Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-07-2016 Ran by JLyn (2016-07-21 21:29:45) Running from C:\Users\JLyn\Desktop Microsoft Windows 8.1 with Bing (Update) (X86) (2016-02-23 17:13:12) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3520924193-2044853642-1748884499-500 - Administrator - Disabled) Guest (S-1-5-21-3520924193-2044853642-1748884499-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3520924193-2044853642-1748884499-1003 - Limited - Enabled) JLyn (S-1-5-21-3520924193-2044853642-1748884499-1001 - Administrator - Enabled) => C:\Users\JLyn ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) CleanBrowser (HKLM\...\CleanBrowser) (Version: - ) <==== ATTENTION Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden groover (HKLM\...\{F2772BA7-2152-4E33-9859-5C8D35F5D861}) (Version: 2.0.0.478 - groover) <==== ATTENTION kxaccel-1.0.13.20-win8-x86 (HKLM\...\{4BE64DB8-771F-42D0-B120-EFB738C40215}) (Version: 1.0.13.20 - Kionix) Men Of War: Assault Squad GOTY Demo (HKLM\...\Steam App 207770) (Version: - Digitalmindsoft) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7070.2026 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3520924193-2044853642-1748884499-1001\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) NetStream (HKLM\...\NetStream) (Version: - ) Note-up (HKLM\...\Note-up) (Version: - Note-up) <==== ATTENTION Note-UP (HKLM\...\NUIns) (Version: - QUAHOG LIMITED) <==== ATTENTION NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (Version: 16.0.7030.1016 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7030.1016 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (Version: 16.0.7030.1016 - Microsoft Corporation) Hidden s5mark (HKLM\...\s5mark) (Version: 2.0.2 - s5mark) <==== ATTENTION Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.21 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.) Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Windows Driver Package - Kionix, Inc. (kxspb) Sensor I/O devices (06/26/2014 1.2.6.3) (HKLM\...\9B850DEC9F528A80EF96519B4987C5F90EF303B8) (Version: 06/26/2014 1.2.6.3 - Kionix, Inc.) Windows Driver Package - Kionix, Inc. (WUDFRd) Sensor (06/26/2014 1.0.13.20) (HKLM\...\A29252E022AC11B53F70404D9A02C2B623F7A4BB) (Version: 06/26/2014 1.0.13.20 - Kionix, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3520924193-2044853642-1748884499-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\JLyn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuthLib.dll () CustomCLSID: HKU\S-1-5-21-3520924193-2044853642-1748884499-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0D58A665-6B92-429E-AF83-B66C3ED0594D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-04] (Microsoft Corporation) Task: {46AC6983-FACE-4ECF-B4D1-9D362097D25C} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION Task: {7164AB20-3AF2-4571-AB84-B56F2D26946F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-04] (Microsoft Corporation) Task: {7326C0A7-CEF1-4F3A-A363-F7951D907369} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION Task: {884E689F-F832-44D6-BCC8-DB8CFDCD75A9} - \{35EB43BE-DCF4-0D78-59EB-0D17D864E85D} -> No File <==== ATTENTION Task: {8AE5DF43-BC2F-4F54-A660-AB34A2603981} - \Optimize Start Menu Cache Files-S-1-5-21-3520924193-2044853642-1748884499-500 -> No File <==== ATTENTION Task: {AA6AEB79-7250-4A35-92D3-9F1E9A6F9AE2} - System32\Tasks\2ae877468b564e445daaea9ec08b3cf1 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\WINDOWS\2ae877468b564e445daaea9ec08b3cf1.ps1 <==== ATTENTION Task: {ADE85178-8081-465B-BA58-4349B3C7DD5E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-07-20] (Microsoft Corporation) Task: {AE0B7FCB-3B2B-4E78-9EB5-7A6DDFFD4C51} - \Microsoft OneDrive Auto Update Task-S-1-5-21-3520924193-2044853642-1748884499-1001 -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\JLyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic ShortcutWithArgument: C:\Users\JLyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic ==================== Loaded Modules (Whitelisted) ============== 2016-05-26 17:38 - 2016-05-26 17:38 - 00679624 _____ () C:\Users\JLyn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2016-07-05 20:45 - 2016-04-29 16:10 - 00785920 ____C () C:\Program Files\Steam\SDL2.dll 2016-07-05 20:45 - 2015-07-03 12:12 - 04962816 ____C () C:\Program Files\Steam\v8.dll 2016-07-05 20:45 - 2016-07-08 21:06 - 02317904 ____C () C:\Program Files\Steam\video.dll 2016-07-05 20:45 - 2015-07-03 12:12 - 01556992 ____C () C:\Program Files\Steam\icui18n.dll 2016-07-05 20:45 - 2015-07-03 12:12 - 01187840 ____C () C:\Program Files\Steam\icuuc.dll 2016-07-05 20:44 - 2016-02-08 19:14 - 02549760 ____C () C:\Program Files\Steam\libavcodec-56.dll 2016-07-05 20:44 - 2016-02-08 19:14 - 00491008 ____C () C:\Program Files\Steam\libavformat-56.dll 2016-07-05 20:44 - 2016-02-08 19:14 - 00332800 ____C () C:\Program Files\Steam\libavresample-2.dll 2016-07-05 20:44 - 2016-02-08 19:14 - 00442880 ____C () C:\Program Files\Steam\libavutil-54.dll 2016-07-05 20:44 - 2016-02-08 19:14 - 00485888 ____C () C:\Program Files\Steam\libswscale-3.dll 2016-07-05 20:45 - 2016-07-08 21:06 - 00829520 ____C () C:\Program Files\Steam\bin\chromehtml.DLL 2016-07-05 20:44 - 2016-07-06 18:00 - 00266560 ____C () C:\Program Files\Steam\openvr_api.dll 2016-07-05 20:44 - 2016-06-14 15:14 - 49826080 ____C () C:\Program Files\Steam\bin\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdp32.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdp32.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 02:13 - 2016-07-20 09:42 - 00001006 ___AC C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3520924193-2044853642-1748884499-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\JLyn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 104.197.191.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [TCP Query User{DEC2B65A-1DEC-4737-BD11-931EE2B3C5A3}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe FirewallRules: [UDP Query User{1CFC606D-33F7-4758-961B-8E09D469F81F}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe FirewallRules: [{87EB821E-1902-4430-A28C-C6942300DD44}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{16A85F1E-3445-477C-AB9D-E7D26A862812}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{0F8B019F-5399-493F-9E7D-4C7BB99355DA}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{1EA5C1FA-FA0B-4087-9D4E-88C77363D1BF}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{6A2E0C8E-F860-4200-AF2A-734B35D9553B}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe FirewallRules: [{FC4FA182-4056-457C-B612-675A3C4623CE}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe FirewallRules: [{CC0A748F-296C-4695-B4F1-88CBC5D58E6F}] => (Allow) C:\Program Files\Steam\steamapps\common\Men Of War Assault Squad GOTY Demo\mow_assault_squad.exe FirewallRules: [{60B9B721-8B96-4828-AD49-2E8F0DBD5E94}] => (Allow) C:\Program Files\Steam\steamapps\common\Men Of War Assault Squad GOTY Demo\mow_assault_squad.exe FirewallRules: [{6B11F487-B5B0-4559-B9D6-1EE0C2D4A9AA}] => (Allow) C:\Users\JLyn\AppData\Local\ddnowyes4.exe FirewallRules: [{0C9B7879-D568-4901-B5E2-D26CEDFD4E2B}] => (Allow) C:\Users\JLyn\AppData\Local\Temp\nsb6719.tmp\oksoft12.exe FirewallRules: [{2B8E2856-4979-4CFD-A20B-F7B365642A9F}] => (Allow) C:\Users\JLyn\AppData\Local\70208145.exe FirewallRules: [{3DFD0EC6-3F70-452D-86D4-F4B65FAA50B0}] => (Allow) C:\Users\JLyn\AppData\Local\tinstall4.exe FirewallRules: [{F0265926-381A-4B97-912E-DE0F06766E9B}] => (Allow) C:\Users\JLyn\AppData\Local\cap4.exe FirewallRules: [{C56BEE8D-F228-4027-A7ED-AE1D72802A02}] => (Allow) C:\Users\JLyn\AppData\Local\ddnow.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/21/2016 05:14:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3643, time stamp: 0x53967e1c Faulting module name: igfxCUIService.exe, version: 6.15.10.3643, time stamp: 0x53967e1c Exception code: 0xc0000005 Fault offset: 0x0000f872 Faulting process id: 0x4b0 Faulting application start time: 0xigfxCUIService.exe0 Faulting application path: igfxCUIService.exe1 Faulting module path: igfxCUIService.exe2 Report Id: igfxCUIService.exe3 Faulting package full name: igfxCUIService.exe4 Faulting package-relative application ID: igfxCUIService.exe5 Error: (07/21/2016 05:11:31 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY) Description: Event filter with query "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'" could not be reactivated in namespace "//./root" because of error 0x80041033. Events cannot be delivered through this filter until the problem is corrected. Error: (07/21/2016 05:11:31 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root namespace does not exist. The query will be ignored. Error: (07/21/2016 05:11:31 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored. Error: (07/21/2016 05:11:31 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/subscription namespace does not exist. The query will be ignored. Error: (07/21/2016 05:11:31 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root namespace does not exist. The query will be ignored. Error: (07/21/2016 05:11:31 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored. Error: (07/21/2016 05:11:31 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root/subscription namespace does not exist. The query will be ignored. Error: (07/21/2016 05:11:31 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider $Core attempted to register query "select * from __NamespaceOperationEvent" whose target class "__NamespaceOperationEvent" in //./root namespace does not exist. The query will be ignored. Error: (07/21/2016 05:11:31 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider $Core attempted to register query "select * from __NamespaceOperationEvent" whose target class "__NamespaceOperationEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored. System errors: ============= Error: (07/21/2016 08:38:30 PM) (Source: DCOM) (EventID: 10010) (User: DARTHMAUL) Description: {14286318-B6CF-49A1-81FC-D74AD94902F9} Error: (07/21/2016 08:30:45 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error Code: 126 Error: (07/21/2016 05:17:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The 55218e6f4f23000c941bd2cd54b2b717 service terminated unexpectedly. It has done this 1 time(s). Error: (07/21/2016 05:17:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error Code: 126 Error: (07/21/2016 05:17:46 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 5:14:18 PM on ‎7/‎21/‎2016 was unexpected. Error: (07/21/2016 05:14:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error: %%2147500037 = Unspecified error Error: (07/21/2016 05:14:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error Code: 126 Error: (07/21/2016 05:09:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error Code: 126 Error: (07/21/2016 03:59:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error Code: 126 Error: (07/21/2016 03:58:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error Code: 126 ==================== Memory info =========================== Processor: Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz Percentage of memory in use: 66% Total physical RAM: 1986.86 MB Available physical RAM: 657.8 MB Total Virtual: 3138.86 MB Available Virtual: 1439.64 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:23.53 GB) (Free:7.11 GB) NTFS Drive d: () (Removable) (Total:14.45 GB) (Free:14.38 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 29.1 GB) (Disk ID: 5A02556E) Partition: GPT. ======================================================== Disk: 1 (Size: 14.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================