Malware, computer lag. Need help.

Status
Not open for further replies.
PleaseHelpMe

PleaseHelpMe

New Member
Thread author
Oct 19, 2015
5
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
Ran by jacky (administrator) on FURRY (22-10-2015 22:49:55)
Running from C:\Users\jacky\Downloads
Loaded Profiles: jacky (Available Profiles: jacky)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-01] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-09-17] (Synaptics Incorporated)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [507144 2014-09-02] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-1190272223-2719381043-2969044305-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2901584 2015-10-14] (Valve Corporation)
HKU\S-1-5-21-1190272223-2719381043-2969044305-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55357464 2015-09-04] (Skype Technologies S.A.)
HKU\S-1-5-21-1190272223-2719381043-2969044305-1001\...\Run: [GoogleChromeAutoLaunch_D12A46AC425B1E984F072A5148D1C0EC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-08] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C78ED941-CEC5-4BFA-998C-A274F83CE1C2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-1190272223-2719381043-2969044305-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-1190272223-2719381043-2969044305-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {55D08683-B376-4A30-869A-BC6E731AA2D0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1190272223-2719381043-2969044305-1001 -> {55D08683-B376-4A30-869A-BC6E731AA2D0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-10-02] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-10-02] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-02] (Microsoft Corporation)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M6B28D639-C3C9-4AA4-9101-5569EB60963F&SearchSource=55&CUI=&UM=8&UP=SP81A83540-EA57-4934-A67F-0B359EB426B6&D=081115&SSPV=SP301081TA_sp_ch
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M6B28D639-C3C9-4AA4-9101-5569EB60963F&SearchSource=55&CUI=&UM=8&UP=SP81A83540-EA57-4934-A67F-0B359EB426B6&D=081115&SSPV=SP301081TA_sp_ch"
CHR Profile: C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-18]
CHR Extension: (Google Docs) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-18]
CHR Extension: (Google Drive) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-18]
CHR Extension: (Google Sheets) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-18]
CHR Extension: (Google Docs Offline) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-18]
CHR Extension: (AdBlock) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-14]
CHR Extension: (Totoro Rainy Day) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiagjknjjfockcklibjlfdojojaffff [2015-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-18]
CHR Extension: (Gmail) - C:\Users\jacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2836056 2015-09-09] (Microsoft Corporation)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-10-19] (SurfRight B.V.)
S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [509192 2014-09-02] (Hewlett-Packard Development Company, L.P.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-11-26] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-09-03] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3568840 2015-08-16] (INCA Internet Co., Ltd.)
S2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-18] (Realtek Semiconductor)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-09-17] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-12-09] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-12-09] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-08-19] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3593432 2014-10-08] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2014-09-17] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2014-12-09] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [257880 2014-12-09] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-12-09] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-22 22:49 - 2015-10-22 22:50 - 00013240 _____ C:\Users\jacky\Downloads\FRST.txt
2015-10-22 22:49 - 2015-10-22 22:49 - 00000000 ____D C:\FRST
2015-10-22 22:48 - 2015-10-22 22:48 - 02196480 _____ (Farbar) C:\Users\jacky\Downloads\FRST64.exe
2015-10-22 01:42 - 2015-10-22 01:42 - 00000000 ____D C:\Users\jacky\Downloads\YandereSimOct18th
2015-10-22 01:08 - 2015-10-22 07:38 - 553506348 _____ C:\Users\jacky\Downloads\YandereSimOct18th.rar
2015-10-21 18:16 - 2015-10-21 18:21 - 483370462 _____ C:\Users\jacky\Downloads\YanSimMay25th_Version_2.rar
2015-10-21 13:40 - 2015-10-21 18:23 - 00000000 ____D C:\Users\jacky\AppData\Local\tyranoscript
2015-10-21 13:39 - 2015-10-21 13:39 - 00000000 ____D C:\Users\jacky\AppData\Roaming\WinRAR
2015-10-21 13:39 - 2015-10-21 13:39 - 00000000 ____D C:\Users\jacky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-21 13:39 - 2015-10-21 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-21 13:39 - 2015-10-21 13:39 - 00000000 ____D C:\Program Files (x86)\WinRAR
2015-10-21 13:38 - 2015-10-21 13:38 - 01762840 _____ C:\Users\jacky\Downloads\wrar521 (1).exe
2015-10-21 13:09 - 2015-10-21 13:14 - 72104416 _____ C:\Users\jacky\Downloads\Yansim-0.3-Win-fix (1).rar
2015-10-21 12:15 - 2015-10-21 12:17 - 72104416 _____ C:\Users\jacky\Downloads\Yansim-0.3-Win-fix.rar
2015-10-19 01:41 - 2015-10-19 01:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-10-19 01:41 - 2015-10-19 01:41 - 00000000 ____D C:\Program Files\HitmanPro
2015-10-19 01:40 - 2015-10-19 01:50 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-19 01:40 - 2015-10-19 01:41 - 11336600 _____ (SurfRight B.V.) C:\Users\jacky\Downloads\HitmanPro_x64.exe
2015-10-19 01:38 - 2015-10-19 01:39 - 10357568 _____ (SurfRight B.V.) C:\Users\jacky\Downloads\HitmanPro.exe
2015-10-19 01:35 - 2015-10-22 20:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-19 01:35 - 2015-10-19 01:35 - 00001085 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-19 01:35 - 2015-10-19 01:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-19 01:35 - 2015-10-19 01:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-19 01:35 - 2015-10-19 01:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-19 01:35 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-19 01:35 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-19 01:35 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-19 01:33 - 2015-10-19 01:33 - 00224968 _____ (ESET) C:\Users\jacky\Downloads\ESETPoweliksCleaner (1).exe
2015-10-19 01:33 - 2015-10-19 01:33 - 00008548 _____ C:\Users\jacky\Downloads\ESETPoweliksCleaner (1).exe_20151019.013309.3324.log
2015-10-19 01:33 - 2015-10-19 01:33 - 00000022 _____ C:\Users\jacky\Downloads\ESETPoweliksCleaner (1).exe_20151019.013309.3324.zip
2015-10-19 01:30 - 2015-10-19 01:31 - 00008548 _____ C:\Users\jacky\Downloads\ESETPoweliksCleaner.exe_20151019.013039.2320.log
2015-10-19 01:30 - 2015-10-19 01:30 - 00224968 _____ (ESET) C:\Users\jacky\Downloads\ESETPoweliksCleaner.exe
2015-10-19 01:30 - 2015-10-19 01:30 - 00000022 _____ C:\Users\jacky\Downloads\ESETPoweliksCleaner.exe_20151019.013039.2320.zip
2015-10-17 03:20 - 2015-10-17 03:24 - 57060681 _____ (BlueStack Systems Inc.) C:\Users\jacky\Downloads\Unconfirmed 170699.crdownload
2015-10-09 16:20 - 2015-10-09 16:20 - 00003226 _____ C:\Windows\System32\Tasks\{0DF7C4E9-CA8A-4E67-A0FC-41E6CF405B77}
2015-10-09 15:43 - 2015-10-09 15:54 - 274585064 _____ (BlueStack Systems Inc.) C:\Users\jacky\Downloads\BlueStacks-Installer_native.exe
2015-10-02 14:05 - 2015-10-02 14:05 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-10-02 14:05 - 2015-07-17 09:51 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-02 14:05 - 2015-07-17 09:51 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:51 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:51 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:51 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:51 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:51 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:51 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:51 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:51 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:51 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:51 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:51 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:51 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:51 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:51 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:47 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-02 14:05 - 2015-07-17 09:47 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:47 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:47 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:47 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:47 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:47 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:47 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:47 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:47 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:47 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:47 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:47 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:47 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:47 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-02 14:05 - 2015-07-17 09:47 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-02 13:57 - 2015-10-02 13:57 - 00002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2015-10-02 13:57 - 2015-10-02 13:57 - 00002402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2015-10-02 13:57 - 2015-10-02 13:57 - 00002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2015-10-02 13:57 - 2015-10-02 13:57 - 00002365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2015-10-02 13:57 - 2015-10-02 13:57 - 00002359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-10-02 13:57 - 2015-10-02 13:57 - 00002353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-10-02 13:57 - 2015-10-02 13:57 - 00002345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-10-02 13:57 - 2015-10-02 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2015-10-02 13:51 - 2015-10-02 13:51 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-02 13:50 - 2015-10-02 13:51 - 02875456 _____ (Microsoft Corporation) C:\Users\jacky\Downloads\Setup.X86.en-US_O365HomePremRetail_54793ad7-4cf2-415d-9335-2b436d7aeabb_TX_PR_.exe
2015-09-29 23:05 - 2015-09-29 23:05 - 00000000 ____D C:\Users\jacky\AppData\Roaming\Tera_Awesomium
2015-09-28 23:49 - 2015-10-01 07:47 - 00000940 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2015-09-28 23:49 - 2015-10-01 07:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2015-09-28 23:49 - 2015-09-28 23:49 - 00000934 _____ C:\Users\Public\Desktop\LINE.lnk
2015-09-28 23:49 - 2015-09-28 23:49 - 00000000 ____D C:\Users\jacky\AppData\Local\LINE
2015-09-28 23:48 - 2015-09-28 23:48 - 00000000 ____D C:\Program Files (x86)\LINE
2015-09-28 23:43 - 2015-09-28 23:43 - 28198424 _____ (LINE Corporation) C:\Users\jacky\Downloads\LineInst.exe
2015-09-28 23:43 - 2015-09-28 23:43 - 28198424 _____ (LINE Corporation) C:\Users\jacky\Downloads\LineInst (1).exe
2015-09-27 22:16 - 2015-10-17 04:01 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-09-27 22:15 - 2015-09-27 22:16 - 14634624 _____ (BlueStack Systems Inc.) C:\Users\jacky\Downloads\ThinInstaller_native.exe
2015-09-24 08:16 - 2015-09-24 08:16 - 00001760 _____ C:\Users\jacky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elsword.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-22 22:20 - 2015-09-18 16:15 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-22 22:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-10-22 20:00 - 2015-09-18 16:12 - 01240705 _____ C:\Windows\WindowsUpdate.log
2015-10-22 19:20 - 2015-05-07 23:10 - 00064274 _____ C:\Windows\SysWOW64\Gms.log
2015-10-19 02:19 - 2015-09-18 16:16 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1190272223-2719381043-2969044305-1001
2015-10-19 00:48 - 2015-09-18 16:12 - 00000000 ___RD C:\Users\jacky\OneDrive
2015-10-18 20:21 - 2015-09-18 16:15 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-18 20:19 - 2015-09-18 16:10 - 00000000 ____D C:\Users\jacky
2015-10-18 20:19 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-18 20:19 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-10-17 23:48 - 2014-12-09 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-10-17 23:48 - 2014-12-09 23:34 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-10-17 23:48 - 2014-12-09 23:23 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-10-17 23:47 - 2015-09-18 18:38 - 00000000 ____D C:\Users\jacky\AppData\Roaming\hpqlog
2015-10-17 04:24 - 2013-08-22 11:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-16 16:29 - 2015-09-18 16:58 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-15 23:22 - 2015-09-18 16:16 - 00002170 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-14 02:40 - 2015-09-18 18:49 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-14 02:40 - 2014-12-09 23:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-10-14 02:39 - 2015-09-18 16:13 - 00000000 ____D C:\Users\jacky\Documents\Youcam
2015-10-14 02:33 - 2015-05-07 23:30 - 00000000 ____D C:\ProgramData\McAfee
2015-10-14 02:33 - 2013-08-22 10:44 - 00490856 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-14 02:32 - 2014-03-18 05:44 - 00006934 _____ C:\Windows\PFRO.log
2015-10-14 02:28 - 2015-09-18 22:19 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2015-10-14 02:28 - 2014-12-09 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-10-14 02:28 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-10-14 02:28 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-10-13 02:09 - 2015-09-18 16:10 - 00000000 ____D C:\Users\jacky\AppData\Local\Packages
2015-10-04 13:42 - 2014-12-09 23:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-10-03 12:01 - 2015-09-18 16:11 - 00000000 ____D C:\Users\jacky\AppData\Local\VirtualStore
2015-10-03 01:11 - 2015-09-18 18:49 - 00000000 ____D C:\Users\jacky\AppData\Roaming\Skype
2015-10-02 14:05 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-10-02 13:51 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-10-01 20:32 - 2015-09-18 20:18 - 00000000 ____D C:\Users\jacky\AppData\Roaming\LolClient

==================== Files in the root of some directories =======

2015-09-20 22:20 - 2014-04-16 18:08 - 0658000 _____ (WildTangent, Inc.) C:\ProgramData\uninstall1202546.exe

Files to move or delete:
====================
C:\ProgramData\uninstall1202546.exe


Some files in TEMP:
====================
C:\Users\jacky\AppData\Local\Temp\McCSPInstall.dll
C:\Users\jacky\AppData\Local\Temp\mccspuninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-16 16:40

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by jacky (2015-10-22 22:50:28)
Running from C:\Users\jacky\Downloads
Windows 8.1 (X64) (2015-09-18 20:10:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1190272223-2719381043-2969044305-500 - Administrator - Disabled)
Guest (S-1-5-21-1190272223-2719381043-2969044305-501 - Limited - Disabled)
jacky (S-1-5-21-1190272223-2719381043-2969044305-1001 - Administrator - Enabled) => C:\Users\jacky

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.3.5715 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.3.5715 - CyberLink Corp.) Hidden
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4505 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.1.0903 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2.3324 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2.3324 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4523 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Elsword version v5.0909.6.1 (HKLM-x32\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: v5.0909.6.1 - KOGGAMES)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Foxit PhantomPDF (HKLM-x32\...\{89BF1D4D-1D62-451E-9496-B971BDE82720}) (Version: 6.0.33.715 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.250 - SurfRight B.V.)
HP Documentation (HKLM-x32\...\{EA7EA537-8F93-42A2-9384-66E7F049E6B0}) (Version: 1.4.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{F12B17AB-FCDA-4380-9D35-E3F871BF1093}) (Version: 1.2.6 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.0.21 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4013 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LINE (HKLM-x32\...\LINE) (Version: 4.1.3.586 - LINE Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.4229.1024 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.4229.1024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.4229.1024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.4229.1024 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29082 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.35.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7335 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.38 - REALTEK Semiconductor Corp.)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.20 - Synaptics Incorporated)
TERA (HKLM-x32\...\Steam App 323370) (Version: - Bluehole Inc.)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

02-10-2015 14:03:37 Windows Update
09-10-2015 13:21:07 Removed BlueStacks Notification Center
14-10-2015 02:30:52 Removed 7-Zip 9.20 (x64 edition)
17-10-2015 04:22:30 Removed BlueStacks App Player

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13C8E120-B4CF-4E11-A209-CFDB825DAE46} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-09-23] (CyberLink Corp.)
Task: {1F1C37D6-1730-47AF-993E-33679B5105FC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {340B4EF9-7BF2-4FF3-8977-1A0F951017DA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-10-02] (Microsoft Corporation)
Task: {39AF9897-C02D-4EB8-8B4A-549D052B4D34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-18] (Google Inc.)
Task: {4BD0499E-8FF7-4EF1-A474-8036177D72AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {4FC10CFB-69FA-4E48-A3CA-6D1102DC7A38} - System32\Tasks\{0DF7C4E9-CA8A-4E67-A0FC-41E6CF405B77} => pcalua.exe -a C:\Users\jacky\AppData\Local\Temp\7zS8CC7.tmp\MicroInstallerNative.exe -d C:\Users\jacky\AppData\Local\Temp\7zS8CC7.tmp
Task: {A9F43AE2-8A3C-4A3B-8BEA-2BAC2D499E24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-18] (Google Inc.)
Task: {ACD61E96-5E08-4E68-93C5-BAF2B22CF8F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {B1F2E80E-30C0-400B-8E63-62E280C3501E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {EBC52DE5-335C-4AA0-9588-5211116B06C0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-09-09] (Microsoft Corporation)
Task: {FE1426EC-A38D-4497-8C03-70CF2F98999E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-09-09] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-10-02 13:57 - 2015-10-02 13:57 - 08901800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2014-09-03 14:03 - 2014-09-03 14:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-10-15 23:22 - 2015-10-08 20:53 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libglesv2.dll
2015-10-15 23:22 - 2015-10-08 20:53 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\jacky\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1190272223-2719381043-2969044305-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1190272223-2719381043-2969044305-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1190272223-2719381043-2969044305-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7843116A-3708-405C-9A7F-9D07E58C6D2E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{C64BFFC3-55F7-456F-BCB3-B5AA418ADF38}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{3EB060A9-1267-4032-8AE3-9EBF7E287BAF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{CE6B49E9-2626-486B-8C19-9C8F216E2B4D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{C32166AA-4149-4C09-9F7F-657D714B2D3C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{3F24EB19-E556-4C71-94F4-C492288C0632}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{C9CC192A-E874-4463-9250-C56D259FBBFB}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{8B1D748A-F209-41B6-BBE4-10AA46E3E544}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
FirewallRules: [{8C0E3544-D438-4FB2-8B23-89D7CA79303C}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
FirewallRules: [{474DEEF8-3073-4EB1-B12A-8CE80BEFA47A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{92CF8F4C-8DFF-4846-9321-3C5F1BD50F28}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{856D8393-612A-4AC0-BE3C-4261E8961379}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6071F985-F99D-465E-B857-543B8B6013A4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FE060509-E304-449C-8A9E-A3911691F7FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{C595949B-9F3C-4B0E-8C43-97C08C3476D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{DC673C99-60AA-4DB6-89C4-7CFDCB43A2FB}] => (Allow) C:\Program Files (x86)\LINE\LINE.exe
FirewallRules: [{ED6FFA65-0F79-4C1E-8352-13552998429A}] => (Allow) C:\Program Files (x86)\LINE\LINE.exe
FirewallRules: [{8F265F0F-AE26-47AF-9ABA-26A25C3CBE42}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{9FCCDA8E-74C5-423B-B4A6-8C4CCCD00F60}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A738BB1C-4C46-4DD6-82CB-3E8129F926FF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============

Name: CDC Serial
Description: CDC Serial
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: hp DVDRW GUB0N
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2015 05:29:41 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (10/22/2015 07:37:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3e88

Start Time: 01d10c8f188c8425

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 55f8e676-78b1-11e5-8260-480fcf6ec728

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (10/21/2015 09:34:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rads_user_kernel.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2218

Start Time: 01d10c69bd37aa21

Termination Time: 4294967295

Application Path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

Report Id: 0f9e6b3b-785d-11e5-8260-480fcf6ec728

Faulting package full name:

Faulting package-relative application ID:

Error: (10/21/2015 09:34:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rads_user_kernel.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2218

Start Time: 01d10c69bd37aa21

Termination Time: 4294967295

Application Path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

Report Id: 00d2906f-785d-11e5-8260-480fcf6ec728

Faulting package full name:

Faulting package-relative application ID:

Error: (10/21/2015 09:12:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/21/2015 09:12:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/21/2015 09:06:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/21/2015 09:06:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/21/2015 06:14:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: YanSim.exe, version: 0.0.0.0, time stamp: 0x534decc7
Faulting module name: YanSim.exe, version: 0.0.0.0, time stamp: 0x534decc7
Exception code: 0x80000003
Fault offset: 0x003360e0
Faulting process id: 0x2f08
Faulting application start time: 0xYanSim.exe0
Faulting application path: YanSim.exe1
Faulting module path: YanSim.exe2
Report Id: YanSim.exe3
Faulting package full name: YanSim.exe4
Faulting package-relative application ID: YanSim.exe5

Error: (10/21/2015 06:14:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: YanSim.exe, version: 0.0.0.0, time stamp: 0x534decc7
Faulting module name: YanSim.exe, version: 0.0.0.0, time stamp: 0x534decc7
Exception code: 0x80000003
Fault offset: 0x003360e0
Faulting process id: 0x2640
Faulting application start time: 0xYanSim.exe0
Faulting application path: YanSim.exe1
Faulting module path: YanSim.exe2
Report Id: YanSim.exe3
Faulting package full name: YanSim.exe4
Faulting package-relative application ID: YanSim.exe5


System errors:
=============
Error: (10/22/2015 10:41:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP SimplePass Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/22/2015 10:41:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 3 time(s).

Error: (10/22/2015 10:40:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (10/22/2015 10:15:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (10/22/2015 08:11:54 AM) (Source: DCOM) (EventID: 10010) (User: FURRY)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (10/22/2015 07:44:41 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (10/21/2015 05:35:06 PM) (Source: DCOM) (EventID: 10010) (User: FURRY)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (10/21/2015 11:05:32 AM) (Source: DCOM) (EventID: 10010) (User: FURRY)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (10/21/2015 10:05:33 AM) (Source: DCOM) (EventID: 10010) (User: FURRY)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (10/21/2015 09:47:38 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz
Percentage of memory in use: 31%
Total physical RAM: 6059.39 MB
Available physical RAM: 4144.4 MB
Total Virtual: 7211.39 MB
Available Virtual: 4458.61 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:672.1 GB) (Free:578.65 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:25.52 GB) (Free:2.86 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: E85455D1)

Partition: GPT.

==================== End of Addition.txt ============================
 
Status
Not open for further replies.

Similar threads

K
  • Locked
PowerShell/MaleficAms Powershell Infection Please Help
Replies
2
Views
1,998
Windows Malware Removal Help & Support
nasdaq
nasdaq
F
    • Like
  • Locked
Service Host: Network List Service...Virus?
Replies
11
Views
1,864
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
1,854
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top