1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Duplicate processes!!!!

Discussion in 'Windows 7' started by leorina, Oct 7, 2016.

Thread Status:
Not open for further replies.
Advertisement
  1. leorina

    leorina Thread Starter

    Joined:
    Jun 14, 2010
    Messages:
    114
    Hello guys. Recently I experienced slow performance on my computer and I discover that there's duplicate same processes running in my system and I would like to get rid of it. The cpu usage constantly minimum stay at 25% as shown in the picture below, I would like to trim it down to 0% usage. Can you kindly advise me on this issue? Thank you.

    upload_2016-10-8_10-13-30.png

    upload_2016-10-8_10-14-31.png


    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i5-4690K CPU @ 3.50GHz, Intel64 Family 6 Model 60 Stepping 3
    Processor Count: 4
    RAM: 8135 Mb
    Graphics Card: NVIDIA GeForce GTX 970, -1 Mb
    Hard Drives: C: Total - 114470 MB, Free - 55038 MB; D: Total - 453866 MB, Free - 397846 MB; G: Total - 499999 MB, Free - 453154 MB;
    Motherboard: ASUSTeK COMPUTER INC., Z97-PRO GAMER
    Antivirus: ESET Smart Security 8.0, Updated and Enabled
     

    Attached Files:

  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,253
    First Name:
    Derek
    You haven't got running duplicates
    that is almost certainly windows update doing a check for & trying to download updates

    Loads of Microsoft tasks use the svchost main process .Do not try to stop or delete them. You will totally wreck the computer
     
  3. leorina

    leorina Thread Starter

    Joined:
    Jun 14, 2010
    Messages:
    114
    I have already disable the window updates but the cpu usage still running at 25%
     
  4. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,439
    First Name:
    Frank
    I wouldn't disable Windows Update.
    Set it to notify you of new updates and allow you to choose which ones to download and install.

    ---------------------------------------------------------------

    Let's see what the startup list and services list looks like in your computer.
    These are my "canned instructions", but you can submit images instead.

    Click Start, then type MSCONFIG in the search or run box, then press the Enter key.
    When the small "System Configuration" window appears, click the "Startup" tab.
    Write down ONLY the names in the "Startup Item" column that have a checkmark next to them.
    If the "Startup Item" column isn't wide enough to see the entire name of any of them, widen the column.
    Submit those names here in a vertical list.
    Make sure to spell them EXACTLY as you see them there.

    Click Start, then type SERVICES.MSC in the search or run box, then press the Enter key.
    When the "Services" window appears, expand it so you can see the list more clearly.
    Write down ONLY the names in the "Name" column that have their startup type set on Automatic and Automatic (Delayed Start).
    If the "Name" column isn't wide enough to see the entire name of any of them, widen the column.
    Submit those names here in a vertical list and in alphabetical order.
    Make sure to spell them correctly.

    ---------------------------------------------------------------
     
  5. leorina

    leorina Thread Starter

    Joined:
    Jun 14, 2010
    Messages:
    114
    Thank you for your assist.
    I have already change the setting on window update 'Check for updates but let me choose whether to download and install them' option.

    upload_2016-10-9_10-43-51.png

    upload_2016-10-9_10-48-12.png

    upload_2016-10-9_10-50-44.png
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,253
    First Name:
    Derek
    lets just see if this shows any malware running
    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to download and run the 64 bit version

    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
     
  7. Fireflycph

    Fireflycph

    Joined:
    Apr 1, 2016
    Messages:
    1,061
    First Name:
    Morten
    If you RIght CLick the process that's using a lot of CPU, you should be able to Left Click "Go To Services"

    Then the services that are using that specific process instance will be highlighted.

    Please write a list of the affected services.
     
  8. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,439
    First Name:
    Frank
    It looks like you've already trimmed down the number of running processes in the services list.

    You can uncheck the CCleaner and Garena+entries in the startup list.
    You can manually start either of them when you're ready to use them.

    --------------------------------------------------------------
     
  9. leorina

    leorina Thread Starter

    Joined:
    Jun 14, 2010
    Messages:
    114
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-10-2016
    Ran by user (administrator) on USER-PC (11-10-2016 19:37:19)
    Running from C:\Users\user\Desktop\Downloaded File
    Loaded Profiles: user (Available Profiles: user)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 8 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
    () G:\Garena Plus\ggdllhost.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
    () G:\Garena Plus\GarenaMessenger.exe
    () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
    (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
    (Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
    () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    () G:\Garena Plus\ggdllhost.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\System32\mspaint.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe


    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-02] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
    HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1842624 2016-09-30] (NVIDIA Corporation)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-22] (Razer Inc.)
    HKU\S-1-5-21-1428807012-1017766511-3960407901-1000\...\Run: [GarenaPlus] => G:\Garena Plus\GarenaMessenger.exe [9858552 2016-09-29] ()
    HKU\S-1-5-21-1428807012-1017766511-3960407901-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-27] (Piriform Ltd)
    ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{A120D378-7805-408B-8B86-9046FFEC74DD}: [NameServer] 1.9.1.9,202.188.0.133
    Tcpip\..\Interfaces\{A120D378-7805-408B-8B86-9046FFEC74DD}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-1428807012-1017766511-3960407901-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-06-16] (Microsoft Corporation)
    Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-06-16] (Microsoft Corporation)
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-06-16] (Microsoft Corporation)
    Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-06-16] (Microsoft Corporation)

    FireFox:
    ========
    FF HKU\S-1-5-21-1428807012-1017766511-3960407901-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2016-10-11] [not signed]
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-29] (Intel Corporation)
    FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-29] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-21] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
    FF Plugin-x32: @t.garena.com/garenatalk -> G:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-09-23] ( Garena)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-21] (Microsoft Corporation)

    Chrome:
    =======
    CHR HomePage: Default -> hxxps://www.facebook.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com"
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2016-10-11]
    CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-20]
    CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-20]
    CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-20]
    CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-20]
    CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-11]
    CHR Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-10-02]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
    CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-20]
    CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-23]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-11]
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-11]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
    R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-07-23] () [File not signed]
    S3 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
    R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-29] (Intel Corporation)
    S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3431920 2015-07-22] (INCA Internet Co., Ltd.) [File not signed]
    R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [455616 2016-09-30] (NVIDIA Corporation)
    S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [455616 2016-09-30] (NVIDIA Corporation)
    R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-09-30] (NVIDIA Corporation)
    R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69760 2016-09-26] (Razer Inc.)
    R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-07-20] ()
    R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-24] (StarWind Software) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
    R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] (Intel Corporation)
    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
    U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-13] (ESET)
    R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
    R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [231520 2015-07-13] (ESET)
    R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53360 2015-07-13] (ESET)
    R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-13] (ESET)
    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-29] (Intel Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-09-30] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-09-02] (NVIDIA Corporation)
    R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [51736 2016-06-23] (Razer Inc)
    R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-05-07] (Razer, Inc.)
    R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [136312 2016-06-28] (Razer, Inc.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-10-25] (Duplex Secure Ltd.)
    S3 TarFltr; C:\Windows\System32\drivers\UsbFltr.sys [49664 2007-04-11] (Razer USA Ltd.)
    S3 VaneFltr; C:\Windows\System32\drivers\Lachesis.sys [29952 2009-10-16] (Razer (Asia-Pacific) Pte Ltd)
    R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
    U3 a1eijr7s; C:\Windows\System32\Drivers\a1eijr7s.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
    R3 gkernel; \??\C:\Users\user\AppData\Local\Temp\gkernel.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-11 19:37 - 2016-10-11 19:37 - 00000000 ____D C:\FRST
    2016-10-08 18:49 - 2016-02-14 09:47 - 00125720 _____ C:\Windows\SysWOW64\vulkan-1.dll
    2016-10-08 18:49 - 2016-02-14 09:46 - 00126232 _____ C:\Windows\system32\vulkan-1.dll
    2016-10-08 18:49 - 2016-02-14 09:45 - 00045848 _____ C:\Windows\system32\vulkaninfo.exe
    2016-10-08 18:49 - 2016-02-14 09:45 - 00042264 _____ C:\Windows\SysWOW64\vulkaninfo.exe
    2016-10-08 18:48 - 2016-10-02 05:15 - 40068544 _____ C:\Windows\system32\nvcompiler.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 35180992 _____ C:\Windows\SysWOW64\nvcompiler.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 34808768 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 28213696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 17464952 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 17272008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 14353328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 14126528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2016-10-08 18:48 - 2016-10-02 05:15 - 10868472 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 10745848 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 10286296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 09091648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 08877808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 08685352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 03594176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 03161024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 01935808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437306.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437306.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 01018816 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 00958520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 00943672 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 00893376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 00688784 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 00578240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 00493792 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 00437696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 00436088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 00409296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 00180136 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 00157464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2016-10-08 18:48 - 2016-10-02 05:15 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2016-09-26 14:23 - 2016-09-26 14:23 - 00099968 _____ (Razer Inc.) C:\Windows\SysWOW64\RzChromaSDK.dll
    2016-09-26 14:23 - 2016-09-26 14:23 - 00048776 _____ (Razer Inc.) C:\Windows\SysWOW64\RzAPIChromaSDK.dll
    2016-09-26 14:22 - 2016-09-26 14:22 - 00108672 _____ (Razer Inc.) C:\Windows\system32\RzChromaSDK64.dll
    2016-09-22 19:56 - 2016-10-06 23:20 - 00003590 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2016-09-16 13:59 - 2016-08-26 07:28 - 01920960 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437270.dll
    2016-09-16 13:59 - 2016-08-26 07:28 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437270.dll
    2016-09-16 13:59 - 2016-08-26 07:28 - 00223304 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
    2016-09-16 13:59 - 2016-08-26 07:28 - 00054728 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
    2016-09-16 13:59 - 2016-08-26 07:28 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
    2016-09-16 13:59 - 2016-08-26 07:28 - 00000669 _____ C:\Windows\system32\nv-vk64.json
    2016-09-16 12:55 - 2016-10-06 23:20 - 00001416 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
    2016-09-16 12:54 - 2016-10-06 23:20 - 00003828 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2016-09-16 12:54 - 2016-10-06 23:20 - 00003828 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2016-09-16 12:54 - 2016-10-06 23:20 - 00003778 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2016-09-16 12:54 - 2016-10-06 23:20 - 00003766 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2016-09-16 12:54 - 2016-10-06 23:20 - 00003530 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2016-09-16 12:54 - 2016-09-30 12:24 - 01842624 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2016-09-16 12:54 - 2016-09-30 12:24 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
    2016-09-16 12:54 - 2016-09-30 12:24 - 01444288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2016-09-16 12:54 - 2016-09-30 12:24 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
    2016-09-16 12:54 - 2016-09-30 12:24 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
    2016-09-16 12:54 - 2016-09-30 03:27 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
    2016-09-16 12:54 - 2016-09-16 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2016-09-16 12:54 - 2016-09-02 19:13 - 00104384 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
    2016-09-16 12:54 - 2016-09-02 19:13 - 00094144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2016-09-16 12:54 - 2016-09-02 19:13 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2016-09-16 09:58 - 2016-05-07 06:50 - 00044144 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
    2016-09-12 11:26 - 2016-09-12 11:42 - 00000000 ____D C:\Users\user\Desktop\Poke
    2016-09-11 15:58 - 2016-09-15 19:31 - 00000000 ____D C:\Users\user\.android
    2016-09-11 15:57 - 2016-09-15 19:31 - 00000000 ____D C:\Users\user\vmlogs
    2016-09-11 15:57 - 2016-09-11 15:57 - 00000000 ____D C:\Users\user\Nox_share
    2016-09-11 15:56 - 2015-09-16 14:07 - 00127432 _____ (BigNox Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
    2016-09-11 15:55 - 2016-09-18 11:34 - 00000000 ____D C:\Users\user\AppData\Roaming\Nox
    2016-09-11 15:55 - 2016-09-18 11:34 - 00000000 ____D C:\Users\user\AppData\Local\Nox
    2016-09-11 15:55 - 2016-09-11 15:55 - 00000000 ____D C:\Program Files\DIFX
    2016-09-11 15:55 - 2015-09-16 11:29 - 00253384 _____ (BigNox Corporation) C:\Windows\system32\Drivers\XQHDrv.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-11 19:37 - 2015-10-20 15:31 - 00000000 ___RD C:\Users\user\Desktop\Downloaded File
    2016-10-11 19:25 - 2009-07-14 13:13 - 00787694 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-10-11 19:25 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
    2016-10-11 19:24 - 2015-10-21 08:03 - 00000000 ____D C:\Users\user\AppData\Roaming\GarenaPlus
    2016-10-11 19:24 - 2015-10-21 08:02 - 00000000 ____D C:\ProgramData\GarenaMessenger
    2016-10-11 19:21 - 2016-02-05 18:55 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
    2016-10-11 19:21 - 2015-11-14 16:30 - 00003356 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
    2016-10-11 19:21 - 2015-10-20 12:03 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-10-11 19:21 - 2015-10-20 12:01 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-10-11 19:21 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-10-10 22:53 - 2009-07-14 12:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-10-10 22:53 - 2009-07-14 12:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-10-10 22:08 - 2015-10-20 12:03 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-10-10 21:58 - 2015-10-27 15:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-10-08 18:49 - 2016-03-14 15:31 - 00000000 ____D C:\Program Files (x86)\VulkanRT
    2016-10-08 18:49 - 2015-10-20 12:15 - 00000000 ____D C:\Temp
    2016-10-08 17:54 - 2016-01-20 11:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2016-10-08 14:17 - 2015-10-20 19:08 - 00000000 ____D C:\Users\user\AppData\Roaming\DMCache
    2016-10-08 11:46 - 2015-10-20 19:08 - 00000000 ____D C:\Users\user\AppData\Roaming\IDM
    2016-10-08 09:52 - 2015-10-21 17:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-10-06 23:20 - 2015-10-20 12:01 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2016-10-06 23:20 - 2015-10-20 12:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2016-10-06 23:20 - 2015-10-20 12:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2016-10-04 21:55 - 2016-02-06 16:05 - 00007229 _____ C:\Users\user\Desktop\New Text Document (2).txt
    2016-10-04 20:09 - 2015-10-20 12:03 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-10-04 20:09 - 2015-10-20 12:03 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-10-02 05:15 - 2015-11-14 19:23 - 03919048 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2016-10-02 05:15 - 2015-10-20 12:00 - 19856296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
    2016-10-02 05:15 - 2015-10-20 12:00 - 03459448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2016-10-02 05:15 - 2015-10-20 12:00 - 00039730 _____ C:\Windows\system32\nvinfo.pb
    2016-10-02 03:44 - 2015-12-23 21:50 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
    2016-10-02 03:44 - 2015-12-23 21:50 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
    2016-10-02 03:44 - 2015-10-20 12:01 - 06384064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2016-10-02 03:44 - 2015-10-20 12:01 - 02473408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2016-10-02 03:44 - 2015-10-20 12:01 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2016-10-02 03:44 - 2015-10-20 12:01 - 01362368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    2016-10-02 03:44 - 2015-10-20 12:01 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2016-10-02 03:44 - 2015-10-20 12:01 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2016-10-01 08:26 - 2015-10-20 12:01 - 07422645 _____ C:\Windows\system32\nvcoproc.bin
    2016-09-18 11:27 - 2016-01-20 11:15 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
    2016-09-16 14:22 - 2015-10-20 16:13 - 00000000 ____D C:\Users\user\AppData\Local\NVIDIA Corporation
    2016-09-16 12:57 - 2015-10-20 16:10 - 00000000 ____D C:\Users\user\AppData\Local\NVIDIA
    2016-09-13 19:58 - 2015-10-27 15:20 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-09-13 19:58 - 2015-10-27 15:20 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-09-13 19:58 - 2015-10-27 15:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-09-13 19:58 - 2015-10-27 15:20 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-09-13 19:58 - 2015-10-27 15:20 - 00000000 ____D C:\Windows\system32\Macromed
    2016-09-11 15:55 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Registration

    ==================== Files in the root of some directories =======

    2016-01-20 11:58 - 2016-01-20 11:58 - 0007648 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
    2015-10-20 12:08 - 2015-10-20 12:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll
    [2010-11-21 11:24] - [2015-10-21 15:58] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

    C:\Windows\SysWOW64\User32.dll
    [2010-11-21 11:24] - [2015-10-21 15:58] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-10-08 22:36

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-10-2016
    Ran by user (11-10-2016 19:37:28)
    Running from C:\Users\user\Desktop\Downloaded File
    Windows 7 Home Premium Service Pack 1 (X64) (2015-10-20 03:59:44)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1428807012-1017766511-3960407901-500 - Administrator - Disabled)
    Guest (S-1-5-21-1428807012-1017766511-3960407901-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1428807012-1017766511-3960407901-1002 - Limited - Enabled)
    user (S-1-5-21-1428807012-1017766511-3960407901-1000 - Administrator - Enabled) => C:\Users\user

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
    FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
    Ansel (Version: 373.06 - NVIDIA Corporation) Hidden
    ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
    DVDVob2Mpg 2.0 (HKLM-x32\...\DVDVob2Mpg_is1) (Version: 2.0 - Smart Projects)
    ESET Smart Security (HKLM\...\{92172C3C-7BCF-4DA3-8263-6617B13E897F}) (Version: 8.0.319.0 - ESET, spol s r. o.)
    Garena - Mstar (HKLM-x32\...\MstarTW) (Version: 2016080301 - ¥xÆWÄv»R®T¼Ö¦³¤½¥q)
    Garena+ (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    Intel(R) Chipset Device Software (x32 Version: 10.0.17 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
    Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    K-Lite Codec Pack 7.1.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
    NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation)
    NVIDIA Graphics Driver 373.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 373.06 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
    NvNodejs (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
    NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.9.6 - Razer Inc.)
    Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.822 - Razer Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7335 - Realtek Semiconductor Corp.)
    Resident Evil 6 (HKLM-x32\...\Resident Evil 6_is1) (Version: - )
    SHIELD Streaming (Version: 7.1.0320 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
    Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
    WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {20208EE4-99B5-4655-91F9-F28FE332CAEC} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-03-25] (ASUSTek Computer Inc.)
    Task: {28B237B4-7865-4D96-948D-5D4D8FCEA0B8} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
    Task: {3106CED7-3D26-4FD3-B11E-1F1065544F88} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-30] (NVIDIA Corporation)
    Task: {4A5148EB-49D9-4442-990E-2717881B7763} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)
    Task: {77D735E7-E1F5-402F-B957-C850C2AC21DF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {9128E740-52BA-4CAE-85E6-8CBDC20E08EF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-20] (Google Inc.)
    Task: {9CD1289C-6404-4DA5-B071-C606AE23AEA1} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-02-05] ()
    Task: {9E06FC5F-9DFD-4793-96E5-113A2AC06023} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {B5146B73-369E-4EA4-BE11-1C7DFFCA209D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-27] (Piriform Ltd)
    Task: {B6BAAAA3-ED5E-4316-80D7-101684C194E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-20] (Google Inc.)
    Task: {E95C2071-B24B-4110-9D8C-1C50A43E9DBF} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
    Task: {E9F79925-9C36-461F-B22D-856536CED035} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {EA6E1A97-835E-4172-99A4-CA512EB7C1A0} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-30] (NVIDIA Corporation)
    Task: {F062FDD6-A344-4174-AF07-EC33150F5298} - System32\Tasks\Garena+ Plugin Host Service => G:\Garena Plus\ggdllhost.exe [2016-02-22] ()
    Task: {F1C4CD83-EF7A-4509-889D-BE3F198125D9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
    Task: {F1EA9ADA-2870-4BA7-80E0-0781762976BC} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-20 12:01 - 2016-10-02 03:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-10-20 12:04 - 2014-01-28 11:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
    2014-01-23 08:05 - 2014-01-23 08:05 - 08878248 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2015-10-09 21:22 - 2016-02-22 19:24 - 00174632 _____ () G:\Garena Plus\ggdllhost.exe
    2015-10-09 21:22 - 2016-09-29 12:25 - 09858552 _____ () G:\Garena Plus\GarenaMessenger.exe
    2015-10-20 12:07 - 2014-07-23 09:59 - 01360016 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
    2016-09-16 12:54 - 2016-09-30 12:24 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2016-09-16 12:54 - 2016-09-30 12:24 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
    2016-09-16 12:54 - 2016-09-30 12:24 - 00418240 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
    2016-07-20 08:10 - 2016-07-20 08:11 - 00187824 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    2015-10-20 12:04 - 2016-10-11 19:21 - 00038544 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
    2015-10-20 12:04 - 2014-01-28 11:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
    2015-10-09 21:23 - 2016-09-29 12:26 - 03437008 _____ () G:\Garena Plus\ggspawn.dll
    2015-10-09 21:23 - 2015-10-09 21:23 - 00111552 _____ () G:\Garena Plus\CommonLib.dll
    2015-10-09 21:23 - 2015-10-09 21:23 - 00040384 _____ () G:\Garena Plus\DibModule.dll
    2015-10-09 21:23 - 2016-09-29 19:03 - 00047568 _____ () G:\Garena Plus\VersionModule.dll
    2015-10-09 21:23 - 2015-10-09 21:23 - 00058304 _____ () G:\Garena Plus\FileLoader.dll
    2015-10-09 21:23 - 2015-10-09 21:23 - 00094144 _____ () G:\Garena Plus\PluginKernel.dll
    2015-10-09 21:23 - 2015-10-09 21:23 - 00494016 _____ () G:\Garena Plus\CxImage.dll
    2015-10-09 21:23 - 2015-10-09 21:23 - 00032192 _____ () G:\Garena Plus\PluginModule.dll
    2015-10-09 21:23 - 2015-10-09 21:23 - 00177600 _____ () G:\Garena Plus\lib\fs\YYFileSystem.dll
    2015-10-09 21:23 - 2016-06-24 20:05 - 00379744 _____ () G:\Garena Plus\lib\Http.dll
    2015-10-09 21:23 - 2015-10-09 21:23 - 00191424 _____ () G:\Garena Plus\lib\MP3Module.dll
    2012-02-22 16:52 - 2012-02-22 16:52 - 00162304 _____ () G:\Garena Plus\lame_enc.DLL
    2015-10-09 21:23 - 2015-10-09 21:23 - 00226752 _____ () G:\Garena Plus\lib\TaskManagerLib.dll
    2015-10-09 21:23 - 2015-11-24 21:26 - 00159168 _____ () G:\Garena Plus\lib\UILayout.dll
    2015-10-09 21:23 - 2015-10-09 21:23 - 00965056 _____ () G:\Garena Plus\lib\XLL.dll
    2015-10-09 21:23 - 2015-10-09 21:23 - 00061888 _____ () G:\Garena Plus\lib\XmlUIModule.dll
    2012-02-22 16:52 - 2012-02-22 16:52 - 00573100 _____ () G:\Garena Plus\sqlite3.dll
    2015-10-09 21:23 - 2016-02-22 19:25 - 00237608 _____ () G:\Garena Plus\Plugins\StatsPlugin.dll
    2015-10-09 21:23 - 2016-08-12 12:47 - 02207696 _____ () G:\Garena Plus\Plugins\ggplugin.dll
    2015-10-09 21:23 - 2015-10-09 21:23 - 00199616 _____ () G:\Garena Plus\ImageModule.dll
    2015-10-09 21:23 - 2015-10-09 21:23 - 00162240 _____ () G:\Garena Plus\libmpg123.dll
    2015-10-09 21:23 - 2016-08-29 15:48 - 04892664 _____ () G:\Garena Plus\ggdownloader.dll
    2015-10-09 21:23 - 2015-10-09 21:23 - 00072640 _____ () G:\Garena Plus\lib\delay_load\AudioMixerLib.dll
    2015-10-09 21:23 - 2015-10-09 21:23 - 00023488 _____ () G:\Garena Plus\lib\delay_load\ClientTcp.dll
    2015-10-09 21:23 - 2015-10-09 21:23 - 01552320 _____ () G:\Garena Plus\lib\delay_load\FileSender.dll
    2013-02-01 13:42 - 2013-02-01 13:42 - 00153088 _____ () G:\Garena Plus\libzmq.dll
    2015-10-09 21:23 - 2015-10-09 21:23 - 00963008 _____ () G:\Garena Plus\lib\delay_load\GaFileTransfer.dll
    2015-10-09 21:23 - 2015-10-09 21:23 - 00251840 _____ () G:\Garena Plus\lib\delay_load\MediaEngine.dll
    2015-10-09 21:23 - 2015-10-09 21:23 - 00033216 _____ () G:\Garena Plus\ServerMemAlloc.dll
    2015-10-09 21:23 - 2015-10-09 21:23 - 00523712 _____ () G:\Garena Plus\lib\delay_load\RSALib.dll
    2015-10-09 21:23 - 2015-10-09 21:23 - 00075200 _____ () G:\Garena Plus\lib\delay_load\UdtLib.dll
    2016-09-26 14:46 - 2016-09-26 14:46 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
    2016-09-16 12:54 - 2016-09-30 12:23 - 60817344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
    2015-10-20 16:13 - 2016-09-30 12:24 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2016-09-16 12:54 - 2016-09-30 01:20 - 00500792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
    2016-09-16 12:54 - 2016-09-30 01:20 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
    2016-09-16 12:54 - 2016-09-30 01:20 - 02801208 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
    2016-09-16 12:54 - 2016-09-30 01:20 - 00244672 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
    2016-09-16 12:54 - 2016-09-30 01:20 - 00430648 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
    2016-09-16 12:54 - 2016-09-30 01:20 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
    2016-09-16 12:54 - 2016-09-30 01:20 - 00373696 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
    2014-04-29 16:23 - 2014-04-29 16:23 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2016-10-04 20:09 - 2016-09-25 11:47 - 01805416 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libglesv2.dll
    2016-10-04 20:09 - 2016-09-25 11:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libegl.dll
    2016-09-18 19:04 - 2016-09-12 17:48 - 17754304 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.166\pepflashplayer.dll
    2014-01-21 20:07 - 2014-01-21 20:07 - 08878248 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1428807012-1017766511-3960407901-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 1.9.1.9 - 202.188.0.133
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{2724FA0C-3E53-4D47-9F9C-6F4F5592D41A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
    FirewallRules: [{FAE34D8F-6E73-47B9-8EC1-2BDCA9CFE305}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
    FirewallRules: [{C919999F-1BA3-4E3E-B426-CCE17C0F1E1C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{7DF5E521-5445-4F1A-B2D6-90E377358FEF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{869B67A2-A150-4FC8-B159-9ADAED089DFD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{B55849D0-F8F3-41D0-A071-538965F9144C}] => (Allow) G:\Steam\Steam.exe
    FirewallRules: [{D382B017-F30A-4AF5-BCC3-D0D2F2446F75}] => (Allow) G:\Steam\Steam.exe
    FirewallRules: [{E2C3D061-23E2-4583-A398-7DF00F132DC8}] => (Allow) G:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{B98167CF-3644-406F-8AFF-AC0EED6A0E75}] => (Allow) G:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{2982295A-7308-45ED-BA61-FEEDBFFCECF7}] => (Allow) G:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{106972EF-1119-4200-A6D3-FB0C556233FC}] => (Allow) G:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{B9702CBD-759D-4890-B6EE-178076CEDE64}] => (Allow) G:\Garena Plus\ggdllhost.exe
    FirewallRules: [TCP Query User{91101A00-20C0-4553-B478-A557E416ACC6}G:\garena plus\garenamessenger.exe] => (Allow) G:\garena plus\garenamessenger.exe
    FirewallRules: [UDP Query User{F47FBAEC-1873-4989-BEC2-DE58B3497FDA}G:\garena plus\garenamessenger.exe] => (Allow) G:\garena plus\garenamessenger.exe
    FirewallRules: [{5B2E8C0D-C777-4C96-AF30-79BCC7AD5039}] => (Allow) C:\GarenaDownload\Games\mstartw\MstarTWInstaller.exe
    FirewallRules: [{D9A5BD15-4AF7-4E32-86E5-9CF7A1A73814}] => (Allow) C:\GarenaDownload\Games\mstartw\MstarTWInstaller.exe
    FirewallRules: [{FAD1F452-DA8C-4D7C-8415-AC007CC2DEAD}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{869843FB-E06F-4C55-8503-E537D36CABBC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{93C098F7-781F-4F7C-BA68-C0F17DEA4577}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{57453413-2C63-4023-92EA-95F57FCA9062}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{33BCFE43-8B54-4712-B0FC-CB3A356956B6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    30-09-2016 22:55:03 Scheduled Checkpoint
    08-10-2016 09:28:37 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918
    08-10-2016 09:28:41 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/11/2016 07:23:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (10/11/2016 07:21:22 PM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x80070005.

    Error: (10/10/2016 10:04:24 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (10/10/2016 09:04:24 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (10/10/2016 07:56:19 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (10/10/2016 07:20:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (10/10/2016 07:19:04 PM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x80070005.

    Error: (10/10/2016 12:14:09 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (10/09/2016 11:14:09 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (10/09/2016 10:14:09 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005


    System errors:
    =============
    Error: (10/10/2016 07:56:19 PM) (Source: DCOM) (EventID: 10001) (User: )
    Description: Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error:
    "5"
    Happened while starting this command:
    C:\Windows\System32\slui.exe -Embedding

    Error: (10/09/2016 10:30:14 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "USER-PC :20" could not be registered on the interface with IP address 192.168.0.2.
    The computer with the IP address 192.168.0.4 did not allow the name to be claimed by
    this computer.

    Error: (10/09/2016 10:30:14 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "USER-PC :0" could not be registered on the interface with IP address 192.168.0.2.
    The computer with the IP address 192.168.0.4 did not allow the name to be claimed by
    this computer.

    Error: (10/09/2016 10:30:14 PM) (Source: Server) (EventID: 2505) (User: )
    Description: The server could not bind to the transport \Device\NetBT_Tcpip_{A120D378-7805-408B-8B86-9046FFEC74DD} because another computer on the network has the same name. The server could not start.

    Error: (10/09/2016 11:14:08 AM) (Source: DCOM) (EventID: 10001) (User: )
    Description: Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error:
    "5"
    Happened while starting this command:
    C:\Windows\System32\slui.exe -Embedding

    Error: (10/08/2016 07:40:55 PM) (Source: DCOM) (EventID: 10001) (User: )
    Description: Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error:
    "5"
    Happened while starting this command:
    C:\Windows\System32\slui.exe -Embedding

    Error: (10/08/2016 06:54:51 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

    Error: (10/08/2016 06:40:21 PM) (Source: DCOM) (EventID: 10001) (User: )
    Description: Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error:
    "5"
    Happened while starting this command:
    C:\Windows\System32\slui.exe -Embedding

    Error: (10/08/2016 10:08:22 AM) (Source: DCOM) (EventID: 10001) (User: )
    Description: Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error:
    "5"
    Happened while starting this command:
    C:\Windows\System32\slui.exe -Embedding

    Error: (10/07/2016 09:34:47 PM) (Source: DCOM) (EventID: 10001) (User: )
    Description: Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error:
    "5"
    Happened while starting this command:
    C:\Windows\System32\slui.exe -Embedding


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4690K CPU @ 3.50GHz
    Percentage of memory in use: 39%
    Total physical RAM: 8135.1 MB
    Available physical RAM: 4900.54 MB
    Total Virtual: 16268.4 MB
    Available Virtual: 13229.79 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:111.79 GB) (Free:52.84 GB) NTFS
    Drive d: () (Fixed) (Total:443.23 GB) (Free:388.52 GB) NTFS
    Drive g: () (Fixed) (Total:488.28 GB) (Free:442.23 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 9A75B82F)
    Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 45A45ED9)
    Partition 1: (Active) - (Size=488.3 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================



    test1.jpg


    test2.jpg

    I did tried uncheck these entries and restart my computer, it didn't make any difference.
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,253
    First Name:
    Derek
    There are a couple of things that jump out at me form the logs
    1/ You are using a very out of date version of Internet explorer IE8 . the current and only supported version is IE11. It does not matter whether you use Internet explorer as your browser. You must have the latest version installed, because it is so tightly integrated into windows

    The screenshots also show windows update running and using CPU, so it is highly likely that it is trying to update IE & failing due to unable to validate

    Second the logs show you using AutoKMS which is an activation bypass used with pirated versions of windows. The logs also show activation errors

    Please run the MGA Diagnostic Tool and post back the report it creates:
    • Download MGADiag to your desktop.
    • Double-click on MGADiag.exe to launch the program
    • Click "Continue"
    • Ensure that the "Windows" tab is selected (it should be by default).
    • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
    • Paste the MGA Diagnostic Report back here in your next reply.

    Please download and run WVCheck.
    • Double-click WVCheck.exe.
    • As indicated by the prompt, this program can take a while depending on your hard drive space.
    • Once the program is done, copy the contents of the Notepad file as a reply.
     
  11. leorina

    leorina Thread Starter

    Joined:
    Jun 14, 2010
    Messages:
    114
    Unable to use WV check. I click the exe the command prompt auto close after after 2 second I click the exe








    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-74XYM-BH4JX-XM76F
    Windows Product Key Hash: KeYfcvXg/a1Q01x73+f8IL/JC4Y=
    Windows Product ID: 00359-112-0000007-85752
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {49BEB1F7-3544-4013-8C03-90F321EC500D}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.151019-1254
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{49BEB1F7-3544-4013-8C03-90F321EC500D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-XM76F</PKey><PID>00359-112-0000007-85752</PID><PIDType>5</PIDType><SID>S-1-5-21-1428807012-1017766511-3960407901</SID><SYSTEM><Manufacturer>ASUS</Manufacturer><Model>All Series</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>2002</Version><SMBIOSVersion major="2" minor="8"/><Date>20150209000000.000000+000</Date></BIOS><HWID>14043107018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Malay Peninsula Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Input Error: Can not find script file "C:\Windows\system32\slmgr.vbs".

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: N/A
    HealthStatus: 0x0000000000000000
    Event Time Stamp: N/A
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Not Registered - 0x80070005
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MAAAAAIAAQABAAEAAQACAAAAAQABAAEAln1y6/pD3UqsDo6k+jST1W5e3l5yiMj2

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC ALASKA A M I
    FACP ALASKA A M I
    HPET ALASKA A M I
    MCFG ALASKA A M I
    FPDT ALASKA A M I
    SSDT Ther_R Ther_Rvp
    SSDT Ther_R Ther_Rvp
    SSDT Ther_R Ther_Rvp
    SSDT Ther_R Ther_Rvp
    SSDT Ther_R Ther_Rvp
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,253
    First Name:
    Derek
    that is showing as a pirated version of windows. If you install a legit version, then your problems will almost certainly go away
    We do not offer any assistance with pirated windows
    Topic closed
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1179240

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice