Reply to thread

Message: <blockquote data-quote="PleaseHelpMe" data-source="post: 444108" data-attributes="member: 43909">[CODE]Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01Ran by jacky (administrator) on FURRY (22-10-2015 22:49:55)Running from C:\Users\jacky\DownloadsLoaded Profiles: jacky (Available Profiles: jacky)Platform: Windows 8.1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: [URL='http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/']FRST Tutorial - How to use Farbar Recovery Scan Tool[/URL]==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-02] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-01] (Realtek Semiconductor)HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-09-17] (Synaptics Incorporated)HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [507144 2014-09-02] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exeHKU\S-1-5-21-1190272223-2719381043-2969044305-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2901584 2015-10-14] (Valve Corporation)HKU\S-1-5-21-1190272223-2719381043-2969044305-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55357464 2015-09-04] (Skype Technologies S.A.)HKU\S-1-5-21-1190272223-2719381043-2969044305-1001\...\Run: [GoogleChromeAutoLaunch_D12A46AC425B1E984F072A5148D1C0EC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-08] (Google Inc.)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{C78ED941-CEC5-4BFA-998C-A274F83CE1C2}: [DhcpNameServer] 192.168.1.1Internet Explorer:==================HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.comHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.comHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.comHKU\S-1-5-21-1190272223-2719381043-2969044305-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.comHKU\S-1-5-21-1190272223-2719381043-2969044305-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehomeSearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM-x32 -> {55D08683-B376-4A30-869A-BC6E731AA2D0} URL = hxxp://[URL='http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}']www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}[/URL]SearchScopes: HKU\S-1-5-21-1190272223-2719381043-2969044305-1001 -> {55D08683-B376-4A30-869A-BC6E731AA2D0} URL = hxxp://[URL='http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}']www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}[/URL]BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-10-02] (Microsoft Corporation)BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-10-02] (Microsoft Corporation)Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-02] (Microsoft Corporation)Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-02] (Microsoft Corporation)Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-02] (Microsoft Corporation)Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-02] (Microsoft Corporation)Chrome:=======CHR HomePage: Default -> hxxp://[URL='http://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M6B28D639-C3C9-4AA4-9101-5569EB60963F&SearchSource=55&CUI=&UM=8&UP=SP81A83540-EA57-4934-A67F-0B359EB426B6&D=081115&SSPV=SP301081TA_sp_ch']www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M6B28D639-C3C9-4AA4-9101-5569EB60963F&SearchSource=55&CUI=&UM=8&UP=SP81A83540-EA57-4934-A67F-0B359EB426B6&D=081115&SSPV=SP301081TA_sp_ch[/URL]CHR StartupUrls: Default -> "hxxp://[URL='http://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M6B28D639-C3C9-4AA4-9101-5569EB60963F&SearchSource=55&CUI=&UM=8&UP=SP81A83540-EA57-4934-A67F-0B359EB426B6&D=081115&SSPV=SP301081TA_sp_ch']www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M6B28D639-C3C9-4AA4-9101-5569EB60963F&SearchSource=55&CUI=&UM=8&UP=SP81A83540-EA57-4934-A67F-0B359EB426B6&D=081115&SSPV=SP301081TA_sp_ch[/URL]"CHR Profile: C:\Users\jacky\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-18]CHR Extension: (Google Docs) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-18]CHR Extension: (Google Drive) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]CHR Extension: (YouTube) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]CHR Extension: (Google Search) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-18]CHR Extension: (Google Sheets) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-18]CHR Extension: (Google Docs Offline) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-18]CHR Extension: (AdBlock) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-14]CHR Extension: (Totoro Rainy Day) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiagjknjjfockcklibjlfdojojaffff [2015-09-24]CHR Extension: (Chrome Web Store Payments) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-18]CHR Extension: (Gmail) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-18]==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2836056 2015-09-09] (Microsoft Corporation)S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-10-19] (SurfRight B.V.)S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [509192 2014-09-02] (Hewlett-Packard Development Company, L.P.)S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-11-26] (Intel Corporation)S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-09-03] (Intel Corporation)S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3568840 2015-08-16] (INCA Internet Co., Ltd.)S2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-18] (Realtek Semiconductor)S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-09-17] (Synaptics Incorporated)S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-12-09] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-12-09] (Microsoft Corporation)===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-22] (Malwarebytes)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-08-19] (Realtek Semiconductor Corp.)R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3593432 2014-10-08] (Realtek Semiconductor Corporation                           )R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2014-09-17] (Synaptics Incorporated)S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2014-12-09] (Microsoft Corporation)R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [257880 2014-12-09] (Microsoft Corporation)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-12-09] (Microsoft Corporation)R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-10-22 22:49 - 2015-10-22 22:50 - 00013240 _____ C:\Users\jacky\Downloads\FRST.txt2015-10-22 22:49 - 2015-10-22 22:49 - 00000000 ____D C:\FRST2015-10-22 22:48 - 2015-10-22 22:48 - 02196480 _____ (Farbar) C:\Users\jacky\Downloads\FRST64.exe2015-10-22 01:42 - 2015-10-22 01:42 - 00000000 ____D C:\Users\jacky\Downloads\YandereSimOct18th2015-10-22 01:08 - 2015-10-22 07:38 - 553506348 _____ C:\Users\jacky\Downloads\YandereSimOct18th.rar2015-10-21 18:16 - 2015-10-21 18:21 - 483370462 _____ C:\Users\jacky\Downloads\YanSimMay25th_Version_2.rar2015-10-21 13:40 - 2015-10-21 18:23 - 00000000 ____D C:\Users\jacky\AppData\Local\tyranoscript2015-10-21 13:39 - 2015-10-21 13:39 - 00000000 ____D C:\Users\jacky\AppData\Roaming\WinRAR2015-10-21 13:39 - 2015-10-21 13:39 - 00000000 ____D C:\Users\jacky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR2015-10-21 13:39 - 2015-10-21 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR2015-10-21 13:39 - 2015-10-21 13:39 - 00000000 ____D C:\Program Files (x86)\WinRAR2015-10-21 13:38 - 2015-10-21 13:38 - 01762840 _____ C:\Users\jacky\Downloads\wrar521 (1).exe2015-10-21 13:09 - 2015-10-21 13:14 - 72104416 _____ C:\Users\jacky\Downloads\Yansim-0.3-Win-fix (1).rar2015-10-21 12:15 - 2015-10-21 12:17 - 72104416 _____ C:\Users\jacky\Downloads\Yansim-0.3-Win-fix.rar2015-10-19 01:41 - 2015-10-19 01:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2015-10-19 01:41 - 2015-10-19 01:41 - 00000000 ____D C:\Program Files\HitmanPro2015-10-19 01:40 - 2015-10-19 01:50 - 00000000 ____D C:\ProgramData\HitmanPro2015-10-19 01:40 - 2015-10-19 01:41 - 11336600 _____ (SurfRight B.V.) C:\Users\jacky\Downloads\HitmanPro_x64.exe2015-10-19 01:38 - 2015-10-19 01:39 - 10357568 _____ (SurfRight B.V.) C:\Users\jacky\Downloads\HitmanPro.exe2015-10-19 01:35 - 2015-10-22 20:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-10-19 01:35 - 2015-10-19 01:35 - 00001085 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-10-19 01:35 - 2015-10-19 01:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-10-19 01:35 - 2015-10-19 01:35 - 00000000 ____D C:\ProgramData\Malwarebytes2015-10-19 01:35 - 2015-10-19 01:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-10-19 01:35 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys2015-10-19 01:35 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-10-19 01:35 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys2015-10-19 01:33 - 2015-10-19 01:33 - 00224968 _____ (ESET) C:\Users\jacky\Downloads\ESETPoweliksCleaner (1).exe2015-10-19 01:33 - 2015-10-19 01:33 - 00008548 _____ C:\Users\jacky\Downloads\ESETPoweliksCleaner (1).exe_20151019.013309.3324.log2015-10-19 01:33 - 2015-10-19 01:33 - 00000022 _____ C:\Users\jacky\Downloads\ESETPoweliksCleaner (1).exe_20151019.013309.3324.zip2015-10-19 01:30 - 2015-10-19 01:31 - 00008548 _____ C:\Users\jacky\Downloads\ESETPoweliksCleaner.exe_20151019.013039.2320.log2015-10-19 01:30 - 2015-10-19 01:30 - 00224968 _____ (ESET) C:\Users\jacky\Downloads\ESETPoweliksCleaner.exe2015-10-19 01:30 - 2015-10-19 01:30 - 00000022 _____ C:\Users\jacky\Downloads\ESETPoweliksCleaner.exe_20151019.013039.2320.zip2015-10-17 03:20 - 2015-10-17 03:24 - 57060681 _____ (BlueStack Systems Inc.) C:\Users\jacky\Downloads\Unconfirmed 170699.crdownload2015-10-09 16:20 - 2015-10-09 16:20 - 00003226 _____ C:\Windows\System32\Tasks\{0DF7C4E9-CA8A-4E67-A0FC-41E6CF405B77}2015-10-09 15:43 - 2015-10-09 15:54 - 274585064 _____ (BlueStack Systems Inc.) C:\Users\jacky\Downloads\BlueStacks-Installer_native.exe2015-10-02 14:05 - 2015-10-02 14:05 - 00000000 ____D C:\ProgramData\Microsoft OneDrive2015-10-02 14:05 - 2015-07-17 09:51 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll2015-10-02 14:05 - 2015-07-17 09:51 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:51 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:51 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:51 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:51 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:51 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:51 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:51 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:51 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:51 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:51 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:51 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:51 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:51 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:51 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:47 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll2015-10-02 14:05 - 2015-07-17 09:47 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:47 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:47 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:47 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:47 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:47 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:47 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:47 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:47 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:47 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:47 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:47 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:47 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:47 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll2015-10-02 14:05 - 2015-07-17 09:47 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll2015-10-02 13:57 - 2015-10-02 13:57 - 00002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk2015-10-02 13:57 - 2015-10-02 13:57 - 00002402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk2015-10-02 13:57 - 2015-10-02 13:57 - 00002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk2015-10-02 13:57 - 2015-10-02 13:57 - 00002365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk2015-10-02 13:57 - 2015-10-02 13:57 - 00002359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk2015-10-02 13:57 - 2015-10-02 13:57 - 00002353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk2015-10-02 13:57 - 2015-10-02 13:57 - 00002345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk2015-10-02 13:57 - 2015-10-02 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools2015-10-02 13:51 - 2015-10-02 13:51 - 00000000 ____D C:\Program Files\Microsoft Office 152015-10-02 13:50 - 2015-10-02 13:51 - 02875456 _____ (Microsoft Corporation) C:\Users\jacky\Downloads\Setup.X86.en-US_O365HomePremRetail_54793ad7-4cf2-415d-9335-2b436d7aeabb_TX_PR_.exe2015-09-29 23:05 - 2015-09-29 23:05 - 00000000 ____D C:\Users\jacky\AppData\Roaming\Tera_Awesomium2015-09-28 23:49 - 2015-10-01 07:47 - 00000940 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk2015-09-28 23:49 - 2015-10-01 07:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE2015-09-28 23:49 - 2015-09-28 23:49 - 00000934 _____ C:\Users\Public\Desktop\LINE.lnk2015-09-28 23:49 - 2015-09-28 23:49 - 00000000 ____D C:\Users\jacky\AppData\Local\LINE2015-09-28 23:48 - 2015-09-28 23:48 - 00000000 ____D C:\Program Files (x86)\LINE2015-09-28 23:43 - 2015-09-28 23:43 - 28198424 _____ (LINE Corporation) C:\Users\jacky\Downloads\LineInst.exe2015-09-28 23:43 - 2015-09-28 23:43 - 28198424 _____ (LINE Corporation) C:\Users\jacky\Downloads\LineInst (1).exe2015-09-27 22:16 - 2015-10-17 04:01 - 00000000 ____D C:\ProgramData\BlueStacksSetup2015-09-27 22:15 - 2015-09-27 22:16 - 14634624 _____ (BlueStack Systems Inc.) C:\Users\jacky\Downloads\ThinInstaller_native.exe2015-09-24 08:16 - 2015-09-24 08:16 - 00001760 _____ C:\Users\jacky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elsword.lnk==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-10-22 22:20 - 2015-09-18 16:15 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-10-22 22:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru2015-10-22 20:00 - 2015-09-18 16:12 - 01240705 _____ C:\Windows\WindowsUpdate.log2015-10-22 19:20 - 2015-05-07 23:10 - 00064274 _____ C:\Windows\SysWOW64\Gms.log2015-10-19 02:19 - 2015-09-18 16:16 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1190272223-2719381043-2969044305-10012015-10-19 00:48 - 2015-09-18 16:12 - 00000000 ___RD C:\Users\jacky\OneDrive2015-10-18 20:21 - 2015-09-18 16:15 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-10-18 20:19 - 2015-09-18 16:10 - 00000000 ____D C:\Users\jacky2015-10-18 20:19 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-10-18 20:19 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI2015-10-17 23:48 - 2014-12-09 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support2015-10-17 23:48 - 2014-12-09 23:34 - 00000000 ____D C:\ProgramData\Hewlett-Packard2015-10-17 23:48 - 2014-12-09 23:23 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard2015-10-17 23:47 - 2015-09-18 18:38 - 00000000 ____D C:\Users\jacky\AppData\Roaming\hpqlog2015-10-17 04:24 - 2013-08-22 11:36 - 00000000 __RHD C:\Users\Public\Libraries2015-10-16 16:29 - 2015-09-18 16:58 - 00000000 ____D C:\Program Files (x86)\Steam2015-10-15 23:22 - 2015-09-18 16:16 - 00002170 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-10-14 02:40 - 2015-09-18 18:49 - 00000000 ___RD C:\Program Files (x86)\Skype2015-10-14 02:40 - 2014-12-09 23:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools2015-10-14 02:39 - 2015-09-18 16:13 - 00000000 ____D C:\Users\jacky\Documents\Youcam2015-10-14 02:33 - 2015-05-07 23:30 - 00000000 ____D C:\ProgramData\McAfee2015-10-14 02:33 - 2013-08-22 10:44 - 00490856 _____ C:\Windows\system32\FNTCACHE.DAT2015-10-14 02:32 - 2014-03-18 05:44 - 00006934 _____ C:\Windows\PFRO.log2015-10-14 02:28 - 2015-09-18 22:19 - 00000000 ____D C:\Windows\System32\Tasks\McAfee2015-10-14 02:28 - 2014-12-09 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection2015-10-14 02:28 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\ELAMBKUP2015-10-14 02:28 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM2015-10-13 02:09 - 2015-09-18 16:10 - 00000000 ____D C:\Users\jacky\AppData\Local\Packages2015-10-04 13:42 - 2014-12-09 23:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Office2015-10-03 12:01 - 2015-09-18 16:11 - 00000000 ____D C:\Users\jacky\AppData\Local\VirtualStore2015-10-03 01:11 - 2015-09-18 18:49 - 00000000 ____D C:\Users\jacky\AppData\Roaming\Skype2015-10-02 14:05 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp2015-10-02 13:51 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared2015-10-01 20:32 - 2015-09-18 20:18 - 00000000 ____D C:\Users\jacky\AppData\Roaming\LolClient==================== Files in the root of some directories =======2015-09-20 22:20 - 2014-04-16 18:08 - 0658000 _____ (WildTangent, Inc.) C:\ProgramData\uninstall1202546.exeFiles to move or delete:====================C:\ProgramData\uninstall1202546.exeSome files in TEMP:====================C:\Users\jacky\AppData\Local\Temp\McCSPInstall.dllC:\Users\jacky\AppData\Local\Temp\mccspuninstall.exe==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-10-16 16:40==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01Ran by jacky (2015-10-22 22:50:28)Running from C:\Users\jacky\DownloadsWindows 8.1 (X64) (2015-09-18 20:10:37)Boot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-1190272223-2719381043-2969044305-500 - Administrator - Disabled)Guest (S-1-5-21-1190272223-2719381043-2969044305-501 - Limited - Disabled)jacky (S-1-5-21-1190272223-2719381043-2969044305-1001 - Administrator - Enabled) => C:\Users\jacky==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.3.5715 - CyberLink Corp.)Cyberlink PhotoDirector (Version: 5.0.3.5715 - CyberLink Corp.) HiddenCyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4505 - CyberLink Corp.)CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.1.0903 - CyberLink Corp.)CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2.3324 - CyberLink Corp.)CyberLink PowerDirector 12 (Version: 12.0.2.3324 - CyberLink Corp.) HiddenCyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4523 - CyberLink Corp.)DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) HiddenElsword version v5.0909.6.1 (HKLM-x32\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: v5.0909.6.1 - KOGGAMES)Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)Foxit PhantomPDF (HKLM-x32\...\{89BF1D4D-1D62-451E-9496-B971BDE82720}) (Version: 6.0.33.715 - Foxit Corporation)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) HiddenHewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.250 - SurfRight B.V.)HP Documentation (HKLM-x32\...\{EA7EA537-8F93-42A2-9384-66E7F049E6B0}) (Version: 1.4.0.0 - Hewlett-Packard)HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)HP System Event Utility (HKLM-x32\...\{F12B17AB-FCDA-4380-9D35-E3F871BF1093}) (Version: 1.2.6 - Hewlett-Packard Company)HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)Inst5675 (Version: 8.01.11 - Softex Inc.) HiddenInst5676 (Version: 8.01.11 - Softex Inc.) HiddenIntel(R) Chipset Device Software (x32 Version: 10.0.21 - Intel(R) Corporation) HiddenIntel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4013 - Intel Corporation)Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)Intel(R) Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation)League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)League of Legends (x32 Version: 3.0.1 - Riot Games) HiddenLINE (HKLM-x32\...\LINE) (Version: 4.1.3.586 - LINE Corporation)Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.4229.1024 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.4229.1024 - Microsoft Corporation) HiddenOffice 16 Click-to-Run Licensing Component (Version: 16.0.4229.1024 - Microsoft Corporation) HiddenOffice 16 Click-to-Run Localization Component (x32 Version: 16.0.4229.1024 - Microsoft Corporation) HiddenRealtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29082 - Realtek Semiconductor Corp.)Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.35.716.2014 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7335 - Realtek Semiconductor Corp.)REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.38 - REALTEK Semiconductor Corp.)Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.20 - Synaptics Incorporated)TERA (HKLM-x32\...\Steam App 323370) (Version:  - Bluehole Inc.)WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== Restore Points =========================02-10-2015 14:03:37 Windows Update09-10-2015 13:21:07 Removed BlueStacks Notification Center14-10-2015 02:30:52 Removed 7-Zip 9.20 (x64 edition)17-10-2015 04:22:30 Removed BlueStacks App Player==================== Hosts content: ===============================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {13C8E120-B4CF-4E11-A209-CFDB825DAE46} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-09-23] (CyberLink Corp.)Task: {1F1C37D6-1730-47AF-993E-33679B5105FC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09] ()Task: {340B4EF9-7BF2-4FF3-8977-1A0F951017DA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-10-02] (Microsoft Corporation)Task: {39AF9897-C02D-4EB8-8B4A-549D052B4D34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-18] (Google Inc.)Task: {4BD0499E-8FF7-4EF1-A474-8036177D72AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exeTask: {4FC10CFB-69FA-4E48-A3CA-6D1102DC7A38} - System32\Tasks\{0DF7C4E9-CA8A-4E67-A0FC-41E6CF405B77} => pcalua.exe -a C:\Users\jacky\AppData\Local\Temp\7zS8CC7.tmp\MicroInstallerNative.exe -d C:\Users\jacky\AppData\Local\Temp\7zS8CC7.tmpTask: {A9F43AE2-8A3C-4A3B-8BEA-2BAC2D499E24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-18] (Google Inc.)Task: {ACD61E96-5E08-4E68-93C5-BAF2B22CF8F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exeTask: {B1F2E80E-30C0-400B-8E63-62E280C3501E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09] ()Task: {EBC52DE5-335C-4AA0-9588-5211116B06C0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-09-09] (Microsoft Corporation)Task: {FE1426EC-A38D-4497-8C03-70CF2F98999E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-09-09] (Microsoft Corporation)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe==================== Loaded Modules (Whitelisted) ==============2015-10-02 13:57 - 2015-10-02 13:57 - 08901800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll2014-09-03 14:03 - 2014-09-03 14:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll2015-10-15 23:22 - 2015-10-08 20:53 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libglesv2.dll2015-10-15 23:22 - 2015-10-08 20:53 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libegl.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)AlternateDataStreams: C:\Users\jacky\OneDrive:ms-properties==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-1190272223-2719381043-2969044305-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpgDNS Servers: 192.168.1.1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)HKU\S-1-5-21-1190272223-2719381043-2969044305-1001\...\StartupApproved\Run: => "Skype"HKU\S-1-5-21-1190272223-2719381043-2969044305-1001\...\StartupApproved\Run: => "Steam"==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{7843116A-3708-405C-9A7F-9D07E58C6D2E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exeFirewallRules: [{C64BFFC3-55F7-456F-BCB3-B5AA418ADF38}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exeFirewallRules: [{3EB060A9-1267-4032-8AE3-9EBF7E287BAF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exeFirewallRules: [{CE6B49E9-2626-486B-8C19-9C8F216E2B4D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exeFirewallRules: [{C32166AA-4149-4C09-9F7F-657D714B2D3C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exeFirewallRules: [{3F24EB19-E556-4C71-94F4-C492288C0632}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exeFirewallRules: [{C9CC192A-E874-4463-9250-C56D259FBBFB}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXEFirewallRules: [{8B1D748A-F209-41B6-BBE4-10AA46E3E544}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exeFirewallRules: [{8C0E3544-D438-4FB2-8B23-89D7CA79303C}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exeFirewallRules: [{474DEEF8-3073-4EB1-B12A-8CE80BEFA47A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{92CF8F4C-8DFF-4846-9321-3C5F1BD50F28}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{856D8393-612A-4AC0-BE3C-4261E8961379}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{6071F985-F99D-465E-B857-543B8B6013A4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{FE060509-E304-449C-8A9E-A3911691F7FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exeFirewallRules: [{C595949B-9F3C-4B0E-8C43-97C08C3476D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exeFirewallRules: [{DC673C99-60AA-4DB6-89C4-7CFDCB43A2FB}] => (Allow) C:\Program Files (x86)\LINE\LINE.exeFirewallRules: [{ED6FFA65-0F79-4C1E-8352-13552998429A}] => (Allow) C:\Program Files (x86)\LINE\LINE.exeFirewallRules: [{8F265F0F-AE26-47AF-9ABA-26A25C3CBE42}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exeFirewallRules: [{9FCCDA8E-74C5-423B-B4A6-8C4CCCD00F60}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [{A738BB1C-4C46-4DD6-82CB-3E8129F926FF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe==================== Faulty Device Manager Devices =============Name: CDC SerialDescription: CDC SerialClass Guid:Manufacturer:Service:Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.Name: hp DVDRW  GUB0NDescription: CD-ROM DriveClass Guid: {4d36e965-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard CD-ROM drives)Service: cdromProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.==================== Event log errors: =========================Application errors:==================Error: (10/22/2015 05:29:41 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )Description: Subscription licensing service failed: -1073418220Error: (10/22/2015 07:37:58 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 3e88Start Time: 01d10c8f188c8425Termination Time: 4294967295Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exeReport Id: 55f8e676-78b1-11e5-8260-480fcf6ec728Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweFaulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1Error: (10/21/2015 09:34:40 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program rads_user_kernel.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 2218Start Time: 01d10c69bd37aa21Termination Time: 4294967295Application Path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeReport Id: 0f9e6b3b-785d-11e5-8260-480fcf6ec728Faulting package full name:Faulting package-relative application ID:Error: (10/21/2015 09:34:18 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program rads_user_kernel.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 2218Start Time: 01d10c69bd37aa21Termination Time: 4294967295Application Path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeReport Id: 00d2906f-785d-11e5-8260-480fcf6ec728Faulting package full name:Faulting package-relative application ID:Error: (10/21/2015 09:12:38 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (10/21/2015 09:12:38 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (10/21/2015 09:06:47 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (10/21/2015 09:06:46 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (10/21/2015 06:14:16 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: YanSim.exe, version: 0.0.0.0, time stamp: 0x534decc7Faulting module name: YanSim.exe, version: 0.0.0.0, time stamp: 0x534decc7Exception code: 0x80000003Fault offset: 0x003360e0Faulting process id: 0x2f08Faulting application start time: 0xYanSim.exe0Faulting application path: YanSim.exe1Faulting module path: YanSim.exe2Report Id: YanSim.exe3Faulting package full name: YanSim.exe4Faulting package-relative application ID: YanSim.exe5Error: (10/21/2015 06:14:06 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: YanSim.exe, version: 0.0.0.0, time stamp: 0x534decc7Faulting module name: YanSim.exe, version: 0.0.0.0, time stamp: 0x534decc7Exception code: 0x80000003Fault offset: 0x003360e0Faulting process id: 0x2640Faulting application start time: 0xYanSim.exe0Faulting application path: YanSim.exe1Faulting module path: YanSim.exe2Report Id: YanSim.exe3Faulting package full name: YanSim.exe4Faulting package-relative application ID: YanSim.exe5System errors:=============Error: (10/22/2015 10:41:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The  HP SimplePass Service service terminated unexpectedly.  It has done this 1 time(s).Error: (10/22/2015 10:41:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly.  It has done this 3 time(s).Error: (10/22/2015 10:40:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.Error: (10/22/2015 10:15:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.Error: (10/22/2015 08:11:54 AM) (Source: DCOM) (EventID: 10010) (User: FURRY)Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}Error: (10/22/2015 07:44:41 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}Error: (10/21/2015 05:35:06 PM) (Source: DCOM) (EventID: 10010) (User: FURRY)Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}Error: (10/21/2015 11:05:32 AM) (Source: DCOM) (EventID: 10010) (User: FURRY)Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}Error: (10/21/2015 10:05:33 AM) (Source: DCOM) (EventID: 10010) (User: FURRY)Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}Error: (10/21/2015 09:47:38 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}==================== Memory info ===========================Processor: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHzPercentage of memory in use: 31%Total physical RAM: 6059.39 MBAvailable physical RAM: 4144.4 MBTotal Virtual: 7211.39 MBAvailable Virtual: 4458.61 MB==================== Drives ================================Drive c: (Windows) (Fixed) (Total:672.1 GB) (Free:578.65 GB) NTFSDrive d: (RECOVERY) (Fixed) (Total:25.52 GB) (Free:2.86 GB) NTFS ==>[system with boot components (obtained from drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 698.6 GB) (Disk ID: E85455D1)Partition: GPT.==================== End of Addition.txt ============================[/CODE]</blockquote>

Verification

Top