the problems with memory usage start since then?

 

I hope to hear from you soon. :)

Link to post
Share on other sites

Hello Blackbird. thank you for the reply. hahaha. i didn't know that. i'm such a newbie at this. my ram will increase expontially. i only installed the razer program last 2 months if i'm not wrong. garena plus was install long ago, about a year or so. is there any other scans that i can do to check whether it is really not a malware that is causing all this?

Link to post
Share on other sites

Hi there,

 

Take a look at this link. That's your "steamwebhelper.exe*32". So, nothing to worry about.

 

Beside that I can't see any malware present on your system. We can't be more sure, because if there was active malware on your system, I would have seen traces of it in your logfiles.

 

Have you got any other questions for me? :)

Link to post
Share on other sites

Ohh okay. i checked the log files, there are a lot of errors. how can i rectify code integrity, applications, system and microsoft office sessions errors stated in the logs?


if i have mutiple instance of chrome.exe, is it normal? i have 1 tab of chrome at the moment. could a malware cause mutiple instances of program to run?

Link to post
Share on other sites

How many times should I say your computer looks clean to me? ;) You don't have any malware on your system, as far as I can see. And no scanner I can throw in will show malware here. Not all problems are caused by malware.

 

Yes, it's possible there are several chrome.exe processes active at the same time, even when you got 1 tab open in Chrome. Chrome uses multiple processes, for example to run extensions/plug-ins etc.

 

Which errors are you talking about? :)

Link to post
Share on other sites

Okay, thank you for your help.

 

i'm referring to the errors below.

 

Application errors:
==================
Error: (01/02/2015 11:27:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/02/2015 11:25:54 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (01/02/2015 10:21:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (01/02/2015 10:02:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (01/02/2015 11:25:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
 
Microsoft Office Sessions:
=========================
Error: (01/02/2015 11:27:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/02/2015 11:25:54 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (01/02/2015 10:21:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\gamer\Desktop\esetsmartinstaller_enu.exe
 
Error: (01/02/2015 10:02:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\gamer\Desktop\esetsmartinstaller_enu.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-02 23:40:58.236
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-02 23:40:58.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-02 23:40:58.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-02 23:37:39.399
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-02 23:37:39.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-02 23:37:39.397
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-31 02:04:45.582
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-31 02:04:45.581
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-31 02:04:45.580
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-31 02:04:45.578
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Link to post
Share on other sites

Hi,

 

The only returning error comes from Kaspersky. Maybe you can try to reinstall, maybe it solves the problem then. I don't have any other solution for this. The other errors only occured once... Just keep an eye on it, and wait and see if those errors also return after some hours/days.

 

If you really want to research this with our help, I want to redirect you to our General PC Help subforum. I'm sure they can assist you there regarding the errors. :)

 

All Clean!
The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of recourses and tools that you might find useful.

AFZxnZc.jpg Download DelFix and save the file to your Desktop.

  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings

    [*]Click the Run button.


-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + Delete).

==============================================================

I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.



The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
  • EG85Vjt.pngMalwarebytes' Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.pngNoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.pngSandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.pngSecunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpgSpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.



==============================================================

Please confirm if you have no outstanding issues, and are happy with the state of your computer. Also please tell me if you got any questions left regarding the information I gave you in this post.

Link to post
Share on other sites

Haha, you are welcome!! Thanks for the compliment. :)

 

I will inform a moderator to close this topic, because your PC problems have been solved. If problems return when your topic has already been closed, please inform me or a moderator/administrator to re-open your topic.

 

Happy surfing again! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.