TechSpot

Sound coming out of nowhere

By Troubling
Mar 18, 2015
  1. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
    Ran by admin (administrator) on ADMIN-PC on 19-03-2015 10:34:25
    Running from C:\Users\admin\Desktop
    Loaded Profiles: admin (Available profiles: admin & MSSQL$HUY)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Bkav Corporation) C:\Program Files (x86)\BkavHome\BkavHomeUpdateService.exe
    (Bkav Corporation) C:\Windows\SysWOW64\BkavService.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
    (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
    (AV Security Software) C:\Windows\mlwps.exe
    () D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe
    (CANON INC.) C:\Windows\System32\CNAB3RPD.EXE
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    () C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe
    () D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe
    (Microsoft Corporation) C:\Windows\System32\wscript.exe
    () C:\Users\admin\AppData\Roaming\SpeedTray\speedtray.exe
    (Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Update\1.3.39.13\CocCocCrashHandler.exe
    (CyberLink Corp.) D:\DUY\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    () C:\Users\admin\AppData\Local\GC\runner.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    () C:\Program Files (x86)\Dolphin Deals\bin\utilDolphinDeals.exe
    (Irismedia) C:\Program Files (x86)\hosts\hosts-bg.exe
    () C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BrowserAdapter.exe
    () C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BrowserAdapter64.exe
    () C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BOASHelper.exe
    () C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.expext.exe
    () C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.PurBrowse64.exe
    () C:\Program Files (x86)\Dolphin Deals\updateDolphinDeals.exe
    () C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BOASPRT.exe
    (Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
    (Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
    (Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
    (Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
    (Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
    (Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
    (Google Inc.) C:\Users\admin\AppData\Local\GC\Chrome-bin\chrome.exe
    (Google Inc.) C:\Users\admin\AppData\Local\GC\Chrome-bin\chrome.exe
    (Google Inc.) C:\Users\admin\AppData\Local\GC\Chrome-bin\chrome.exe
    (Google Inc.) C:\Users\admin\AppData\Local\GC\Chrome-bin\chrome.exe
    (Google Inc.) C:\Users\admin\AppData\Local\GC\Chrome-bin\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2057000 2010-02-18] (Synaptics Incorporated)
    HKLM\...\Run: [Chew7Hale] => C:\Windows\System32\hale.exe [2169856 2012-11-07] ()
    HKLM-x32\...\Run: [YouCam Service] => D:\DUY\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-10-16] (Intel Corporation)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-05] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [BkavHome] => C:\Program Files (x86)\BkavHome\BkavHome.exe [2435584 2015-01-14] (Bkav Corporation)
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [UniKey] => C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe [316928 2009-11-02] ()
    HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\admin\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
    HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
    HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [GarenaPlus] => D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe [9981528 2015-01-20] ()
    HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [CocCoc Update] => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [141528 2015-01-30] (Itim Technologies Co., Ltd.)
    HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [Microsoft Application Manager] => C:\Users\admin\AppData\Roaming\Microsoft\ApplicationManager\mst.exe [193536 2014-03-26] ()
    HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [SpeedTray] => C:\Users\admin\AppData\Roaming\SpeedTray\speedtray.exe [725518 2014-12-24] ()
    HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [COOL] => wscript.exe //B "C:\Users\admin\AppData\Roaming\COOL.vbs"
    HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe [351904 2012-11-09] (Adobe Systems Incorporated)
    Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COOL.vbs ()
    Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP3000 Status Window.lnk
    ShortcutTarget: Canon LBP3000 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB3LAD.EXE (CANON INC.)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [S-1-5-21-3818046159-3689817371-2580797029-1000] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-3818046159-3689817371-2580797029-1000] => 127.0.0.1:8118
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 0x00
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 0x00
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 0x00
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 0x00
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 0x00
    HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> {01bd49d7-c76b-4310-8beb-14d7e5f322c6} URL = http://search.easylifeapp.com/?q={s...c=ie2&r=2013/04/07&hid=4113113638&lg=EN&cc=VN
    SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
    SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchesplace.info...013/08/08&hid=4113113638&lg=EN&cc=VN&unqvl=30
    SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://start.mysearchdial.com/resul...FtCtAyBzytN1L1CzutCyD1B1P1R&cr=1042115618&ir=
    SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> {01bd49d7-c76b-4310-8beb-14d7e5f322c6} URL = http://search.easylifeapp.com/?q={s...c=ie2&r=2013/04/07&hid=4113113638&lg=EN&cc=VN
    SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://start.mysearchdial.com/resul...FtCtAyBzytN1L1CzutCyD1B1P1R&cr=1042115618&ir=
    SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B8B9685D43D1A3C2&affID=120695&tsp=5023
    SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
    BHO: hosts -> {11111111-1111-1111-1111-110311531182} -> C:\Program Files (x86)\hosts\hosts-bho64.dll [2013-10-02] (Irismedia)
    BHO: TrustMediaViewerV1alpha2724 -> {6b9694c1-2bda-43e2-94d3-dbd1b01b1c99} -> C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2724\ie\TrustMediaViewerV1alpha2724x64.dll [2014-06-26] ()
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-04-04] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-04-04] (Oracle Corporation)
    BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
    BHO-x32: SearchNewTab -> {0727E909-6CCD-BC6E-1AF5-766629DFA1FC} -> C:\ProgramData\SearchNewTab\Pt.dll [2012-08-08] ()
    BHO-x32: hosts -> {11111111-1111-1111-1111-110311531182} -> C:\Program Files (x86)\hosts\hosts-bho.dll [2013-10-02] (Irismedia)
    BHO-x32: Dolphin Deals 1.0.0.7 -> {15a4ce1e-d288-4d04-85bf-907170010a7a} -> C:\Program Files (x86)\Dolphin Deals\DolphinDealsbho.dll [2015-02-04] (Dolphin Deals)
    BHO-x32: BkavSiteAdvisorEngine Class -> {2876549C-1023-4AA0-82FF-8ED7112D5269} -> C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll [2014-04-03] (Bkav Corporation)
    BHO-x32: Media View -> {292a9c09-66a9-4123-85ac-222c4687b7c2} -> C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha45\ie\MediaViewV1alpha45.dll [2014-02-26] ()
    BHO-x32: SearchNewTab -> {52277627-029D-B628-0018-88DEBE87176F} -> C:\ProgramData\SearchNewTab\51cebe6cefb8f.dll [2013-06-29] ()
    BHO-x32: soaofEE saave -> {5BA25F6F-43EA-885B-D7E1-7AF775B28E35} -> C:\ProgramData\soaofEE saave\51cebe6178ebd.dll [2013-06-29] ()
    BHO-x32: Trust Media Viewer -> {6b9694c1-2bda-43e2-94d3-dbd1b01b1c99} -> C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2724\ie\TrustMediaViewerV1alpha2724.dll [2014-06-26] ()
    BHO-x32: BetterSurf -> {6E3C6B04-08FE-43BC-8E50-F90285024DEA} -> C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll [2013-11-13] ()
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-16] (Oracle Corporation)
    BHO-x32: Better-Surf -> {8271B5D6-76D3-4ABF-AEB3-1721161C76BC} -> C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll [2013-11-25] ()
    BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> E:\Huy\Window\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation)
    BHO-x32: Video Player -> {8c5f32e4-6041-4971-ac87-682ed8142443} -> C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta640\ie\VideoPlayerV3beta640.dll [2014-01-08] ()
    BHO-x32: Rich Media View -> {8fd55b40-fa85-4da7-97e3-9bc4f1e19a26} -> C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release961\ie\RichMediaViewV1release961.dll [2014-05-13] ()
    BHO-x32: BryOOwsee2ssavoe -> {901CD782-0464-2CCD-80DE-74253A767314} -> C:\ProgramData\BryOOwsee2ssavoe\515edbe4c903b.dll [2013-04-05] ()
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    BHO-x32: Media View -> {90d9818b-8fc1-4d4b-88e7-2074b23c0bbf} -> C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3170\ie\MediaViewV1alpha3170.dll [2014-02-27] ()
    BHO-x32: SearchNewTab -> {973AEBF9-6677-0B1D-805B-461A6610469C} -> C:\ProgramData\SearchNewTab\51cec9d0d6a16.dll [2013-06-29] ()
    BHO-x32: Media Player -> {98646bc7-0aff-4397-9c82-4a19e39c12f6} -> C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha335\ie\MediaPlayerV1alpha335.dll [2014-01-28] ()
    BHO-x32: Media Buzz -> {9a88259d-0ed6-487f-9c13-7226acf25a0f} -> C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5557\ie\MediaBuzzV1mode5557.dll [2014-04-24] ()
    BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27] (Skype Technologies S.A.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
    BHO-x32: Rich Media View -> {c70985eb-33b8-45cf-9570-853fdb4d4808} -> C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release4398\ie\RichMediaViewV1release4398.dll [2014-05-14] ()
    BHO-x32: soaofEE saave -> {C764A995-9013-3BFD-B070-846E6F0BC454} -> C:\ProgramData\soaofEE saave\51cebdc3b8850.dll [2013-06-29] ()
    BHO-x32: Media Watch -> {c83b83bb-248b-47e2-a6ae-b8bbf940ae49} -> C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home412\ie\MediaWatchV1home412.dll [2014-03-20] ()
    BHO-x32: saveenshhaire -> {CD2AAB10-6B84-A81F-DF0D-6A1CAF6FF7AD} -> C:\ProgramData\saveenshhaire\rti6l.dll [2013-08-08] ()
    BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll [2015-02-06] (Jelbrus)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-16] (Oracle Corporation)
    BHO-x32: SearchNewTab -> {DFBE860F-A916-B5F6-D027-E353DA36659C} -> C:\ProgramData\SearchNewTab\51cebe3424822.dll [2013-06-29] ()
    BHO-x32: mysearchdial Helper Object -> {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll No File
    BHO-x32: Media Viewer -> {f9c04e97-8374-4c84-a242-0f918e4b4726} -> C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha680\ie\MediaViewerV1alpha680.dll [2014-02-23] ()
    Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll No File
    Handler-x32: bksa - {AFBCA127-FD48-4FF5-B523-0E0DB4B8C295} - C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll [2014-04-03] (Bkav Corporation)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27] (Skype Technologies S.A.)
    Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
    Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
    Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{D0ED8A5C-3945-4A08-9E15-4394A60F2552}: [NameServer] 208.67.222.222,208.67.220.220

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll [2012-11-09] ()
    FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\Windows\system32\npDeployJava1.dll [2012-04-04] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-04-04] (Oracle Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll [2012-11-09] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-16] (Oracle Corporation)
    FF Plugin-x32: @live.heroesandgenerals.com/npretox -> D:\DUY\GAMES\HaG\Heroes & Generals\live\npretoxlive.dll No File
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-11-04] (Yahoo! Inc.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: @t.garena.com/garenatalk -> D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-21] (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: xyzgl-plugin@xyz-soft.com -> C:\Program Files (x86)\Fairy Tail 3D\npxyzgl.dll No File
    FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff
    FF Extension: BetterSurf - C:\Program Files (x86)\BetterSurf\ff [2013-11-15]
    FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
    FF Extension: Better-Surf - C:\Program Files (x86)\Better-Surf\ff [2013-11-25]
    FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta640.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta640\ff
    FF Extension: Video Player - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta640\ff [2014-01-10]
    FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha335.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha335\ff
    FF Extension: Media Player - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha335\ff [2014-01-30]
    FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewerV1alpha680.net] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha680\ff
    FF Extension: Media Viewer - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha680\ff [2014-02-24]
    FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha45.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha45\ff
    FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha45\ff [2014-02-28]
    FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha3170.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3170\ff
    FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3170\ff [2014-03-16]
    FF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home412.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home412\ff
    FF Extension: Media Watch - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home412\ff [2014-03-23]
    FF HKLM-x32\...\Firefox\Extensions: [ext@MediaBuzzV1mode5557.net] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5557\ff
    FF Extension: Media Buzz - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5557\ff [2014-04-26]
    FF HKLM-x32\...\Firefox\Extensions: [ext@RichMediaViewV1release4398.net] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release4398\ff
    FF Extension: Rich Media View - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release4398\ff [2014-05-14]
    FF HKLM-x32\...\Firefox\Extensions: [ext@TrustMediaViewerV1alpha2724.net] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2724\ff
    FF Extension: Trust Media Viewer - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2724\ff [2014-06-29]
    FF HKLM-x32\...\Firefox\Extensions: [bkavsiteadvisor@bkav.com.vn] - C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox
    FF Extension: Bkav SiteAdvisor - C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox [2014-09-17]
    FF HKLM-x32\...\Firefox\Extensions: [ext@RichMediaViewV1release961.net] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release961\ff
    FF Extension: Rich Media View - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release961\ff [2014-10-26]
     
  2. Troubling

    Troubling TS Rookie Topic Starter Posts: 57

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD
    CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD"
    CHR DefaultSearchKeyword: Default -> webssearches
    CHR DefaultSearchURL: Default -> http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
    CHR DefaultSuggestURL: Default ->
    CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-16]
    CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-03]
    CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-03]
    CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-03]
    CHR Extension: (BetterSurf) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap [2013-11-15]
    CHR Extension: (Media Buzz) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbipenidhbblafeghlnhomhbbekegeg [2014-04-26]
    CHR Extension: (Rich Media View) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgbjpmmapeeebfocedgchboelhicjob [2014-10-26]
    CHR Extension: (Media View) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjoipheamlalaopalfkdlpddibaammfd [2014-02-28]
    CHR Extension: (Video Player) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaiamlebimfmojfhilaghbgljofblde [2014-01-10]
    CHR Extension: (hkelgkihphkegiaagbcgglfidabmgkgp) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkelgkihphkegiaagbcgglfidabmgkgp [2014-10-19]
    CHR Extension: (Dolphin Deals) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihihlmpikoblhkjbcpgafnleneppnfjd [2015-02-04]
    CHR Extension: (Trust Media Viewer) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigbpcijgnghlbbckmblheliiphbcphn [2014-06-29]
    CHR Extension: (Media Viewer) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbpdghncgldndhlnkfhgnofiokhefpoe [2014-02-24]
    CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
    CHR Extension: (Rich Media View) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojmcblgmjhopempjhnhlohgbhhbaeapn [2014-05-14]
    CHR Extension: (Bkav SiteAdvisor) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcnancbdijenfaameanloddnkbjhfaal [2015-03-13]
    CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-03]
    CHR Extension: (BetterSrf) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco [2013-11-25]
    CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\admin\AppData\Local\mysearchdial-speeddial.crx [Not Found]
    CHR HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\admin\AppData\Local\mysearchdial-speeddial.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx [2013-11-11]
    CHR HKLM-x32\...\Chrome\Extension: [fhbipenidhbblafeghlnhomhbbekegeg] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5557\ch\MediaBuzzV1mode5557.crx [2014-04-24]
    CHR HKLM-x32\...\Chrome\Extension: [fhgbjpmmapeeebfocedgchboelhicjob] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release961\ch\RichMediaViewV1release961.crx [2014-05-13]
    CHR HKLM-x32\...\Chrome\Extension: [gjoipheamlalaopalfkdlpddibaammfd] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha45\ch\MediaViewV1alpha45.crx [2014-02-26]
    CHR HKLM-x32\...\Chrome\Extension: [hjaiamlebimfmojfhilaghbgljofblde] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta640\ch\VideoPlayerV3beta640.crx [2014-01-08]
    CHR HKLM-x32\...\Chrome\Extension: [iigbpcijgnghlbbckmblheliiphbcphn] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2724\ch\TrustMediaViewerV1alpha2724.crx [2014-06-26]
    CHR HKLM-x32\...\Chrome\Extension: [kidaajcdcjnibldmcnniccdjphlpmbim] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home412\ch\MediaWatchV1home412.crx [2014-03-20]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-09-27]
    CHR HKLM-x32\...\Chrome\Extension: [mfgmhilhjkklfkcopoogicgkbpnocdoe] - C:\Program Files (x86)\Naver\NaverChromeToolbar\naver_chrome_toolbar_vn_win.crx [2012-09-05]
    CHR HKLM-x32\...\Chrome\Extension: [nbpdghncgldndhlnkfhgnofiokhefpoe] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha680\ch\MediaViewerV1alpha680.crx [2014-02-23]
    CHR HKLM-x32\...\Chrome\Extension: [ojmcblgmjhopempjhnhlohgbhhbaeapn] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release4398\ch\RichMediaViewV1release4398.crx [2014-05-14]
    CHR HKLM-x32\...\Chrome\Extension: [pcnancbdijenfaameanloddnkbjhfaal] - C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavChrSiteAdvisor.crx [2014-09-17]
    CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\admin\AppData\Local\mysearchdial-speeddial.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [pjhppeglijpjoiggbdhkcncpginnbnjo] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3170\ch\MediaViewV1alpha3170.crx [2014-02-27]
    CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2013-11-25]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 BkavHomeUpdateService; C:\Program Files (x86)\BkavHome\BkavHomeUpdateService.exe [1593344 2014-07-01] (Bkav Corporation) [File not signed]
    R2 BkavService; C:\Windows\SysWOW64\BkavService.exe [291616 2014-07-01] (Bkav Corporation)
    S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-08-16] (Cherished Technololgy LIMITED) [File not signed]
    R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-03-03] (Elex do Brasil Participações Ltda)
    S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-21] (Intel Corporation)
    R2 Live Malware Protection; C:\Windows\mlwps.exe [239104 2015-02-15] (AV Security Software) [File not signed] <==== ATTENTION
    S2 MSSQL$HUY; E:\Huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
    S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
    R2 PrivoxyService; C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe [443202 2015-02-06] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
    R3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2012-11-07] (Microsoft Corporation) [File not signed]
    S4 SQLAgent$HUY; E:\Huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
    S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
    R2 Update Dolphin Deals; C:\Program Files (x86)\Dolphin Deals\updateDolphinDeals.exe [417064 2015-03-19] ()
    R2 Util Dolphin Deals; C:\Program Files (x86)\Dolphin Deals\bin\utilDolphinDeals.exe [417064 2015-03-19] ()
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
    R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [426160 2015-03-05] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
    S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
    S2 HiPatchService; No ImagePath
    S3 WinHttpAutoProxySvc; winhttp.dll [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2015-03-03] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2015-03-03] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2015-03-03] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [42152 2015-03-03] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [93352 2015-03-03] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-02-15] (Elex do Brasil Participações Ltda)
    R1 ISODrive; D:\DUY\UNG DUNG\UltraISO\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
    S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-10-25] (Anchorfree Inc.)
    S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-10-11] (Oracle Corporation)
    S3 VSPerfDrv110; E:\Huy\Window\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
    R1 {0b3befeb-e7d9-4648-a054-011aee951126}w64; C:\Windows\System32\drivers\{0b3befeb-e7d9-4648-a054-011aee951126}w64.sys [48840 2015-02-23] (StdLib)
    R1 {17d7b7ef-d2d8-45f1-a2f2-2dea72852c07}w64; C:\Windows\System32\drivers\{17d7b7ef-d2d8-45f1-a2f2-2dea72852c07}w64.sys [48840 2015-02-05] (StdLib)
    R1 {1bcac693-c506-4a13-8921-e885a8cb1d13}w64; C:\Windows\System32\drivers\{1bcac693-c506-4a13-8921-e885a8cb1d13}w64.sys [48840 2015-02-14] (StdLib)
    R1 {2be54678-5f85-4937-975c-484112311e65}Gw64; C:\Windows\System32\drivers\{2be54678-5f85-4937-975c-484112311e65}Gw64.sys [48840 2015-02-03] (StdLib)
    R1 {3c3ae2b4-4a36-40c4-a356-ffc1820b7ece}Gw64; C:\Windows\System32\drivers\{3c3ae2b4-4a36-40c4-a356-ffc1820b7ece}Gw64.sys [48824 2014-10-15] (StdLib)
    R1 {3f837d36-3981-45f1-9497-67565ae84508}w64; C:\Windows\System32\drivers\{3f837d36-3981-45f1-9497-67565ae84508}w64.sys [48840 2015-03-13] (StdLib)
    R1 {702bbd8f-e6dd-42a8-a995-6b431927d55e}w64; C:\Windows\System32\drivers\{702bbd8f-e6dd-42a8-a995-6b431927d55e}w64.sys [48840 2015-02-17] (StdLib)
    R1 {95e63078-c8de-4514-94f6-859d098ae58c}w64; C:\Windows\System32\drivers\{95e63078-c8de-4514-94f6-859d098ae58c}w64.sys [48840 2015-02-20] (StdLib)
    R1 {a524bf90-f804-4c41-b422-cc15288e85ca}w64; C:\Windows\System32\drivers\{a524bf90-f804-4c41-b422-cc15288e85ca}w64.sys [48840 2015-03-07] (StdLib)
    R1 {a60ec2d2-55d8-408b-9b84-24e0bd56daf6}w64; C:\Windows\System32\drivers\{a60ec2d2-55d8-408b-9b84-24e0bd56daf6}w64.sys [48840 2015-02-26] (StdLib)
    R1 {c4a7b09f-59a5-4aec-aa79-4922d6416b82}w64; C:\Windows\System32\drivers\{c4a7b09f-59a5-4aec-aa79-4922d6416b82}w64.sys [48840 2015-02-11] (StdLib)
    R1 {cfcde8f5-41ca-4db2-b65e-84981eec55ca}w64; C:\Windows\System32\drivers\{cfcde8f5-41ca-4db2-b65e-84981eec55ca}w64.sys [48840 2015-02-08] (StdLib)
    R1 {e189778b-c832-454e-b504-3be6620f674d}w64; C:\Windows\System32\drivers\{e189778b-c832-454e-b504-3be6620f674d}w64.sys [48840 2015-03-01] (StdLib)
    R1 {e3ccc45b-550f-41ef-9f66-bf8e591166fe}w64; C:\Windows\System32\drivers\{e3ccc45b-550f-41ef-9f66-bf8e591166fe}w64.sys [48840 2015-03-17] (StdLib)
    R1 {f40be314-6146-47fc-bd32-c76c91cbfb49}w64; C:\Windows\System32\drivers\{f40be314-6146-47fc-bd32-c76c91cbfb49}w64.sys [48840 2015-03-11] (StdLib)
    R1 {fedcd8ab-e575-437f-b8ab-0f7bb23dd158}w64; C:\Windows\System32\drivers\{fedcd8ab-e575-437f-b8ab-0f7bb23dd158}w64.sys [48840 2015-03-04] (StdLib)
    S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
    S0 BkavAuto; \SystemRoot\System32\Drivers\BkavAuto.sys [X]
    S3 cxasbt; \??\D:\DUY\GAMES\AvatarStarVN\avital\cxbtf64.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 GGSAFERDriver; \??\D:\GAMES\LienMinhHuyenThoai\GameData\Room\safedrv.sys [X]
    R4 nethfdrv; \??\C:\Windows\system32\drivers\nethfdrv.sys [X]
    S1 pfnfd_1_10_0_9; system32\drivers\pfnfd_1_10_0_9.sys [X]
    S3 RSUSBVSTOR; System32\Drivers\RtsUVStor.sys [X]
    S1 SysLib; \SystemRoot\System32\Drivers\SysLib.sys [X]
    S1 SysLib0; \SystemRoot\System32\Drivers\SysLib0.sys [X]
    S1 SysLib1; \SystemRoot\System32\Drivers\SysLib1.sys [X]
    S1 SysLib2; \SystemRoot\System32\Drivers\SysLib2.sys [X]
    S1 SysLib3; \SystemRoot\System32\Drivers\SysLib3.sys [X]
    S1 SysLib4; \SystemRoot\System32\Drivers\SysLib4.sys [X]
    S1 SysLib5; \SystemRoot\System32\Drivers\SysLib5.sys [X]
    S1 SysLib6; \SystemRoot\System32\Drivers\SysLib6.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-19 10:34 - 2015-03-19 10:35 - 00040111 _____ () C:\Users\admin\Desktop\FRST.txt
    2015-03-19 10:33 - 2015-03-19 10:34 - 00000000 ____D () C:\FRST
    2015-03-19 10:32 - 2015-03-19 10:32 - 02095616 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
    2015-03-19 09:05 - 2015-03-19 09:05 - 00000056 _____ () C:\Windows\setupact.log
    2015-03-19 09:05 - 2015-03-19 09:05 - 00000000 _____ () C:\Windows\setuperr.log
    2015-03-17 17:40 - 2015-03-17 03:11 - 00048840 _____ (StdLib) C:\Windows\system32\Drivers\{e3ccc45b-550f-41ef-9f66-bf8e591166fe}w64.sys
    2015-03-16 17:01 - 2015-03-16 17:01 - 00000000 ____D () C:\Program Files (x86)\Realtek
    2015-03-16 17:01 - 2010-05-07 09:42 - 00245280 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys
    2015-03-14 21:13 - 2015-03-14 21:13 - 00000769 _____ () C:\Users\admin\Desktop\Dynomite!™ Deluxe.lnk
    2015-03-14 12:48 - 2015-03-13 21:08 - 00048840 _____ (StdLib) C:\Windows\system32\Drivers\{3f837d36-3981-45f1-9497-67565ae84508}w64.sys
    2015-03-13 19:07 - 2014-11-14 21:15 - 00023752 _____ (360安全中心) C:\Windows\SysWOW64\Drivers\efimon.sys
    2015-03-13 19:05 - 2015-03-13 19:05 - 00000000 __SHD () C:\ProgramData\360Quarant
    2015-03-13 19:05 - 2015-03-13 19:05 - 00000000 __SHD () C:\$360Section
    2015-03-12 18:00 - 2015-03-14 21:11 - 00000000 ____D () C:\ProgramData\PopCap Games
    2015-03-12 17:56 - 2015-03-14 21:10 - 00000000 ____D () C:\Program Files (x86)\Opera
    2015-03-12 17:56 - 2015-03-13 22:51 - 00000000 ____D () C:\Program Files (x86)\360
    2015-03-12 17:55 - 2015-03-12 18:00 - 03874920 _____ () C:\Users\admin\Downloads\DynomiteSetup-en [1].exe
    2015-03-12 10:00 - 2015-03-12 10:00 - 00003054 _____ () C:\Windows\System32\Tasks\{947472E8-A5D0-4F35-93FF-E7BD403CCB40}
    2015-03-12 09:42 - 2015-03-12 09:42 - 00000000 ____D () C:\Users\admin\AppData\Roaming\JAM Software
    2015-03-11 20:05 - 2015-03-11 03:07 - 00048840 _____ (StdLib) C:\Windows\system32\Drivers\{f40be314-6146-47fc-bd32-c76c91cbfb49}w64.sys
    2015-03-08 18:16 - 2015-03-08 18:16 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Tencent
    2015-03-08 11:16 - 2015-03-07 20:07 - 00048840 _____ (StdLib) C:\Windows\system32\Drivers\{a524bf90-f804-4c41-b422-cc15288e85ca}w64.sys
    2015-03-06 10:17 - 2015-03-06 10:17 - 00000000 ____D () C:\ProgramData\Microsoft Visual Studio
    2015-03-06 09:39 - 2015-03-06 10:16 - 00000000 ____D () C:\Users\admin\Documents\Visual Studio 2012
    2015-03-06 09:36 - 2015-03-06 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-03-06 09:36 - 2015-03-06 09:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2015-03-06 09:35 - 2015-03-06 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
    2015-03-06 09:35 - 2015-03-06 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
    2015-03-06 09:34 - 2015-03-06 09:34 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
    2015-03-06 09:34 - 2015-03-06 09:34 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
    2015-03-06 09:34 - 2015-03-06 09:34 - 00000000 ____D () C:\Program Files\Application Verifier
    2015-03-06 09:34 - 2015-03-06 09:34 - 00000000 ____D () C:\Program Files (x86)\Application Verifier
    2015-03-06 09:33 - 2015-03-06 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
    2015-03-06 09:32 - 2015-03-06 09:32 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions
    2015-03-06 09:30 - 2015-03-06 09:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
    2015-03-06 09:30 - 2015-03-06 09:30 - 00002059 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
    2015-03-06 09:30 - 2015-03-06 09:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools
    2015-03-06 09:29 - 2015-03-06 09:29 - 00000000 ____D () C:\Program Files\IIS Express
    2015-03-06 09:29 - 2015-03-06 09:29 - 00000000 ____D () C:\Program Files (x86)\NuGet
    2015-03-06 09:29 - 2015-03-06 09:29 - 00000000 ____D () C:\Program Files (x86)\IIS Express
    2015-03-06 09:28 - 2015-03-06 09:28 - 00000000 ____D () C:\Program Files\IIS
    2015-03-06 09:28 - 2015-03-06 09:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft WCF Data Services
    2015-03-06 09:28 - 2015-03-06 09:28 - 00000000 ____D () C:\Program Files (x86)\IIS
    2015-03-06 09:26 - 2015-03-06 09:26 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
    2015-03-06 09:20 - 2015-03-06 09:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
    2015-03-06 09:20 - 2015-03-06 09:20 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop
    2015-03-06 09:12 - 2015-03-06 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
    2015-03-06 09:12 - 2015-03-06 09:12 - 00000000 ____D () C:\Windows\symbols
    2015-03-06 09:12 - 2015-03-06 09:12 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 11.0
    2015-03-05 16:59 - 2015-03-05 16:59 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Elex-tech
    2015-03-05 16:59 - 2015-03-05 16:59 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
    2015-03-05 16:59 - 2015-03-03 17:41 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
    2015-03-05 16:59 - 2015-02-15 15:37 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
    2015-03-05 08:50 - 2015-03-04 14:06 - 00048840 _____ (StdLib) C:\Windows\system32\Drivers\{fedcd8ab-e575-437f-b8ab-0f7bb23dd158}w64.sys
    2015-03-03 11:58 - 2015-03-03 11:58 - 00000000 ____D () C:\Users\admin\AppData\Roaming\WinRAR
    2015-03-02 12:57 - 2015-03-01 21:07 - 00048840 _____ (StdLib) C:\Windows\system32\Drivers\{e189778b-c832-454e-b504-3be6620f674d}w64.sys
    2015-02-28 21:59 - 2015-02-28 21:53 - 15071148 _____ () C:\Users\admin\Documents\Capture_20150228.mp4
    2015-02-27 08:39 - 2015-02-26 15:06 - 00048840 _____ (StdLib) C:\Windows\system32\Drivers\{a60ec2d2-55d8-408b-9b84-24e0bd56daf6}w64.sys
    2015-02-24 14:09 - 2015-02-23 22:08 - 00048840 _____ (StdLib) C:\Windows\system32\Drivers\{0b3befeb-e7d9-4648-a054-011aee951126}w64.sys
    2015-02-21 10:01 - 2015-02-20 16:29 - 00048840 _____ (StdLib) C:\Windows\system32\Drivers\{95e63078-c8de-4514-94f6-859d098ae58c}w64.sys
    2015-02-19 20:02 - 2015-02-19 20:02 - 00000000 ____D () C:\Users\admin\AppData\Roaming\xim
    2015-02-19 14:02 - 2015-03-05 16:18 - 00000000 ____D () C:\Users\admin\AppData\Roaming\WinZipper
    2015-02-18 17:50 - 2015-03-08 18:19 - 00000000 ____D () C:\Users\admin\AppData\Roaming\VNG
    2015-02-18 01:42 - 2015-02-17 10:34 - 00048840 _____ (StdLib) C:\Windows\system32\Drivers\{702bbd8f-e6dd-42a8-a995-6b431927d55e}w64.sys

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-19 10:33 - 2014-04-02 18:57 - 00000364 _____ () C:\Windows\Tasks\updater.job
    2015-03-19 10:32 - 2012-11-07 08:44 - 01443257 _____ () C:\Windows\WindowsUpdate.log
    2015-03-19 10:28 - 2015-01-30 07:23 - 00001002 _____ () C:\Windows\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000UA.job
    2015-03-19 10:26 - 2009-07-14 11:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-19 10:26 - 2009-07-14 11:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-19 10:19 - 2012-12-03 01:35 - 00000984 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-19 10:11 - 2015-02-04 19:17 - 00000000 ____D () C:\Program Files (x86)\Dolphin Deals
    2015-03-19 10:10 - 2014-01-01 15:17 - 00000292 _____ () C:\Windows\Tasks\MySearchDial.job
    2015-03-19 09:58 - 2013-08-11 20:56 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps
    2015-03-19 09:55 - 2014-09-17 23:22 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Backup
    2015-03-19 09:40 - 2012-11-09 17:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-19 09:38 - 2015-02-06 22:41 - 00003278 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task
    2015-03-19 09:19 - 2012-12-03 01:35 - 00000980 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-19 09:11 - 2012-11-07 11:46 - 00000000 ____D () C:\Users\admin\AppData\Roaming\GarenaPlus
    2015-03-19 09:11 - 2012-11-07 11:46 - 00000000 ____D () C:\ProgramData\GarenaMessenger
    2015-03-19 09:11 - 2009-07-14 09:34 - 00000580 _____ () C:\Windows\win.ini
    2015-03-19 09:09 - 2012-11-08 10:22 - 00003484 _____ () C:\Windows\System32\Tasks\AutoKMS
    2015-03-19 09:08 - 2014-12-08 17:57 - 00000000 ____D () C:\Program Files (x86)\WinZipper
    2015-03-19 09:06 - 2014-12-06 21:07 - 00003508 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_admin
    2015-03-19 09:05 - 2013-10-03 07:46 - 00000364 _____ () C:\Windows\Tasks\AmiUpdXp.job
    2015-03-19 09:05 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-18 22:38 - 2014-08-17 22:38 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
    2015-03-18 18:41 - 2009-07-14 12:13 - 00908038 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-16 20:31 - 2013-07-14 21:43 - 00000000 ____D () C:\Users\admin\Documents\Youcam
    2015-03-16 18:46 - 2013-08-07 22:25 - 00000014 _____ () C:\Windows\popcinfo.dat
    2015-03-16 17:02 - 2012-11-07 08:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-03-14 21:39 - 2014-01-25 08:20 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-03-14 21:13 - 2013-02-09 11:55 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    2015-03-14 21:10 - 2009-07-14 12:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-03-12 10:18 - 2012-11-07 08:39 - 00000000 ____D () C:\Users\admin
    2015-03-12 10:17 - 2013-07-18 16:44 - 00000000 ____D () C:\Users\admin\Documents\My Games
    2015-03-10 23:23 - 2014-01-30 21:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-03-10 18:29 - 2013-06-25 20:52 - 00002384 _____ () C:\Users\admin\Desktop\Cốc Cốc.lnk
    2015-03-06 10:07 - 2012-11-07 08:41 - 00142704 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-03-06 10:05 - 2009-07-14 11:45 - 00538440 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-03-06 09:36 - 2014-10-08 09:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
    2015-03-06 09:34 - 2012-11-07 08:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2015-03-06 09:32 - 2009-07-14 12:32 - 00000000 ____D () C:\Program Files\MSBuild
    2015-03-06 09:23 - 2014-10-08 08:13 - 00000000 ____D () C:\Windows\SysWOW64\1033
    2015-03-06 09:20 - 2009-07-14 12:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
    2015-03-06 09:15 - 2009-07-14 10:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2015-03-06 09:12 - 2014-10-08 08:13 - 00000000 ____D () C:\Windows\system32\1033
    2015-03-06 09:12 - 2013-03-23 10:35 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-02-23 00:15 - 2014-11-08 16:10 - 00000000 ____D () C:\Users\admin\AppData\Local\Skyrim
    2015-02-18 07:28 - 2015-01-30 07:23 - 00000950 _____ () C:\Windows\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000Core.job

    ==================== Files in the root of some directories =======

    2014-10-16 18:40 - 2013-09-24 01:43 - 0098222 ___SH () C:\Users\admin\AppData\Roaming\COOL.vbs
    2012-11-27 00:24 - 2014-01-31 10:30 - 0014336 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-02-10 14:34 - 2014-02-10 14:34 - 0064116 _____ () C:\Users\admin\AppData\Local\rational_state.log
    2014-04-18 10:41 - 2014-04-18 10:41 - 0002556 _____ () C:\Users\admin\AppData\Local\recently-used.xbel
    2014-01-25 07:41 - 2014-01-25 07:41 - 0000017 _____ () C:\Users\admin\AppData\Local\resmon.resmoncfg
    2013-09-05 17:51 - 2013-09-05 17:51 - 0048402 ___SH () C:\Users\admin\AppData\Local\ws_updater.exe
    2012-11-07 11:45 - 2012-11-07 11:45 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-11 11:07

    ==================== End Of Log ============================
     
  3. Troubling

    Troubling TS Rookie Topic Starter Posts: 57

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
    Ran by admin at 2015-03-19 10:35:32
    Running from C:\Users\admin\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
    Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.5.502.110 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
    AMD Catalyst Install Manager (HKLM\...\{C05A4975-B08D-26FA-C153-D6BBFF579705}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
    BkavHome Free Edition (HKLM-x32\...\BkavHome) (Version: - )
    Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
    Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
    Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION
    Canon LBP3000 (HKLM\...\Canon LBP3000) (Version: - )
    Castlevania: Lords of Shadow 2 (HKLM-x32\...\Q2FzdGxldmFuaWFMb3Jkc29mU2hhZG93Mg==_is1) (Version: 1 - )
    CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
    ccTalk (HKLM-x32\...\{F768F6BA-F164-4599-BC26-DCCFC2F71983}_is1) (Version: 4.0.2 - ccTalk)
    CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
    C-Free 4 Professional (HKLM-x32\...\C-Free 4_is1) (Version: - Program Arts)
    Cốc Cốc (HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\CocCocBrowser) (Version: 40.0.2214.121 - Đơn vị chủ quản Cốc Cốc)
    CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.)
    Dolphin Deals (HKLM\...\Dolphin Deals) (Version: 2015.02.04.092429 - Dolphin Deals) <==== ATTENTION
    Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
    Dynomite Deluxe (HKLM-x32\...\Dynomite Deluxe) (Version: - )
    Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
    Eusing Free Registry Cleaner (HKLM-x32\...\Eusing Free Registry Cleaner) (Version: - Eusing Software)
    Fighter Factory Classic (HKLM-x32\...\VirtuallTek Fighter Factory Classic_is1) (Version: 1.2.0.2010 - VirtuallTek Systems)
    FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
    FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
    GC (HKLM-x32\...\GC) (Version: - ) <==== ATTENTION
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
    Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.26.7 - Google Inc.) Hidden
    Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
    Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
    hosts (HKLM-x32\...\hosts) (Version: 1.28.153.3 - Irismedia) <==== ATTENTION
    IBM Rational Rose Enterprise Edition (HKLM-x32\...\{22D66ACE-E0A1-482E-B797-0A6A377D3E91}) (Version: 7.0.0.0 - Rational Software)
    IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
    IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
    IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
    IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
    Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{54EB8041-1115-4406-AA4B-44D236E84B3B}) (Version: 15.01.1000.0927 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Java SE Development Kit 7 Update 4 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170040}) (Version: 1.7.0.40 - Oracle)
    Java(TM) 6 Update 16 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
    Java(TM) 7 Update 4 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417004FF}) (Version: 7.0.40 - Oracle)
    Java(TM) SE Development Kit 6 Update 16 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160160}) (Version: 1.6.0.160 - Sun Microsystems, Inc.)
    JavaFX 2.1.0 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-210648764D10}) (Version: 2.1.0 - Oracle Corporation)
    JavaFX 2.1.0 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-210648764D10}) (Version: 2.1.0 - Oracle Corporation)
    K-Lite Codec Pack 8.1.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.1.0 - )
    League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
    League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
    League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
    LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
    LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden
    Media Buzz (HKLM-x32\...\MediaBuzzV1mode5557) (Version: 1.1 - Media Buzz) <==== ATTENTION
    Media Player (HKLM-x32\...\MediaPlayerV1alpha335) (Version: 1.1 - Media Player) <==== ATTENTION
    Media View (HKLM-x32\...\MediaViewV1alpha3170) (Version: 1.1 - Media View) <==== ATTENTION
    Media View (HKLM-x32\...\MediaViewV1alpha45) (Version: 1.1 - Media View) <==== ATTENTION
    Media Viewer (HKLM-x32\...\MediaViewerV1alpha680) (Version: 1.1 - Media Viewer) <==== ATTENTION
    Media Watch (HKLM-x32\...\MediaWatchV1home412) (Version: 1.1 - Media Watch) <==== ATTENTION
    Metal Gear Rising: Revengeance (HKLM-x32\...\Metal Gear Rising: Revengeance_is1) (Version: - )
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
    Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)
    Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
    Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
    Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
    Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
    Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
    Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
    Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31125 - Microsoft Corporation)
    Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{ae17ae9b-af38-40d2-a194-6102c56ed502}) (Version: 11.0.50727.26 - Microsoft Corporation)
    Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
    Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
    Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
    Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
    Mozilla Firefox 25.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0 (x86 en-US)) (Version: 25.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0 - Mozilla)
    NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst_is1) (Version: - Namco Bandai Games)
    NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
    Paint XP version 1.2 (HKLM-x32\...\{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1) (Version: 1.2 - MSPAINTXP.COM)
    PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
    PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
    Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
    PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
    PhotoZoom Professional 1.2.8 (HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\PhotoZoom Professional) (Version: 1.2.8 - BenVista Ltd)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30118 - Realtek Semiconductor Corp.)
    RESIDENT EVIL 5 (HKLM-x32\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
    Resident Evil 6 version 5.1 (HKLM-x32\...\{0BC95CC8-CFE7-4C60-9DBF-258443C3C6C6}_is1) (Version: 5.1 - Black_Box)
    Resident Evil Revelations (HKLM-x32\...\Resident Evil Revelations_is1) (Version: - Capcom)
    Rich Media View (HKLM-x32\...\RichMediaViewV1release4398) (Version: 1.1 - Rich Media View) <==== ATTENTION
    Rich Media View (HKLM-x32\...\RichMediaViewV1release961) (Version: 1.1 - Rich Media View) <==== ATTENTION
    SafeSaver 1.74 (HKLM-x32\...\SP_f5d3e0aa) (Version: - ) <==== ATTENTION
    saveenshhaire (HKLM-x32\...\{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}) (Version: 4.0.0.1253 - saaveNashare) <==== ATTENTION
    SaveShare 1.74 (HKLM-x32\...\SP_703c874a) (Version: - )
    Search Assistant WebSearch 1.74 (HKLM-x32\...\SP_4e24eecb) (Version: - ) <==== ATTENTION
    SearchNewTab (HKLM-x32\...\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}) (Version: 3.0.0.1547 - SearchNewTab) <==== ATTENTION
    Skype Toolbars (HKLM-x32\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4126 - Skype Technologies S.A.)
    Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
    Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) <==== ATTENTION
    SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
    SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
    SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
    SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
    SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
    Star Wars Jedi Knight Jedi Academy (HKLM-x32\...\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}) (Version: - )
    Star Wars Republic Commando (HKLM-x32\...\Star Wars Republic Commando_is1) (Version: - )
    Street Fighter X Tekken (x32 Version: 1.0.0004.130 - CAPCOM U.S.A., INC) Hidden
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.9.0 - Synaptics Incorporated)
    Teenage Mutant Ninja Turtles: Out of the Shadows (HKLM-x32\...\Teenage Mutant Ninja Turtles: Out of the Shadows_is1) (Version: 1.0 - Activision)
    The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.5.0.77 - KMP Media co., Ltd)
    The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\The Witcher 2 - Assassins of Kings Enhanced Edition_is1) (Version: - GOG.com)
    TreeSize Free V3.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3 - JAM Software)
    Trust Media Viewer (HKLM-x32\...\TrustMediaViewerV1alpha2724) (Version: 1.1 - Trust Media Viewer) <==== ATTENTION
    UltraISO Premium V9.33 (HKLM-x32\...\UltraISO_is1) (Version: - )
    Unity Web Player (HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    Video Player (HKLM-x32\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
    Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
    WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
    WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
    WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
    webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version: - webssearches) <==== ATTENTION
    Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
    Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
    WindowsMangerProtect20.0.0.1277 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1277 - WindowsProtect LIMITED) <==== ATTENTION
    WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    WinZipper (HKLM-x32\...\WinZipper) (Version: 1.5.90 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
    Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
    XSplit Broadcaster (HKLM-x32\...\{3678DA80-4221-457A-A7AB-F94264807883}) (Version: 1.3.1310.1103 - SplitMediaLabs)
    YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
    真・三國無双6 with 猛将伝 (HKLM-x32\...\InstallShield_{A804968F-4F32-4E02-98B2-5864EEB42903}) (Version: 1.00.0000 - TecmoKoei)
    真・三國無双6 with 猛将伝 (x32 Version: 1.00.0000 - TecmoKoei) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000_Classes\CLSID\{5F63E8CB-8F57-490A-97FE-62BC2F2A5EA4}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> No File Path

    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 09:34 - 2015-01-14 22:40 - 00000865 ____A C:\Windows\system32\Drivers\etc\hosts
    0.0.0.0 .psf
    0.0.0.0 psf


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {02125155-7DC8-4E26-9111-2B8936FDAE90} - System32\Tasks\{F749A93F-D823-4F5E-B664-7F9CB7C6799A} => D:\GAMES\***\Assassin's Creed IV Black Flag\AC4BFSP.exe
    Task: {1177659E-4A61-4FA1-8FE1-50DD2A0F8AB8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-09] (Adobe Systems Incorporated)
    Task: {128C0034-721C-4284-AA8F-6A9095D873F0} - System32\Tasks\UP_Scheduler => %LOCALAPPDATA%\GC\updater.exe <==== ATTENTION
    Task: {1906FB2B-28E1-47E1-9E19-8034A1D6C581} - System32\Tasks\Escolade => C:\Users\admin\AppData\Roaming\iPumper\Updater.exe <==== ATTENTION
    Task: {1B99842E-C275-4AE2-94F0-A81E2ACA5886} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2015-02-15] (Jelbrus) <==== ATTENTION
    Task: {21073F1B-8B5E-4498-9837-45288B58B39C} - System32\Tasks\{947472E8-A5D0-4F35-93FF-E7BD403CCB40} => pcalua.exe -a E:\Huy\Originals\Uninstall.exe
    Task: {34E1F3E8-2744-42E2-9F8D-F06EAC27A6AC} - System32\Tasks\{CA9F35EC-2E48-4ABC-AEC1-11B29843986A} => pcalua.exe -a "E:\Huy\Originals\PhotoZoom Professional Setup.exe" -d E:\Huy\Originals
    Task: {37C445E6-35FA-4842-AD15-8DBCE118EE6D} - System32\Tasks\{E0FBBA98-E6F5-46B3-B365-F16C237A6636} => Chrome.exe http://ui.skype.com/ui/0/6.1.0.129.272/vi/abandoninstall?page=tsProgressBar
    Task: {388A179F-8E20-48DB-846F-B0ED40B41749} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
    Task: {395A3A50-DF1A-491A-9590-76B3591210A3} - System32\Tasks\{6578B33F-BE5C-40E3-8EB4-F017B59D7DCF} => pcalua.exe -a "D:\GAMES\SWCMR\Star Wars Republic Commando [CHK88]\Republic Commando [CHK88]\[PC-Full]-SW-Republic.Commando.exe" -d "D:\GAMES\SWCMR\Star Wars Republic Commando [CHK88]\Republic Commando [CHK88]"
    Task: {4617E916-92E8-473D-8720-2A35DF2439F5} - System32\Tasks\{67659D67-741B-43E0-9D5B-E630A49031FF} => pcalua.exe -a D:\GAMES\SWJK\JediAcademy.exe -d D:\GAMES\SWJK
    Task: {4714EB89-347E-4D10-8063-A7344FD3C2C9} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GC\Runner.exe <==== ATTENTION
    Task: {4CB57C85-CB3A-4327-AC9F-DD029510D476} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-08-16] () <==== ATTENTION
    Task: {4FB0E6AE-831A-4E3B-A068-3DAAD92E6D6B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-14] (Google Inc.)
    Task: {630370E6-1242-4BC1-85B9-585132029F6D} - System32\Tasks\Updater35382.exe => C:\Users\admin\AppData\Local\Updater35382\Updater35382.exe [2013-10-02] (Irismedia) <==== ATTENTION
    Task: {64175F55-9699-4C99-80F6-2DE28494B856} - System32\Tasks\AmiUpdXp => C:\Users\admin\AppData\Local\23474\Updater.exe <==== ATTENTION
    Task: {6C3FCA5B-37AE-4E46-942E-A31E8B9416B1} - System32\Tasks\updater => Rundll32.exe "C:\Users\admin\AppData\Roaming\Updater\updater_task.dll",schedule_task
    Task: {6DC301DC-5106-46EF-831F-6B5460D92D2F} - System32\Tasks\MySearchDial => C:\Users\admin\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {76DBC42B-88A3-4D89-B3AE-C9CBA33FC6BD} - System32\Tasks\DoctorPC_Popup => C:\Program Files (x86)\Doctor PC\Splash.exe
    Task: {8041E7FA-BBC6-43F8-9E56-4F7ABCBE678D} - System32\Tasks\{9A49B636-3FD2-41DA-8332-19A9F882F665} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
    Task: {8728697D-A8B8-4B94-BB3B-548DCA65ECE3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {8B5BCFCB-DE58-47B0-ACA9-AD518FD2C21B} - System32\Tasks\{0D66A9C9-3137-43D8-9A9D-E4D394146DE5} => pcalua.exe -a "D:\DUY\GAMES\Zing speed\2S-setup-110.exe" -d "D:\DUY\GAMES\Zing speed"
    Task: {903FC5DF-58C0-44DC-8928-FD9B62911EBA} - System32\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000UA => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [2015-01-30] (Itim Technologies Co., Ltd.)
    Task: {9CEABCC5-8B28-4E71-9F03-DF6BA349099F} - System32\Tasks\mcleaner => C:\Users\admin\AppData\Roaming\2145.tmp.exe <==== ATTENTION
    Task: {A198B052-E6ED-45FE-88CA-CB4F1B3949E2} - System32\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000Core => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [2015-01-30] (Itim Technologies Co., Ltd.)
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
    Task: {B8820E18-028F-46AD-A13E-4CD572070045} - System32\Tasks\{87CAB124-17DE-4292-9BC4-7777ADEBDFCC} => Firefox.exe http://ui.skype.com/ui/0/6.0.0.126/vi/abandoninstall?page=tsProgressBar
    Task: {BD004E3C-CAC0-4D2F-BBD1-52C839B243AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-14] (Google Inc.)
    Task: {DA255089-7810-409D-95B3-4ADAA0422A80} - System32\Tasks\{75323A41-E23B-480A-8EF4-9F8E63FB6719} => pcalua.exe -a "E:\Huy\Rational Rose\IBM.Rational.Rose.Enterprise.v7.0_Blog.HanhTrinhTuoiTre.Com\setup.exe" -d "E:\Huy\Rational Rose\IBM.Rational.Rose.Enterprise.v7.0_Blog.HanhTrinhTuoiTre.Com"
    Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
    Task: {ED6D91B2-734A-47F3-B38C-3FB321EF299C} - System32\Tasks\gg_uac_daemon_admin => D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe [2015-01-20] ()
    Task: {EF2397D0-6706-4C2D-A48B-626A88F0FC7E} - System32\Tasks\{503E338D-E662-45EC-8A2F-AD3C2880012F} => pcalua.exe -a D:\GAMES\SWJK\autorun.exe -d D:\GAMES\SWJK
    Task: {F155C81B-6271-49A4-9B23-6C62609C9CED} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-11-08] ()
    Task: {F2C596F2-F9E7-4E1C-BD63-7CB3F81A4071} - System32\Tasks\DoctorPC_Start => C:\Program Files (x86)\Doctor PC\DoctorPC.exe
    Task: {F7975478-5CCD-4EA6-821F-5215613B4445} - System32\Tasks\{34BF06CC-4E30-4900-BD2E-832C2B1159D3} => pcalua.exe -a G:\OriginInstaller.exe -d G:\
    Task: {FDD88101-8283-4EDB-AD70-3D2A03F6521E} - System32\Tasks\{3D6FE28C-B230-42D9-962E-44564AC9A66F} => pcalua.exe -a C:\Users\admin\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=irs <==== ATTENTION
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\admin\AppData\Local\23474\Updater.exe <==== ATTENTION
    Task: C:\Windows\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000Core.job => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe
    Task: C:\Windows\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000UA.job => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\admin\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: C:\Windows\Tasks\updater.job => C:\Windows\SysWOW64\rundll32.exeHC:\Users\admin\AppData\Roaming\Updater\updater_task.dll
     
  4. Troubling

    Troubling TS Rookie Topic Starter Posts: 57

    ==================== Loaded Modules (whitelisted) ==============

    2012-11-07 10:27 - 2009-11-02 01:13 - 00296960 _____ () C:\UniKey 4.0 RC2 Win64\UKHook40.dll
    2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2013-07-12 19:13 - 2015-01-20 19:20 - 00055896 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe
    2012-11-07 09:55 - 2012-03-19 15:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2012-11-07 10:27 - 2009-11-02 01:13 - 00316928 _____ () C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe
    2013-06-29 11:53 - 2015-01-20 19:20 - 09981528 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe
    2014-12-12 22:40 - 2014-12-24 22:40 - 00725518 _____ () C:\Users\admin\AppData\Roaming\SpeedTray\speedtray.exe
    2014-06-10 21:56 - 2014-06-10 21:56 - 00443904 _____ () C:\Users\admin\AppData\Local\GC\Runner.exe
    2012-03-05 04:43 - 2012-03-05 04:43 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2011-12-13 16:10 - 2011-12-13 16:10 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2015-02-04 19:26 - 2015-03-19 09:11 - 00417064 _____ () C:\Program Files (x86)\Dolphin Deals\bin\utilDolphinDeals.exe
    2015-02-04 19:35 - 2015-03-19 04:53 - 00105768 _____ () C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BrowserAdapter.exe
    2015-02-04 19:35 - 2015-03-19 04:53 - 00123176 _____ () C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BrowserAdapter64.exe
    2015-02-05 09:12 - 2015-03-17 22:06 - 01649960 _____ () C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BOASHelper.exe
    2015-02-04 19:28 - 2015-03-18 13:01 - 00101672 _____ () C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.expext.exe
    2015-03-09 14:09 - 2015-03-18 19:00 - 00353576 _____ () C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.PurBrowse64.exe
    2015-02-04 16:25 - 2015-03-19 09:15 - 00417064 _____ () C:\Program Files (x86)\Dolphin Deals\updateDolphinDeals.exe
    2015-02-05 09:12 - 2015-03-17 22:06 - 01786664 _____ () C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BOASPRT.exe
    2015-03-05 16:59 - 2015-03-03 17:37 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
    2015-03-05 16:59 - 2013-12-02 09:52 - 00176976 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll
    2015-03-05 16:59 - 2013-12-11 20:12 - 00087744 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll
    2014-12-08 17:57 - 2014-11-26 10:42 - 00612528 _____ () C:\Program Files (x86)\WinZipper\sqlite3.dll
    2013-06-29 11:53 - 2015-01-20 19:20 - 00560216 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ggspawn.dll
    2015-03-05 16:59 - 2015-03-03 17:37 - 00185672 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
    2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2013-06-29 11:53 - 2015-01-20 19:20 - 00111192 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\CommonLib.dll
    2013-06-29 11:53 - 2015-01-20 19:20 - 00040024 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\DibModule.dll
    2013-06-29 11:53 - 2015-03-09 10:35 - 00034752 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\VersionModule.dll
    2013-06-29 11:53 - 2015-01-20 19:20 - 00057944 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\FileLoader.dll
    2013-06-29 11:53 - 2015-01-20 19:20 - 00093784 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\PluginKernel.dll
    2013-06-29 11:53 - 2015-01-20 19:20 - 00493656 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\CxImage.dll
    2013-06-29 11:53 - 2015-01-20 19:20 - 00031832 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\PluginModule.dll
    2012-10-31 11:44 - 2015-01-20 19:20 - 00177240 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\fs\YYFileSystem.dll
    2012-10-31 11:44 - 2015-01-20 19:20 - 00380504 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\Http.dll
    2012-10-31 11:44 - 2015-01-20 19:20 - 00191064 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\MP3Module.dll
    2013-06-29 11:53 - 2012-02-22 15:52 - 00162304 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lame_enc.DLL
    2012-10-31 11:44 - 2015-01-20 19:20 - 00226392 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\TaskManagerLib.dll
    2012-10-31 11:44 - 2015-01-20 19:20 - 00112728 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\UILayout.dll
    2012-10-31 11:44 - 2015-01-20 19:20 - 00964696 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\XLL.dll
    2012-10-31 11:44 - 2015-01-20 19:20 - 00061528 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\XmlUIModule.dll
    2013-06-29 11:53 - 2012-02-22 15:52 - 00573100 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\sqlite3.dll
    2012-10-31 11:44 - 2015-01-20 19:20 - 00231000 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Plugins\StatsPlugin.dll
    2012-11-01 12:15 - 2015-01-28 11:04 - 00962136 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Plugins\ggplugin.dll
    2013-06-29 11:53 - 2015-01-20 19:20 - 00199256 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ImageModule.dll
    2013-06-30 10:54 - 2015-01-20 19:20 - 00161880 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\libmpg123.dll
    2013-06-29 11:53 - 2015-01-20 19:20 - 02947672 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ggdownloader.dll
    2012-10-31 11:44 - 2015-01-20 19:20 - 00072280 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\AudioMixerLib.dll
    2012-10-31 11:44 - 2015-01-20 19:20 - 00023128 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\ClientTcp.dll
    2012-10-31 11:44 - 2015-01-20 19:20 - 01551960 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\FileSender.dll
    2013-06-29 11:53 - 2013-02-01 12:42 - 00153088 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\libzmq.dll
    2012-10-31 11:44 - 2015-01-20 19:20 - 00962648 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\GaFileTransfer.dll
    2012-10-31 11:44 - 2015-01-20 19:20 - 00251480 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\MediaEngine.dll
    2013-06-29 11:53 - 2015-01-20 19:20 - 00032856 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ServerMemAlloc.dll
    2012-10-31 11:44 - 2015-01-20 19:20 - 00523352 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\RSALib.dll
    2012-10-31 11:44 - 2015-01-20 19:20 - 00074840 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\UdtLib.dll
    2014-06-10 21:55 - 2014-06-10 21:55 - 00341504 _____ () C:\Users\admin\AppData\Local\GC\Modules\WbSes.dll
    2012-08-08 21:55 - 2012-08-08 21:55 - 00184320 _____ () C:\ProgramData\SearchNewTab\Pt.dll
    2014-02-26 23:06 - 2014-02-26 23:06 - 00087040 _____ () C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha45\ie\MediaViewV1alpha45.dll
    2013-06-29 17:58 - 2013-06-29 18:01 - 00118784 _____ () C:\ProgramData\SearchNewTab\51cebe6cefb8f.dll
    2013-06-29 17:58 - 2013-06-29 18:00 - 00118784 _____ () C:\ProgramData\soaofEE saave\51cebe6178ebd.dll
    2014-06-26 02:57 - 2014-06-26 02:57 - 00087552 _____ () C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2724\ie\TrustMediaViewerV1alpha2724.dll
    2013-11-13 00:34 - 2013-11-13 00:34 - 00086016 _____ () C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll
    2013-11-25 16:15 - 2013-11-25 16:15 - 00086016 _____ () C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll
    2014-01-08 04:40 - 2014-01-08 04:40 - 00087040 _____ () C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta640\ie\VideoPlayerV3beta640.dll
    2014-05-13 19:09 - 2014-05-13 19:09 - 00087552 _____ () C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release961\ie\RichMediaViewV1release961.dll
    2013-04-05 21:13 - 2013-04-05 21:12 - 00118272 _____ () C:\ProgramData\BryOOwsee2ssavoe\515edbe4c903b.dll
    2014-02-27 06:09 - 2014-02-27 06:09 - 00087040 _____ () C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3170\ie\MediaViewV1alpha3170.dll
    2013-06-29 17:59 - 2013-06-29 18:49 - 00118784 _____ () C:\ProgramData\SearchNewTab\51cec9d0d6a16.dll
    2014-01-28 22:57 - 2014-01-28 22:57 - 00087040 _____ () C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha335\ie\MediaPlayerV1alpha335.dll
    2014-04-24 11:05 - 2014-04-24 11:05 - 00087040 _____ () C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5557\ie\MediaBuzzV1mode5557.dll
    2014-05-14 03:14 - 2014-05-14 03:14 - 00087552 _____ () C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release4398\ie\RichMediaViewV1release4398.dll
    2013-06-29 17:55 - 2013-06-29 17:58 - 00118784 _____ () C:\ProgramData\soaofEE saave\51cebdc3b8850.dll
    2014-03-20 20:50 - 2014-03-20 20:50 - 00087040 _____ () C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home412\ie\MediaWatchV1home412.dll
    2013-08-08 21:52 - 2013-08-08 21:52 - 00184320 _____ () C:\ProgramData\saveenshhaire\rti6l.dll
    2013-06-29 17:57 - 2013-06-29 18:00 - 00118784 _____ () C:\ProgramData\SearchNewTab\51cebe3424822.dll
    2014-02-23 18:10 - 2014-02-23 18:10 - 00087040 _____ () C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha680\ie\MediaViewerV1alpha680.dll
    2015-02-04 19:28 - 2015-03-18 13:01 - 00081704 _____ () C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.expextdll.dll
    2013-03-08 12:17 - 2013-03-08 12:17 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\avcodec-54.dll
    2013-03-08 12:17 - 2013-03-08 12:17 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\avutil-52.dll
    2013-03-08 12:17 - 2013-03-08 12:17 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\avformat-54.dll
    2013-03-08 12:17 - 2013-03-08 12:17 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\swscale-2.dll
    2013-03-08 12:17 - 2013-03-08 12:17 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\swresample-0.dll
    2015-03-10 18:29 - 2015-03-08 12:10 - 01116824 _____ () C:\Users\admin\AppData\Local\CocCoc\Browser\Application\40.0.2214.121\libglesv2.dll
    2015-03-10 18:29 - 2015-03-08 12:10 - 00210584 _____ () C:\Users\admin\AppData\Local\CocCoc\Browser\Application\40.0.2214.121\libegl.dll
    2015-03-10 18:29 - 2015-03-08 12:10 - 09171096 _____ () C:\Users\admin\AppData\Local\CocCoc\Browser\Application\40.0.2214.121\pdf.dll
    2015-03-10 18:29 - 2015-03-08 12:10 - 14965064 _____ () C:\Users\admin\AppData\Local\CocCoc\Browser\Application\40.0.2214.121\PepperFlash\pepflashplayer.dll
    2014-03-28 14:12 - 2013-12-04 09:48 - 04055504 _____ () C:\Users\admin\AppData\Local\GC\Chrome-bin\31.0.1650.63\pdf.dll
    2014-03-28 14:12 - 2013-12-04 09:48 - 00399312 _____ () C:\Users\admin\AppData\Local\GC\Chrome-bin\31.0.1650.63\ppGoogleNaClPluginChrome.dll
    2014-03-28 14:12 - 2013-12-04 09:47 - 01619408 _____ () C:\Users\admin\AppData\Local\GC\Chrome-bin\31.0.1650.63\ffmpegsumo.dll
    2013-08-13 19:15 - 2013-08-13 19:15 - 00206336 _____ () C:\Users\admin\AppData\Local\Temp\{A48A1434-77EE-42B3-B238-C0D4E95A7C81}\{D8E2A1BA-D304-46E8-BC55-3C656E324A0C}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
    2014-03-28 14:12 - 2013-12-04 09:48 - 13586896 _____ () C:\Users\admin\AppData\Local\GC\Chrome-bin\31.0.1650.63\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:2C2F956A
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 208.67.222.222 - 208.67.220.220

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: AMD External Events Utility => 2
    MSCONFIG\Services: AMPPALR3 => 2
    MSCONFIG\Services: BTHSSecurityMgr => 2
    MSCONFIG\Services: cphs => 3
    MSCONFIG\Services: EvtEng => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
    MSCONFIG\Services: jhi_service => 2
    MSCONFIG\Services: LMS => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: MyWiFiDHCPDNS => 3
    MSCONFIG\Services: PanService => 2
    MSCONFIG\Services: RegSrvc => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: TeamViewer8 => 2
    MSCONFIG\Services: UNS => 2
    MSCONFIG\Services: ZeroConfigService => 2

    ==================== Accounts: =============================

    admin (S-1-5-21-3818046159-3689817371-2580797029-1000 - Administrator - Enabled) => C:\Users\admin
    Administrator (S-1-5-21-3818046159-3689817371-2580797029-500 - Administrator - Disabled)
    Guest (S-1-5-21-3818046159-3689817371-2580797029-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3818046159-3689817371-2580797029-1002 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: USB2.0-CRW
    Description: USB2.0-CRW
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: pfnfd_1_10_0_9
    Description: pfnfd_1_10_0_9
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: pfnfd_1_10_0_9
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: BAPIDRV
    Description: BAPIDRV
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: BAPIDRV
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/19/2015 09:58:11 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
    Faulting module name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
    Exception code: 0xc0000005
    Fault offset: 0x000131a5
    Faulting process id: 0x12e0
    Faulting application start time: 0xBkavHome.exe0
    Faulting application path: BkavHome.exe1
    Faulting module path: BkavHome.exe2
    Report Id: BkavHome.exe3

    Error: (03/19/2015 09:52:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program BkavHome.exe version 1.0.0.6417 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 12fc

    Start Time: 01d061ef9b1021e5

    Termination Time: 12

    Application Path: C:\Program Files (x86)\BkavHome\BkavHome.exe

    Report Id: f5b2a48e-cde2-11e4-b246-685d43d1a3c5

    Error: (03/19/2015 09:21:08 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
    Faulting module name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
    Exception code: 0xc0000005
    Fault offset: 0x000131a5
    Faulting process id: 0x1424
    Faulting application start time: 0xBkavHome.exe0
    Faulting application path: BkavHome.exe1
    Faulting module path: BkavHome.exe2
    Report Id: BkavHome.exe3

    Error: (03/19/2015 09:07:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/18/2015 06:43:52 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
    Faulting module name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
    Exception code: 0xc0000005
    Fault offset: 0x000131a5
    Faulting process id: 0x11b4
    Faulting application start time: 0xBkavHome.exe0
    Faulting application path: BkavHome.exe1
    Faulting module path: BkavHome.exe2
    Report Id: BkavHome.exe3

    Error: (03/18/2015 06:39:46 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mlwps.exe, version: 1.0.8.0, time stamp: 0x54d4afb9
    Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58
    Exception code: 0xc0000374
    Fault offset: 0x000ce653
    Faulting process id: 0x880
    Faulting application start time: 0xmlwps.exe0
    Faulting application path: mlwps.exe1
    Faulting module path: mlwps.exe2
    Report Id: mlwps.exe3

    Error: (03/18/2015 06:38:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/18/2015 09:25:35 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
    Faulting module name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
    Exception code: 0xc0000005
    Fault offset: 0x000131a5
    Faulting process id: 0xe50
    Faulting application start time: 0xBkavHome.exe0
    Faulting application path: BkavHome.exe1
    Faulting module path: BkavHome.exe2
    Report Id: BkavHome.exe3

    Error: (03/18/2015 09:21:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/17/2015 07:16:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
    Faulting module name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
    Exception code: 0xc0000005
    Fault offset: 0x000131a5
    Faulting process id: 0x10b0
    Faulting application start time: 0xBkavHome.exe0
    Faulting application path: BkavHome.exe1
    Faulting module path: BkavHome.exe2
    Report Id: BkavHome.exe3


    System errors:
    =============
    Error: (03/19/2015 10:34:37 AM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort0.

    Error: (03/19/2015 10:34:37 AM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort0.

    Error: (03/19/2015 10:34:37 AM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort0.

    Error: (03/19/2015 10:34:37 AM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort0.

    Error: (03/19/2015 10:34:37 AM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort0.

    Error: (03/19/2015 10:05:58 AM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort0.

    Error: (03/19/2015 10:05:58 AM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort0.

    Error: (03/19/2015 10:05:58 AM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort0.

    Error: (03/19/2015 10:05:58 AM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort0.

    Error: (03/19/2015 10:05:58 AM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort0.


    Microsoft Office Sessions:
    =========================
    Error: (03/19/2015 09:58:11 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: BkavHome.exe1.0.0.641754b61b33BkavHome.exe1.0.0.641754b61b33c0000005000131a512e001d061efd268ba7bC:\Program Files (x86)\BkavHome\BkavHome.exeC:\Program Files (x86)\BkavHome\BkavHome.exec6ee3139-cde3-11e4-b246-685d43d1a3c5

    Error: (03/19/2015 09:52:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: BkavHome.exe1.0.0.641712fc01d061ef9b1021e512C:\Program Files (x86)\BkavHome\BkavHome.exef5b2a48e-cde2-11e4-b246-685d43d1a3c5

    Error: (03/19/2015 09:21:08 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: BkavHome.exe1.0.0.641754b61b33BkavHome.exe1.0.0.641754b61b33c0000005000131a5142401d061eaa54ca582C:\Program Files (x86)\BkavHome\BkavHome.exeC:\Program Files (x86)\BkavHome\BkavHome.exe9999a64c-cdde-11e4-b246-685d43d1a3c5

    Error: (03/19/2015 09:07:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/18/2015 06:43:52 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: BkavHome.exe1.0.0.641754b61b33BkavHome.exe1.0.0.641754b61b33c0000005000131a511b401d0616ff926e95eC:\Program Files (x86)\BkavHome\BkavHome.exeC:\Program Files (x86)\BkavHome\BkavHome.exe0c11e32c-cd64-11e4-b51d-685d43d1a3c5

    Error: (03/18/2015 06:39:46 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: mlwps.exe1.0.8.054d4afb9ntdll.dll6.1.7601.175144ce7ba58c0000374000ce65388001d0616fcf659244C:\Windows\mlwps.exeC:\Windows\SysWOW64\ntdll.dll79151653-cd63-11e4-b51d-685d43d1a3c5

    Error: (03/18/2015 06:38:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/18/2015 09:25:35 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: BkavHome.exe1.0.0.641754b61b33BkavHome.exe1.0.0.641754b61b33c0000005000131a5e5001d061220d34b14eC:\Program Files (x86)\BkavHome\BkavHome.exeC:\Program Files (x86)\BkavHome\BkavHome.exe0e67bbe1-cd16-11e4-b6d3-685d43d1a3c5

    Error: (03/18/2015 09:21:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/17/2015 07:16:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: BkavHome.exe1.0.0.641754b61b33BkavHome.exe1.0.0.641754b61b33c0000005000131a510b001d060ab524a022dC:\Program Files (x86)\BkavHome\BkavHome.exeC:\Program Files (x86)\BkavHome\BkavHome.exe76850020-cc9f-11e4-9fd0-685d43d1a3c5


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
    Percentage of memory in use: 62%
    Total physical RAM: 3998.36 MB
    Available physical RAM: 1515.95 MB
    Total Pagefile: 7994.91 MB
    Available Pagefile: 4885.78 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:48.83 GB) (Free:12.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (CHUONG TRINH) (Fixed) (Total:205.08 GB) (Free:84.49 GB) NTFS
    Drive e: (LUU TRU) (Fixed) (Total:211.85 GB) (Free:105.29 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FAC058BE)
    Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=205.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=211.8 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  5. Troubling

    Troubling TS Rookie Topic Starter Posts: 57

    This is my first time here so if I do something wrong please tell me
     
  6. Troubling

    Troubling TS Rookie Topic Starter Posts: 57

    That and some stupid popad just coming up constantly on some site which doesn't seem to happen before , and also sometime the page just change its destination to some website .
     
  7. Troubling

    Troubling TS Rookie Topic Starter Posts: 57

    And now its suddenly stop for some reason , like everything went away . But still I couldn't be too careful about this .
     
  8. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    Your computer is very seriously infected.

    [​IMG] Uninstall following unwanted programs (take your time and make sure you don't miss any since there is a lot to uninstall:

    Buzzdock
    Dolphin Deals
    GC
    hosts
    Media Buzz
    Media Player
    Media View (TWO instances)
    Media Viewer
    Media Watch
    Rich Media View
    SafeSaver
    saveenshhaire
    SaveShare
    Search Assistant WebSearch
    SearchNewTab
    Software Version
    Trust Media Viewer
    Video Player
    webssearches uninstall
    WindowsMangerProtect20.0.0.1277
    WinZipper
    YAC


    Let me know if any of the above won't uninstall and then proceed with next steps....

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  9. Troubling

    Troubling TS Rookie Topic Starter Posts: 57

    Where is the clipboard exactly ? I can't copy it if I can't find it
     
  10. Troubling

    Troubling TS Rookie Topic Starter Posts: 57

    Hm why does the jrt.exe does nothing for me . I only have firewall and Bkavhome ( just a scan and delete which didn't do anything like protection ) so why doesn't it run . Anyway I'm going to post the log if all the question have been answer but now I have to go to school .
     
  11. Troubling

    Troubling TS Rookie Topic Starter Posts: 57

    Well here is all the logs I have

    RogueKiller V10.5.5.0 [Mar 16 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : admin [Administrator]
    Started from : C:\Users\admin\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 03/20/2015 09:57:01

    ¤¤¤ Processes : 10 ¤¤¤
    [Suspicious.Path] PluginService.exe(1680) -- C:\ProgramData\IePluginServices\PluginService.exe[-] -> Killed [TermProc]
    [Suspicious.Path] mlwps.exe(1448) -- C:\Windows\mlwps.exe[-] -> Killed [TermProc]
    [Suspicious.Path] CocCocCrashHandler.exe(4716) -- C:\Users\admin\AppData\Local\CocCoc\Update\1.3.39.13\CocCocCrashHandler.exe[7] -> Killed [TermProc]
    [Suspicious.Path] speedtray.exe(4732) -- C:\Users\admin\AppData\Roaming\SpeedTray\speedtray.exe[-] -> Killed [TermProc]
    [Suspicious.Path] browser.exe(3096) -- C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe[7] -> Killed [TermProc]
    [Suspicious.Path] browser.exe(4600) -- C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe[7] -> Killed [TermThr]
    [Suspicious.Path] browser.exe(3268) -- C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe[7] -> Killed [TermThr]
    [Suspicious.Path] browser.exe(4440) -- C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe[7] -> Killed [TermThr]
    [Suspicious.Path] browser.exe(5104) -- C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe[7] -> Killed [TermThr]
    [Suspicious.Path] browser.exe(5556) -- C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe[7] -> Killed [TermThr]

    ¤¤¤ Registry : 39 ¤¤¤
    [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844} (%LOCALAPPDATA%\Pokki\ocdeskband_0.dll) -> Not selected
    [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} (C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} (C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll) -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E3C6B04-08FE-43BC-8E50-F90285024DEA} -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | mobilegeni daemon : C:\Program Files (x86)\Mobogenie\DaemonProcess.exe -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Windows\CurrentVersion\Run | NextLive : C:\Windows\SysWOW64\rundll32.exe "C:\Users\admin\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Windows\CurrentVersion\Run | NextLive : C:\Windows\SysWOW64\rundll32.exe "C:\Users\admin\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IePluginServices (C:\ProgramData\IePluginServices\PluginService.exe -service) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Live Malware Protection (C:\Windows\mlwps.exe) -> Not selected
    [Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MBAMScheduler ("E:\Huy\Malwarebytes Anti-Malware\mbamscheduler.exe") -> Not selected
    [Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MBAMService ("E:\Huy\Malwarebytes Anti-Malware\mbamservice.exe") -> Not selected
    [Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MBAMSwissArmy (\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys) -> Not selected
    [Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MBAMWebAccessControl (\??\C:\Windows\system32\drivers\mwac.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IePluginServices (C:\ProgramData\IePluginServices\PluginService.exe -service) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Live Malware Protection (C:\Windows\mlwps.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IePluginServices (C:\ProgramData\IePluginServices\PluginService.exe -service) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeKrnl (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeKrnlBoot (system32\DRIVERS\iSafeKrnlBoot.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeKrnlKit (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeKrnlR3 (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeNetFilter (system32\DRIVERS\iSafeNetFilter.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeService (C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Live Malware Protection (C:\Windows\mlwps.exe) -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:8118 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:8118 -> Not selected
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://istart.webssearches.com/?type=hp&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD -> Not selected
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
    [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms} -> Not selected
    [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST9500325AS ATA Device +++++
    --- User ---
    [MBR] 99f95ab09a9451390866e9a36792bb44
    [BSP] 922cade1be87a028dea69f1dee342bc2 : Windows Vista/7/8 MBR Code
    Partition table:
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_03202015_094706.log - RKreport_DEL_03202015_094733.log - RKreport_SCN_03202015_095656.log

    Adware

    # AdwCleaner v4.112 - Logfile created 20/03/2015 at 10:38:43
    # Updated 09/03/2015 by Xplode
    # Database : 2015-03-15.1 [Server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x64)
    # Username : admin - ADMIN-PC
    # Running from : C:\Users\admin\Desktop\adwcleaner_4.112.exe
    # Option : Cleaning

    ***** [ Services ] *****

    [#] Service Deleted : iSafeKrnlMon
    Service Deleted : Live Malware Protection

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\SoftSafe
    Folder Deleted : C:\ProgramData\StarApp
    Folder Deleted : C:\ProgramData\Browosse2save
    Folder Deleted : C:\ProgramData\BryOOwsee2ssavoe
    Folder Deleted : C:\ProgramData\saffe saoVe
    Folder Deleted : C:\ProgramData\saveenshhaire
    Folder Deleted : C:\ProgramData\soaofEE saave
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BryOOwsee2ssavoe
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\soaofEE saave
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\MediaBuzzV1
    Folder Deleted : C:\Program Files (x86)\MediaPlayerV1
    Folder Deleted : C:\Program Files (x86)\MediaViewerV1
    Folder Deleted : C:\Program Files (x86)\MediaViewV1
    Folder Deleted : C:\Program Files (x86)\MediaWatchV1
    Folder Deleted : C:\Program Files (x86)\RichMediaViewV1
    Folder Deleted : C:\Program Files (x86)\VideoPlayerV3
    Folder Deleted : C:\Program Files (x86)\WinZipper
    Folder Deleted : C:\Program Files (x86)\STab
    Folder Deleted : C:\Users\admin\AppData\Local\globalUpdate
    Folder Deleted : C:\Users\admin\AppData\Local\Doctor_PC
    Folder Deleted : C:\Users\admin\AppData\LocalLow\Browosse2save
    Folder Deleted : C:\Users\admin\AppData\LocalLow\BryOOwsee2ssavoe
    Folder Deleted : C:\Users\admin\AppData\LocalLow\saffe saoVe
    Folder Deleted : C:\Users\admin\AppData\LocalLow\saveenshhaire
    Folder Deleted : C:\Users\admin\AppData\LocalLow\soaofEE saave
    Folder Deleted : C:\Users\admin\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\admin\AppData\Roaming\WinZipper
    Folder Deleted : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
    File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
    File Deleted : C:\Windows\System32\roboot64.exe
    File Deleted : C:\Users\admin\daemonprocess.txt
    File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.sqeedolphindeals.com_0.localstorage-journal

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****

    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Classes\pokki
    Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
    Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
    Key Deleted : HKCU\Software\9e8cd0bd3ee946
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99E29823-2F67-41C3-8AA5-6425097A771F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Key Deleted : HKCU\Software\BABSOLUTION
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\Escolade
    Key Deleted : HKCU\Software\filescout
    Key Deleted : HKCU\Software\Pokki
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\V9
    Key Deleted : HKCU\Software\DownLite
    Key Deleted : HKCU\Software\SpeedTray
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\hdcode
    Key Deleted : HKLM\SOFTWARE\InstallCore
    Key Deleted : HKLM\SOFTWARE\SP Global
    Key Deleted : HKLM\SOFTWARE\SProtector
    Key Deleted : HKLM\SOFTWARE\Trymedia Systems
    Key Deleted : HKLM\SOFTWARE\V9
    Key Deleted : HKLM\SOFTWARE\winzipersvc
    Key Deleted : HKLM\SOFTWARE\Better-Surf
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v8.0.7601.17514


    -\\ Google Chrome v41.0.2272.89

    [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.easylifeapp.com/?q={searchTerms}&pid=625&src=ch2&r=2013/04/07&hid=4113113638&lg=EN&cc=VN
    [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B8B9685D43D1A3C2&affID=121631&tsp=4949
    [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.searchesplace.info/?l=1&q={searchTerms}&pid=799&r=2013/08/08&hid=4113113638&lg=EN&cc=VN&unqvl=30
    [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzyyEzy0D0AyD0EzytByDyBtN0D0Tzu0SyBtAtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1042115618&ir=
    [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzyyEzy0D0AyD0EzytByDyBtN0D0Tzu0SyBtAtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1042115618&ir=
    [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
    [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
    [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
    [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [10385 bytes] - [20/03/2015 10:37:24]
    AdwCleaner[S0].txt - [11159 bytes] - [20/03/2015 10:38:43]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11219 bytes] ##########
     
  12. Troubling

    Troubling TS Rookie Topic Starter Posts: 57

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 20/03/2015
    Scan Time: 9:57:55 SA
    Logfile: Savelog.txt
    Administrator: Yes

    Version: 2.01.4.1018
    Malware Database: v2015.03.19.10
    Rootkit Database: v2015.02.25.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: admin

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 455789
    Time Elapsed: 24 min, 23 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 1
    PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe, 2596, Delete-on-Reboot, [6ef8182f8307b680841c6d33ad566898]

    Modules: 8
    PUP.Optional.MultiPlug.A, C:\ProgramData\soaofEE saave\51cebe6178ebd.dll, Delete-on-Reboot, [d09660e7b2d872c4e3e11919ff02aa56],
    Adware.BetterSurf, C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll, Delete-on-Reboot, [86e04dfab2d816203cf945272cd57987],
    Adware.BetterSurf, C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll, Delete-on-Reboot, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
    PUP.Optional.MultiPlug.A, C:\ProgramData\BryOOwsee2ssavoe\515edbe4c903b.dll, Delete-on-Reboot, [6df9e56285055ed8d6ee3101b1506898],
    PUP.Optional.MultiPlug.A, C:\ProgramData\soaofEE saave\51cebdc3b8850.dll, Delete-on-Reboot, [baac0f38dbaff83ee3e11b1758a96e92],
    PUP.Optional.BetterSurf.A, C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll, Delete-on-Reboot, [92d4cc7bccbeac8a0877ac785ca727d9],
    PUP.Optional.BetterSurf.A, C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll, Delete-on-Reboot, [73f37ec9662439fd57f78c9c0df6e31d],
    PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll, Delete-on-Reboot, [05613c0b6e1c84b280667ea2c83b05fb],

    Registry Keys: 243
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5BA25F6F-43EA-885B-D7E1-7AF775B28E35}, Quarantined, [d09660e7b2d872c4e3e11919ff02aa56],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5BA25F6F-43EA-885B-D7E1-7AF775B28E35}, Quarantined, [d09660e7b2d872c4e3e11919ff02aa56],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5BA25F6F-43EA-885B-D7E1-7AF775B28E35}, Quarantined, [d09660e7b2d872c4e3e11919ff02aa56],
    PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5BA25F6F-43EA-885B-D7E1-7AF775B28E35}, Quarantined, [d09660e7b2d872c4e3e11919ff02aa56],
    PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5BA25F6F-43EA-885B-D7E1-7AF775B28E35}, Quarantined, [d09660e7b2d872c4e3e11919ff02aa56],
    Adware.BetterSurf, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Quarantined, [86e04dfab2d816203cf945272cd57987],
    Adware.BetterSurf, HKLM\SOFTWARE\CLASSES\TYPELIB\{0113A098-06EA-4776-A011-D75590778F1E}, Quarantined, [86e04dfab2d816203cf945272cd57987],
    Adware.BetterSurf, HKLM\SOFTWARE\CLASSES\INTERFACE\{462862BE-9A5C-49A5-9CBD-A649EAC63645}, Quarantined, [86e04dfab2d816203cf945272cd57987],
    Adware.BetterSurf, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{462862BE-9A5C-49A5-9CBD-A649EAC63645}, Quarantined, [86e04dfab2d816203cf945272cd57987],
    Adware.BetterSurf, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{462862BE-9A5C-49A5-9CBD-A649EAC63645}, Quarantined, [86e04dfab2d816203cf945272cd57987],
    Adware.BetterSurf, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{0113A098-06EA-4776-A011-D75590778F1E}, Quarantined, [86e04dfab2d816203cf945272cd57987],
    Adware.BetterSurf, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{0113A098-06EA-4776-A011-D75590778F1E}, Quarantined, [86e04dfab2d816203cf945272cd57987],
    Adware.BetterSurf, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Quarantined, [86e04dfab2d816203cf945272cd57987],
    Adware.BetterSurf, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Quarantined, [86e04dfab2d816203cf945272cd57987],
    Adware.BetterSurf, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Quarantined, [86e04dfab2d816203cf945272cd57987],
    Adware.BetterSurf, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Quarantined, [86e04dfab2d816203cf945272cd57987],
    Adware.BetterSurf, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
    Adware.BetterSurf, HKLM\SOFTWARE\CLASSES\TYPELIB\{BEAA0C04-ED15-4C17-800B-28716025A4E4}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
    Adware.BetterSurf, HKLM\SOFTWARE\CLASSES\INTERFACE\{65B07D06-95A1-409D-93FF-8CB14E1EC86A}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
    Adware.BetterSurf, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{65B07D06-95A1-409D-93FF-8CB14E1EC86A}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
    Adware.BetterSurf, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{65B07D06-95A1-409D-93FF-8CB14E1EC86A}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
    Adware.BetterSurf, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{BEAA0C04-ED15-4C17-800B-28716025A4E4}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
    Adware.BetterSurf, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{BEAA0C04-ED15-4C17-800B-28716025A4E4}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
    Adware.BetterSurf, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
    Adware.BetterSurf, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
    Adware.BetterSurf, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
    Adware.BetterSurf, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{901CD782-0464-2CCD-80DE-74253A767314}, Quarantined, [6df9e56285055ed8d6ee3101b1506898],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{901CD782-0464-2CCD-80DE-74253A767314}, Quarantined, [6df9e56285055ed8d6ee3101b1506898],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{901CD782-0464-2CCD-80DE-74253A767314}, Quarantined, [6df9e56285055ed8d6ee3101b1506898],
    PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{901CD782-0464-2CCD-80DE-74253A767314}, Quarantined, [6df9e56285055ed8d6ee3101b1506898],
    PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{901CD782-0464-2CCD-80DE-74253A767314}, Quarantined, [6df9e56285055ed8d6ee3101b1506898],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C764A995-9013-3BFD-B070-846E6F0BC454}, Quarantined, [baac0f38dbaff83ee3e11b1758a96e92],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C764A995-9013-3BFD-B070-846E6F0BC454}, Quarantined, [baac0f38dbaff83ee3e11b1758a96e92],
    PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C764A995-9013-3BFD-B070-846E6F0BC454}, Quarantined, [baac0f38dbaff83ee3e11b1758a96e92],
    PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C764A995-9013-3BFD-B070-846E6F0BC454}, Quarantined, [baac0f38dbaff83ee3e11b1758a96e92],
    PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C764A995-9013-3BFD-B070-846E6F0BC454}, Quarantined, [baac0f38dbaff83ee3e11b1758a96e92],
    PUP.Optional.ELEX, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, Quarantined, [e77fbf8842481224bd3c6962c73a2ad6],
    PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [44223b0c5b2fc67038492736966db848],
    PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [44223b0c5b2fc67038492736966db848],
    PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [44223b0c5b2fc67038492736966db848],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, Quarantined, [620499ae6c1e5bdb810b5508dc2744bc],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, Quarantined, [620499ae6c1e5bdb810b5508dc2744bc],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, Quarantined, [620499ae6c1e5bdb810b5508dc2744bc],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialdskBnd.1, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialdskBnd, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialdskBnd, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\mysearchdial.mysearchdialdskBnd, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialdskBnd.1, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\mysearchdial.mysearchdialdskBnd.1, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7],
    PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7],
    PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{0113A098-06EA-4776-A011-D75590778F1E}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{462862BE-9A5C-49A5-9CBD-A649EAC63645}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{462862BE-9A5C-49A5-9CBD-A649EAC63645}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{462862BE-9A5C-49A5-9CBD-A649EAC63645}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{0113A098-06EA-4776-A011-D75590778F1E}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{0113A098-06EA-4776-A011-D75590778F1E}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
    PUP.Optional.BetterSurf.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
    PUP.Optional.BetterSurf.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{BEAA0C04-ED15-4C17-800B-28716025A4E4}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{65B07D06-95A1-409D-93FF-8CB14E1EC86A}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{65B07D06-95A1-409D-93FF-8CB14E1EC86A}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{65B07D06-95A1-409D-93FF-8CB14E1EC86A}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{BEAA0C04-ED15-4C17-800B-28716025A4E4}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{BEAA0C04-ED15-4C17-800B-28716025A4E4}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
    PUP.Optional.BetterSurf.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
    PUP.Optional.BetterSurf.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
    PUP.Optional.SecureWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
    PUP.Optional.SecureWeb.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
    PUP.Optional.SecureWeb.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{2F137995-4D26-44AD-9C4E-91055090A817}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
    PUP.Optional.SecureWeb.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A1E7709A-3AFB-49B8-8719-CCBF3F73CCB1}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
    PUP.Optional.SecureWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1E7709A-3AFB-49B8-8719-CCBF3F73CCB1}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
    PUP.Optional.SecureWeb.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A1E7709A-3AFB-49B8-8719-CCBF3F73CCB1}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
    PUP.Optional.SecureWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2F137995-4D26-44AD-9C4E-91055090A817}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
    PUP.Optional.SecureWeb.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{2F137995-4D26-44AD-9C4E-91055090A817}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
    PUP.Optional.SecureWeb.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D3C24E2B-C820-4492-9B69-11BF7163F998}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
    PUP.Optional.SecureWeb.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D3C24E2B-C820-4492-9B69-11BF7163F998}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
    PUP.Optional.SecureWeb.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D3C24E2B-C820-4492-9B69-11BF7163F998}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, Quarantined, [6006c681157560d64746b8a5b64dab55],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [6006c681157560d64746b8a5b64dab55],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [6006c681157560d64746b8a5b64dab55],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [6006c681157560d64746b8a5b64dab55],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [6006c681157560d64746b8a5b64dab55],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [6006c681157560d64746b8a5b64dab55],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [6006c681157560d64746b8a5b64dab55],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\esrv.mysearchdialESrvc, Quarantined, [6006c681157560d64746b8a5b64dab55],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [6006c681157560d64746b8a5b64dab55],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\esrv.mysearchdialESrvc.1, Quarantined, [6006c681157560d64746b8a5b64dab55],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, Quarantined, [6006c681157560d64746b8a5b64dab55],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialHlpr.1, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialHlpr, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialHlpr, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\mysearchdial.mysearchdialHlpr, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialHlpr.1, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\mysearchdial.mysearchdialHlpr.1, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
    PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
    PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
    PUP.Optional.EasyLife.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}, Quarantined, [ce98a6a1a0eacc6a9cb407560ef57e82],
    PUP.Optional.EasyLife.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}, Quarantined, [ce98a6a1a0eacc6a9cb407560ef57e82],
    PUP.Optional.Babylon.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [62044304bdcd6cca0a0d3aea7a8959a7],
    PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [98ce60e7088224127cca78ac04ff956b],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [98ce60e7088224127cca78ac04ff956b],
    PUP.Optional.DolphinDeals.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{15A4CE1E-D288-4D04-85BF-907170010A7A}, Quarantined, [1d4999ae85051e188ccf6cb544bf33cd],
    PUP.Optional.DolphinDeals.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{15A4CE1E-D288-4D04-85BF-907170010A7A}, Quarantined, [1d4999ae85051e188ccf6cb544bf33cd],
    PUP.Optional.BetterSurf.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1824FF90-C98E-48A6-838F-E3B6572B0C77}, Quarantined, [4422ee594e3cc274f18d30f443c06799],
    PUP.Optional.BetterSurf.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1824FF90-C98E-48A6-838F-E3B6572B0C77}, Quarantined, [4422ee594e3cc274f18d30f443c06799],
    PUP.Optional.LemurLeap.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{415419C3-DAD0-4DF1-AC37-22C72AD81878}, Quarantined, [ca9cc4832d5dd165c5fb042661a2bd43],
    PUP.Optional.LemurLeap.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{415419C3-DAD0-4DF1-AC37-22C72AD81878}, Quarantined, [ca9cc4832d5dd165c5fb042661a2bd43],
    PUP.Optional.Delta.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, Quarantined, [93d371d6642684b2aad7d3891fe410f0],
    PUP.Optional.Delta.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, Quarantined, [93d371d6642684b2aad7d3891fe410f0],
    PUP.Optional.Delta.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, Quarantined, [bda991b681092a0cf58bcb9112f13cc4],
    PUP.Optional.Delta.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, Quarantined, [bda991b681092a0cf58bcb9112f13cc4],
    PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FE063412-BEA4-4D76-8ED3-183BE6220D17}, Quarantined, [84e2c97e0882122411245b04cd36fe02],
    PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FE063412-BEA4-4D76-8ED3-183BE6220D17}, Quarantined, [84e2c97e0882122411245b04cd36fe02],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}, Quarantined, [36302e193357b086dc6793ca62a15fa1],
    PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, Quarantined, [94d25becfa906fc72f0b99974bb8ee12],
    PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1, Quarantined, [a5c18abdf595bb7bbd7d092706fde818],
    PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Updater.AmiUpd.1, Quarantined, [a5c18abdf595bb7bbd7d092706fde818],
    PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, Quarantined, [442243045c2e9a9cc91c85ccee138e72],
    PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, Quarantined, [442243045c2e9a9cc91c85ccee138e72],
    PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, Quarantined, [442243045c2e9a9cc91c85ccee138e72],
    PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, Quarantined, [442243045c2e9a9cc91c85ccee138e72],
    PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, Quarantined, [442243045c2e9a9cc91c85ccee138e72],
    PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, Quarantined, [442243045c2e9a9cc91c85ccee138e72],
    PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{2be54678-5f85-4937-975c-484112311e65}Gw64, Quarantined, [9acc1a2df09ae74f83634f8822e13bc5],
    PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{3c3ae2b4-4a36-40c4-a356-ffc1820b7ece}Gw64, Quarantined, [12545fe8e5a5c47252945e7928db7c84],
    PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{0b3befeb-e7d9-4648-a054-011aee951126}w64, Quarantined, [15511b2cc7c333038e7862d452b3768a],
    PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{17d7b7ef-d2d8-45f1-a2f2-2dea72852c07}w64, Quarantined, [8cda9fa82268c96de2249a9ced18c23e],
    PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{1bcac693-c506-4a13-8921-e885a8cb1d13}w64, Quarantined, [d88eae991278a492bd494de930d521df],
    PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{3f837d36-3981-45f1-9497-67565ae84508}w64, Quarantined, [531377d07d0d5dd96d99fd3916eff709],
    PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{702bbd8f-e6dd-42a8-a995-6b431927d55e}w64, Quarantined, [1452a89ffd8d59dd25e16dc928dd18e8],
    PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{95e63078-c8de-4514-94f6-859d098ae58c}w64, Quarantined, [a8bea7a0137788aeab5b4fe76c99a060],
    PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{a524bf90-f804-4c41-b422-cc15288e85ca}w64, Quarantined, [75f10a3dcbbff4429274013507fe748c],
    PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{a60ec2d2-55d8-408b-9b84-24e0bd56daf6}w64, Quarantined, [b5b1e4636d1ddc5a7492bc7a8283c838],
    PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{c4a7b09f-59a5-4aec-aa79-4922d6416b82}w64, Quarantined, [0d598eb957333600d53152e4fa0b916f],
    PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{cfcde8f5-41ca-4db2-b65e-84981eec55ca}w64, Quarantined, [d88ecd7a355511253accb482bc49e31d],
    PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{e189778b-c832-454e-b504-3be6620f674d}w64, Quarantined, [9fc784c32367a393ef17ea4c32d3b44c],
    PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{e3ccc45b-550f-41ef-9f66-bf8e591166fe}w64, Quarantined, [7ee866e1880237ff33d37abcf213867a],
    PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{f40be314-6146-47fc-bd32-c76c91cbfb49}w64, Quarantined, [2e381c2b54367db9e6200c2aed18bd43],
    PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{fedcd8ab-e575-437f-b8ab-0f7bb23dd158}w64, Quarantined, [0b5b4502ef9bb58148bec76f26df18e8],
    PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, Quarantined, [2046cd7ae3a7e0569453a928788ba25e],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, Quarantined, [89dd1433f694c76fbb5e4ab943c18d73],
    PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [0a5c4afda3e77bbb3bd9948e59acfa06],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BonanzaDealsLive.exe, Quarantined, [8ed83d0a8ffb35012d5fac727c89ea16],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\BonanzaDealsLive, Quarantined, [c4a262e5fc8e2f07c6c552cc5ca9fc04],
    PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, Quarantined, [e77ffc4b9eecc472402afce811f245bb],
    PUP.Optional.KeyFind.A, HKLM\SOFTWARE\WOW6432NODE\key-findSoftware, Quarantined, [1d4992b5d2b8b97d292d9d1729da11ef],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\mysearchdial, Quarantined, [80e6b6914446a19560462510f411ea16],
    PUP.Optional.PhraseFinder.A, HKLM\SOFTWARE\WOW6432NODE\PhraseFinder_1.10.0.9, Quarantined, [23438dbac1c92b0b0c4005b3857eec14],
    PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, Quarantined, [1f474cfbacde71c5100a468c8d76c43c],
    PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, Quarantined, [184eab9c4248270f87ef8c680cf7936d],
    PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd, Quarantined, [bfa70b3cd9b159dd64839b3657ac53ad],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dedmngkbaffkenlfdcbganndoghblmap, Quarantined, [98ce52f52268082e9e6bab3fb54ec937],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, Quarantined, [a9bd86c10d7d54e262b747bceb19da26],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\poheodfamflhhhdcmjfeggbgigeefaco, Quarantined, [85e126217812d95dce65d91c2bd80ff1],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\mysearchdial, Quarantined, [0e58291ebbcf56e098514ec75aabbc44],
    PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [cb9b32156525989e5b58ee495baa827e],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BonanzaDealsLive.exe, Quarantined, [501656f1414978be414bc05e976e8080],
    PUP.Optional.PhraseFinder.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pfnfd_1_10_0_9, Quarantined, [d88e47004a4053e35febe5d3f31044bc],
    PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, Quarantined, [d78fbc8bd7b373c30b48f8cff310eb15],
    PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\BonanzaDealsLive, Quarantined, [fc6a85c2e4a688aec8c1958965a02cd4],
    PUP.Optional.DataMngr.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\DataMngr, Quarantined, [88dee562a0ea2d09e187e630976e27d9],
    PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\mysearchdial, Quarantined, [b7afef58a7e35dd9a6e1fd1a7e87cd33],
    PUP.Optional.WebSearches.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\SupHpUISoft, Quarantined, [bcaad671b0da0b2bc8fed0038b78a759],
    PUP.Optional.TornTV.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\TornTv Downloader, Quarantined, [7fe76add92f82313a643764d7a8948b8],
    PUP.Optional.SProtector.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\APPDATALOW\SProtector, Quarantined, [3135c087c9c10135ee12df3aa560738d],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [bbabc681315962d46449b575fa0b2cd4],
    PUP.Optional.Babylon.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\BABSOLUTION\Updater, Quarantined, [83e3a7a0f39794a2313a001702038b75],
    PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, Quarantined, [c99d4afd8505ea4cd5438b7835cff40c],
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [aeb8cc7bdeac0f27b7f9837dcd3704fc],
    PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\INSTALLCORE\mysearchdial, Quarantined, [0a5c65e224666cca62cf87944fb6ce32],
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\INSTALLCORE, Quarantined, [135349fe1179f046701b061015f060a0],
    PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\SYSTWEAK\RegClean Pro, Quarantined, [4d19eb5ca6e446f08d99ba621beabe42],
    PUP.Optional.SecureWeb.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PrivoxyService, Quarantined, [6ef8182f8307b680841c6d33ad566898],
    PUP.Optional.SearchNewTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{52277627-029D-B628-0018-88DEBE87176F}, Quarantined, [03635ee94c3e9d994b577f74db2a59a7],
    PUP.Optional.SearchNewTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{52277627-029D-B628-0018-88DEBE87176F}, Quarantined, [03635ee94c3e9d994b577f74db2a59a7],
    PUP.Optional.SearchNewTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{52277627-029D-B628-0018-88DEBE87176F}, Quarantined, [03635ee94c3e9d994b577f74db2a59a7],
    PUP.Optional.SearchNewTab.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{52277627-029D-B628-0018-88DEBE87176F}, Quarantined, [03635ee94c3e9d994b577f74db2a59a7],
    PUP.Optional.SearchNewTab.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{52277627-029D-B628-0018-88DEBE87176F}, Quarantined, [03635ee94c3e9d994b577f74db2a59a7],
    PUP.Optional.SearchNewTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{973AEBF9-6677-0B1D-805B-461A6610469C}, Quarantined, [b2b426212e5c122421810ae9ff0645bb],
    PUP.Optional.SearchNewTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{973AEBF9-6677-0B1D-805B-461A6610469C}, Quarantined, [b2b426212e5c122421810ae9ff0645bb],
    PUP.Optional.SearchNewTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{973AEBF9-6677-0B1D-805B-461A6610469C}, Quarantined, [b2b426212e5c122421810ae9ff0645bb],
    PUP.Optional.SearchNewTab.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{973AEBF9-6677-0B1D-805B-461A6610469C}, Quarantined, [b2b426212e5c122421810ae9ff0645bb],
    PUP.Optional.SearchNewTab.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{973AEBF9-6677-0B1D-805B-461A6610469C}, Quarantined, [b2b426212e5c122421810ae9ff0645bb],
    PUP.Optional.SearchNewTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DFBE860F-A916-B5F6-D027-E353DA36659C}, Quarantined, [85e1e26513770630980ab53e12f30ef2],
    PUP.Optional.SearchNewTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DFBE860F-A916-B5F6-D027-E353DA36659C}, Quarantined, [85e1e26513770630980ab53e12f30ef2],
    PUP.Optional.SearchNewTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{DFBE860F-A916-B5F6-D027-E353DA36659C}, Quarantined, [85e1e26513770630980ab53e12f30ef2],
    PUP.Optional.SearchNewTab.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DFBE860F-A916-B5F6-D027-E353DA36659C}, Quarantined, [85e1e26513770630980ab53e12f30ef2],
    PUP.Optional.SearchNewTab.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DFBE860F-A916-B5F6-D027-E353DA36659C}, Quarantined, [85e1e26513770630980ab53e12f30ef2],

    Registry Values: 8
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{3004627E-F8E9-4E8B-909D-316753CBA923}, mysearchdial Toolbar, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7]
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [baacb097f5950b2be260332ae12245bb],
    PUP.Optional.BrowserProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|bProtectTabs, http://www.searchgol.com/?babsrc=HP_ss&mntrId=B8B9685D43D1A3C2&affID=120695&tsp=5023, Quarantined, [7cea5aed761488ae8cc7ba637e87728e]
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|xz123@ya456.com, C:\Program Files (x86)\BetterSurf\ff, Quarantined, [2e38f354e5a594a2e427cb14f11211ef]
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|12x3q@3244516.com, C:\Program Files (x86)\Better-Surf\ff, Quarantined, [c2a45ceb1e6c191dc6ae02356c9930d0]
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\INSTALLCORE|tb, 0A2O0R1R1H2Z1S1G0H1F, Quarantined, [135349fe1179f046701b061015f060a0]
    PUM.Bad.Proxy, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, Quarantined, [471f1c2b3159989eb4e59aa9ea1ba15f]
    PUP.Optional.NextLive.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NextLive, C:\Windows\SysWOW64\rundll32.exe "C:\Users\admin\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l, Quarantined, [aeb848ffed9db87ec37c996857ada759]
     
  13. Troubling

    Troubling TS Rookie Topic Starter Posts: 57

    Registry Data: 7
    PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}, Good: (www.google.com), Bad: (http://istart.webssearches.com/web/...),Replaced,[73f374d375155ed8cfc5cf16ab5af60a]
    PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://istart.webssearches.com/?type=hp&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD, Good: (www.google.com), Bad: (http://istart.webssearches.com/?typ...),Replaced,[93d30e398604eb4b9ff4a63f9d68a957]
    PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://istart.webssearches.com/?type=hp&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD, Good: (www.google.com), Bad: (http://istart.webssearches.com/?typ...),Replaced,[0a5c2522c6c4bd79c3d217ce3acbc33d]
    PUP.Optional.WebsSearches, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}, Good: (www.google.com), Bad: (http://istart.webssearches.com/web/...),Replaced,[075fff48bcce57df2b03af3455b01ee2]
    PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[9fc7bc8b7c0e1a1ce0925f9047be9967]
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://start.mysearchdial.com/?f=2&...FtCtAyBzytN1L1CzutCyD1B1P1R&cr=1042115618&ir=, Good: (www.google.com), Bad: (http://start.mysearchdial.com/?f=2&...),Replaced,[4a1c6cdb97f39a9ce1b91dc8bc4957a9]
    PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[bea82d1a32581620f87ace21679e37c9]

    Folders: 39
    PUP.Optional.SpeedTray.A, C:\Users\admin\AppData\Roaming\SpeedTray, Quarantined, [3333e067eb9fed49a79fd6d8966dfb05],
    PUP.Optional.GetPrivateVPN, C:\Program Files (x86)\GetPrivate, Quarantined, [97cfcd7a800aa492ac0bb01aca39ad53],
    PUP.Optional.SoftwareUpdater.A, C:\Users\admin\AppData\Local\SwvUpdater, Quarantined, [125481c67713e254534c5c7d8083718f],
    PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config, Quarantined, [0a5c87c0b0da2214e5689941a75c7d83],
    PUP.Optional.SearchNewTab, C:\ProgramData\SearchNewTab, Quarantined, [61055fe8e6a450e604983b36d72cbb45],
    PUP.Optional.FileScout.A, C:\Users\admin\AppData\Roaming\File Scout, Quarantined, [4125c1867416f93d705d422f9c6702fe],
    PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive, Quarantined, [60060f3807838da9cece7200ed169a66],
    PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update, Quarantined, [60060f3807838da9cece7200ed169a66],
    PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log, Quarantined, [60060f3807838da9cece7200ed169a66],
    PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDealsLive, Quarantined, [2a3c91b64d3d7db94857dd9550b3c838],
    PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDealsLive\CrashReports, Quarantined, [2a3c91b64d3d7db94857dd9550b3c838],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf, Delete-on-Reboot, [e97d89be8604bc7a6f913c3728dba55b],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ch, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ff, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ff\chrome, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ff\chrome\content, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ie, Delete-on-Reboot, [e97d89be8604bc7a6f913c3728dba55b],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf, Delete-on-Reboot, [6ef814334c3e35015ce991e20201946c],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ch, Quarantined, [6ef814334c3e35015ce991e20201946c],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ff, Quarantined, [6ef814334c3e35015ce991e20201946c],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ff\chrome, Quarantined, [6ef814334c3e35015ce991e20201946c],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ff\chrome\content, Quarantined, [6ef814334c3e35015ce991e20201946c],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ie, Delete-on-Reboot, [6ef814334c3e35015ce991e20201946c],
    PUP.Optional.MySearchDial.A, C:\Users\admin\AppData\LocalLow\mysearchdial, Quarantined, [5b0bfa4d0f7b64d20415fc799073a35d],
    PUP.Optional.MySearchDial.A, C:\Users\admin\AppData\LocalLow\mysearchdial\mysearchdial, Quarantined, [5b0bfa4d0f7b64d20415fc799073a35d],
    PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco, Quarantined, [4f17be890f7b979fac0e99de8b78718f],
    PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_0, Quarantined, [4f17be890f7b979fac0e99de8b78718f],
    PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_1, Quarantined, [4f17be890f7b979fac0e99de8b78718f],
    PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnlomafmkpiclmaaekkhpoecnclldmaa, Quarantined, [b8ae8eb915752c0a8ce9c0b99a69a35d],
    PUP.Optional.MySpeedDial.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff, Quarantined, [cc9a51f6eb9f15211e19bac47b88c43c],
    PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap, Quarantined, [1c4a37100c7e22143261a8d7b54e5ba5],
    PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_0, Quarantined, [1c4a37100c7e22143261a8d7b54e5ba5],
    PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_1, Quarantined, [1c4a37100c7e22143261a8d7b54e5ba5],
    PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Quarantined, [1c4a4dfa3f4bd5617d3395f1c83b659b],
    PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Quarantined, [1c4a4dfa3f4bd5617d3395f1c83b659b],
    PUP.Optional.TrustMediaViewer.A, C:\Program Files (x86)\TrustMediaViewerV1, Quarantined, [72f43b0c197192a4f302daaec73c1fe1],
    PUP.Optional.DSearchLink.A, C:\ProgramData\DSearchLink, Quarantined, [75f1d770c4c6f4421156e3b2b350649c],
    PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals, Quarantined, [f0767ec9c0ca37ffa44c118614ef02fe],
    PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web, Delete-on-Reboot, [6ef8182f8307b680841c6d33ad566898],

    Files: 123
    PUP.Optional.MultiPlug.A, C:\ProgramData\soaofEE saave\51cebe6178ebd.dll, Delete-on-Reboot, [d09660e7b2d872c4e3e11919ff02aa56],
    Adware.BetterSurf, C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll, Delete-on-Reboot, [86e04dfab2d816203cf945272cd57987],
    Adware.BetterSurf, C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll, Delete-on-Reboot, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
    PUP.Optional.MultiPlug.A, C:\ProgramData\BryOOwsee2ssavoe\515edbe4c903b.dll, Delete-on-Reboot, [6df9e56285055ed8d6ee3101b1506898],
    PUP.Optional.MultiPlug.A, C:\ProgramData\soaofEE saave\51cebdc3b8850.dll, Delete-on-Reboot, [baac0f38dbaff83ee3e11b1758a96e92],
    PUP.Optional.ELEX, C:\ProgramData\IePluginServices\PluginService.exe, Quarantined, [e77fbf8842481224bd3c6962c73a2ad6],
    PUP.Optional.BetterSurf.A, C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll, Delete-on-Reboot, [92d4cc7bccbeac8a0877ac785ca727d9],
    PUP.Optional.BetterSurf.A, C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll, Delete-on-Reboot, [73f37ec9662439fd57f78c9c0df6e31d],
    PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll, Delete-on-Reboot, [05613c0b6e1c84b280667ea2c83b05fb],
    PUP.Optional.MultiPlug.A, C:\ProgramData\Browosse2save\5160d8a4989f7.dll, Quarantined, [6501be89b8d24fe77d47a88a7b869868],
    PUP.Optional.SilentInstall.A, C:\ProgramData\BryOOwsee2ssavoe\uninstall.exe, Quarantined, [5b0b61e6d8b21e184b9f112354ad3ac6],
    PUP.Optional.Delta.A, C:\ProgramData\DSearchLink\DSearchLink.exe, Quarantined, [ed791a2d424826102ac9513bfd089967],
    PUP.Optional.MultiPlug.A, C:\ProgramData\saffe saoVe\51cec9c438ffb.dll, Quarantined, [baac4cfb9bef2511aa1a042e887947b9],
    PUP.Optional.SilentInstall.A, C:\ProgramData\soaofEE saave\uninstall.exe, Quarantined, [24422e197218979f30ba4ce83ec3b34d],
    Adware.Agent, C:\ProgramData\InstallMate\{BA9827F6-F1CE-466D-A486-B9EC617B0500}\Custom.dll, Quarantined, [a1c5fa4da2e8cf67d5121862bc45df21],
    Trojan.Downloader.YAC, C:\Users\admin\AppData\Roaming\WinZipper\update\zip_update_v1.5.90.exe, Quarantined, [bda9ac9ba5e5e0569d480a12b053df21],
    PUP.Optional.FileScout.A, C:\Users\admin\AppData\Roaming\File Scout\filescout.exe, Quarantined, [6df96addacde53e3a446af8418e901ff],
    FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E197.tmp, Quarantined, [3630b98edcae6bcb9aad33ff7b879d63],
    FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E198.tmp, Quarantined, [d3939cab1e6c082eb5924be7010160a0],
    FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E199.tmp, Quarantined, [145230176129f14564e3ff33eb1741bf],
    FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E19A.tmp, Quarantined, [80e6311699f183b35fe86bc7c042db25],
    FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E19B.tmp, Quarantined, [79ed2b1c890152e4ea5d69c9d52d8080],
    FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E19C.tmp, Quarantined, [d3934502ec9e4fe710371121c63c936d],
    FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E19D.tmp, Quarantined, [e97d56f1bad0eb4b3314c56d20e26f91],
    FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E1BD.tmp, Quarantined, [d3932b1cb2d8d165b98e8ba79171b848],
    FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E1BE.tmp, Quarantined, [14524106d5b53402ba8d270bb54d47b9],
    FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E1BF.tmp, Quarantined, [ce98a89f5436e254de69b2809e6404fc],
    FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E1D6.tmp, Quarantined, [baacb790ccbe86b00a3d3cf613ef8d73],
    Trojan.Agent, C:\Users\Temp\tuyen_tap_hai_2008.exe, Quarantined, [3a2cc0873f4b122490d0bf10d72942be],
    PUP.Optional.Amonetize, C:\Users\admin\AppData\Local\SwvUpdater\Updater.exe, Quarantined, [442243045c2e9a9cc91c85ccee138e72],
    Trojan.Agent, C:\Windows\system\lsass.exe, Quarantined, [c2a456f1adddae88006017b852ae639d],
    PUP.Optional.SpeedTray.A, C:\Users\admin\AppData\Roaming\SpeedTray\speedtray.exe, Quarantined, [3333e067eb9fed49a79fd6d8966dfb05],
    PUP.Optional.SpeedTray.A, C:\Users\admin\AppData\Roaming\SpeedTray\speedtray.exe.16545, Quarantined, [3333e067eb9fed49a79fd6d8966dfb05],
    PUP.Optional.WebsSearches.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal, Quarantined, [81e567e01674f93d7fcebefc020123dd],
    PUP.Optional.WebsSearches.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.webssearches.com_0.localstorage-journal, Quarantined, [f37383c4abdfb18528250eacbd46936d],
    PUP.Optional.SecureWeb.A, C:\Windows\System32\Tasks\Jelbrus Secure Web Task, Quarantined, [3e28380f24663cfa839fccf545bee41c],
    PUP.Optional.GetPrivateVPN, C:\Program Files (x86)\GetPrivate\tasks.dll, Quarantined, [97cfcd7a800aa492ac0bb01aca39ad53],
    PUP.Optional.GetPrivateVPN, C:\Program Files (x86)\GetPrivate\gpup.exe, Quarantined, [97cfcd7a800aa492ac0bb01aca39ad53],
    PUP.Optional.GetPrivateVPN, C:\Windows\System32\Tasks\GPUP, Quarantined, [f86e093ebcce162051678842946f1ce4],
    PUP.Optional.InstallD.A, C:\Windows\SysWOW64\installd.exe, Quarantined, [86e0d770e5a5f3437bda4790bb485ca4],
    PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{2be54678-5f85-4937-975c-484112311e65}Gw64.sys, Quarantined, [9acc1a2df09ae74f83634f8822e13bc5],
    PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{3c3ae2b4-4a36-40c4-a356-ffc1820b7ece}Gw64.sys, Quarantined, [12545fe8e5a5c47252945e7928db7c84],
    PUP.Optional.SoftwareUpdater.A, C:\Users\admin\AppData\Local\SwvUpdater\Updater.xml, Quarantined, [125481c67713e254534c5c7d8083718f],
    PUP.Optional.SoftwareUpdater.A, C:\Users\admin\AppData\Local\SwvUpdater\status.cfg, Quarantined, [125481c67713e254534c5c7d8083718f],
    PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\ver.xml, Quarantined, [0a5c87c0b0da2214e5689941a75c7d83],
    PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\uninstinethnfd.exe, Quarantined, [0a5c87c0b0da2214e5689941a75c7d83],
    PUP.Optional.BProtector.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data, Quarantined, [35311c2b474368ce2a85cb4e91745ca4],
    PUP.Optional.BProtector.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences, Quarantined, [70f6a4a3deacf244545c9b7eba4bd52b],
    PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{0b3befeb-e7d9-4648-a054-011aee951126}w64.sys, Quarantined, [15511b2cc7c333038e7862d452b3768a],
    PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{17d7b7ef-d2d8-45f1-a2f2-2dea72852c07}w64.sys, Quarantined, [8cda9fa82268c96de2249a9ced18c23e],
    PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{1bcac693-c506-4a13-8921-e885a8cb1d13}w64.sys, Quarantined, [d88eae991278a492bd494de930d521df],
    PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{3f837d36-3981-45f1-9497-67565ae84508}w64.sys, Quarantined, [531377d07d0d5dd96d99fd3916eff709],
    PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{702bbd8f-e6dd-42a8-a995-6b431927d55e}w64.sys, Quarantined, [1452a89ffd8d59dd25e16dc928dd18e8],
    PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{95e63078-c8de-4514-94f6-859d098ae58c}w64.sys, Quarantined, [a8bea7a0137788aeab5b4fe76c99a060],
    PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{a524bf90-f804-4c41-b422-cc15288e85ca}w64.sys, Quarantined, [75f10a3dcbbff4429274013507fe748c],
    PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{a60ec2d2-55d8-408b-9b84-24e0bd56daf6}w64.sys, Quarantined, [b5b1e4636d1ddc5a7492bc7a8283c838],
    PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{c4a7b09f-59a5-4aec-aa79-4922d6416b82}w64.sys, Quarantined, [0d598eb957333600d53152e4fa0b916f],
    PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{cfcde8f5-41ca-4db2-b65e-84981eec55ca}w64.sys, Quarantined, [d88ecd7a355511253accb482bc49e31d],
    PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{e189778b-c832-454e-b504-3be6620f674d}w64.sys, Quarantined, [9fc784c32367a393ef17ea4c32d3b44c],
    PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{e3ccc45b-550f-41ef-9f66-bf8e591166fe}w64.sys, Quarantined, [7ee866e1880237ff33d37abcf213867a],
    PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{f40be314-6146-47fc-bd32-c76c91cbfb49}w64.sys, Quarantined, [2e381c2b54367db9e6200c2aed18bd43],
    PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{fedcd8ab-e575-437f-b8ab-0f7bb23dd158}w64.sys, Quarantined, [0b5b4502ef9bb58148bec76f26df18e8],
    PUP.Optional.FileScout.A, C:\Users\admin\AppData\Roaming\File Scout\uninst.exe, Quarantined, [4125c1867416f93d705d422f9c6702fe],
    PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log, Quarantined, [60060f3807838da9cece7200ed169a66],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ch\Chrome.crx, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ff\BetterSurf.xpi, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ff\build.cmd, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ff\chrome.manifest, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ff\install.rdf, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ff\chrome\content\firefox.js, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ff\chrome\content\inject.js, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ff\chrome\content\overlay.xul, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ch\Chrome.crx, Quarantined, [6ef814334c3e35015ce991e20201946c],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ff\Better-Surf.xpi, Quarantined, [6ef814334c3e35015ce991e20201946c],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ff\build.cmd, Quarantined, [6ef814334c3e35015ce991e20201946c],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ff\chrome.manifest, Quarantined, [6ef814334c3e35015ce991e20201946c],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ff\install.rdf, Quarantined, [6ef814334c3e35015ce991e20201946c],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ff\chrome\content\better-surf.js, Quarantined, [6ef814334c3e35015ce991e20201946c],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ff\chrome\content\firefox.js, Quarantined, [6ef814334c3e35015ce991e20201946c],
    PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ff\chrome\content\overlay.xul, Quarantined, [6ef814334c3e35015ce991e20201946c],
    PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_0\BetterSrf.js, Quarantined, [4f17be890f7b979fac0e99de8b78718f],
    PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_0\icon.ico, Quarantined, [4f17be890f7b979fac0e99de8b78718f],
    PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_0\manifest.json, Quarantined, [4f17be890f7b979fac0e99de8b78718f],
    PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_1\BetterSrf.js, Quarantined, [4f17be890f7b979fac0e99de8b78718f],
    PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_1\icon.ico, Quarantined, [4f17be890f7b979fac0e99de8b78718f],
    PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_1\manifest.json, Quarantined, [4f17be890f7b979fac0e99de8b78718f],
    PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnlomafmkpiclmaaekkhpoecnclldmaa\000506.ldb, Quarantined, [b8ae8eb915752c0a8ce9c0b99a69a35d],
    PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnlomafmkpiclmaaekkhpoecnclldmaa\000517.ldb, Quarantined, [b8ae8eb915752c0a8ce9c0b99a69a35d],
    PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnlomafmkpiclmaaekkhpoecnclldmaa\000527.ldb, Quarantined, [b8ae8eb915752c0a8ce9c0b99a69a35d],
    PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnlomafmkpiclmaaekkhpoecnclldmaa\000528.log, Quarantined, [b8ae8eb915752c0a8ce9c0b99a69a35d],
    PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnlomafmkpiclmaaekkhpoecnclldmaa\CURRENT, Quarantined, [b8ae8eb915752c0a8ce9c0b99a69a35d],
    PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnlomafmkpiclmaaekkhpoecnclldmaa\LOCK, Quarantined, [b8ae8eb915752c0a8ce9c0b99a69a35d],
    PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnlomafmkpiclmaaekkhpoecnclldmaa\LOG, Quarantined, [b8ae8eb915752c0a8ce9c0b99a69a35d],
    PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnlomafmkpiclmaaekkhpoecnclldmaa\LOG.old, Quarantined, [b8ae8eb915752c0a8ce9c0b99a69a35d],
    PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnlomafmkpiclmaaekkhpoecnclldmaa\MANIFEST-000526, Quarantined, [b8ae8eb915752c0a8ce9c0b99a69a35d],
    PUP.Optional.MySpeedDial.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000030.log, Quarantined, [cc9a51f6eb9f15211e19bac47b88c43c],
    PUP.Optional.MySpeedDial.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000031.ldb, Quarantined, [cc9a51f6eb9f15211e19bac47b88c43c],
    PUP.Optional.MySpeedDial.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\CURRENT, Quarantined, [cc9a51f6eb9f15211e19bac47b88c43c],
    PUP.Optional.MySpeedDial.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOCK, Quarantined, [cc9a51f6eb9f15211e19bac47b88c43c],
    PUP.Optional.MySpeedDial.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOG, Quarantined, [cc9a51f6eb9f15211e19bac47b88c43c],
    PUP.Optional.MySpeedDial.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOG.old, Quarantined, [cc9a51f6eb9f15211e19bac47b88c43c],
    PUP.Optional.MySpeedDial.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\MANIFEST-000028, Quarantined, [cc9a51f6eb9f15211e19bac47b88c43c],
    PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_0\icon.ico, Quarantined, [1c4a37100c7e22143261a8d7b54e5ba5],
    PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_0\inject.js, Quarantined, [1c4a37100c7e22143261a8d7b54e5ba5],
    PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_0\manifest.json, Quarantined, [1c4a37100c7e22143261a8d7b54e5ba5],
    PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_1\icon.ico, Quarantined, [1c4a37100c7e22143261a8d7b54e5ba5],
    PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_1\inject.js, Quarantined, [1c4a37100c7e22143261a8d7b54e5ba5],
    PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_1\manifest.json, Quarantined, [1c4a37100c7e22143261a8d7b54e5ba5],
    PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, Quarantined, [1c4a4dfa3f4bd5617d3395f1c83b659b],
    PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals\uninst.exe, Quarantined, [f0767ec9c0ca37ffa44c118614ef02fe],
    PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\config.txt, Quarantined, [6ef8182f8307b680841c6d33ad566898],
    PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\default.action, Quarantined, [6ef8182f8307b680841c6d33ad566898],
    PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\default.filter, Quarantined, [6ef8182f8307b680841c6d33ad566898],
    PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\jswchromium.exe, Quarantined, [6ef8182f8307b680841c6d33ad566898],
    PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\jswchromium64.exe, Quarantined, [6ef8182f8307b680841c6d33ad566898],
    PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\jsweb.dll, Quarantined, [6ef8182f8307b680841c6d33ad566898],
    PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\jsweb64.dll, Quarantined, [6ef8182f8307b680841c6d33ad566898],
    PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\jswff.exe, Quarantined, [6ef8182f8307b680841c6d33ad566898],
    PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe, Quarantined, [6ef8182f8307b680841c6d33ad566898],
    PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\mgwz.dll, Quarantined, [6ef8182f8307b680841c6d33ad566898],
    PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe, Delete-on-Reboot, [6ef8182f8307b680841c6d33ad566898],
    PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\privoxy.log, Delete-on-Reboot, [6ef8182f8307b680841c6d33ad566898],
    PUP.Optional.Delta.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences, Good: (), Bad: ( "homepage": "http://www1.delta-search.com/?babsrc=HP_ss&mntrId=B8B9685D43D1A3C2&affID=121631&tsp=4949",), Replaced,[e87eaa9d0486211512cfe845e224f30d]

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  14. Troubling

    Troubling TS Rookie Topic Starter Posts: 57

    I am currently have virus on my computer at the same time , troubling . Some game aren't running , the library rld.dll was not found cause the antivirus software is false detecting the file or something .
     
  15. Troubling

    Troubling TS Rookie Topic Starter Posts: 57

    Oh I excluded the folder so the game runs now , thanks . I have some strange folder that name recycle bin that appear on so many disk drive thats look like a hidden folder , is that the virus doing or your software ?
     

    Attached Files:

    Last edited: Mar 20, 2015
  16. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    We'll see...

    You didn't say how you did with step 1 from my previous reply (uninstalling bunch of malicious programs.
     
  17. Troubling

    Troubling TS Rookie Topic Starter Posts: 57

    I did uninstall all of them , but they were there most of the time and really did nothing on my computer . Now the virus slow all of my program like some other thread in the forum . Should I install avast protection to clear this ? Doing it right now anyway
     
    Last edited: Mar 22, 2015
  18. Troubling

    Troubling TS Rookie Topic Starter Posts: 57

    So I run avast and even though it took so long to boot everything is running normally now . No more random sound too .
     
  19. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Good news :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  20. Troubling

    Troubling TS Rookie Topic Starter Posts: 57

    Although my computer look fine but it took quite a while to run something or to fully boot up . Is there anything I can do with that ? It's wasn't like that before so I think its virus or something but not so sure .
     
  21. Troubling

    Troubling TS Rookie Topic Starter Posts: 57

    I already run combofix but can't find the txt ?
     
  22. Troubling

    Troubling TS Rookie Topic Starter Posts: 57

    I uninstall malware byte and avast and everything run fast again

    ComboFix 15-03-23.01 - admin 23/03/2015 19:49:44.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1258.84.1033.18.3998.2297 [GMT 7:00]
    Running from: c:\users\admin\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab
    c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\SearchNewTab.lnk
    c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\Uninstall.lnk
    c:\programdata\Roaming
    c:\users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Dolphin Deals_iels
    c:\users\admin\AppData\Local\ws_updater.exe
    c:\users\admin\AppData\Roaming\Microsoft\Windows\Recent\[Alo8] Box Pokémon Game.url
    c:\users\admin\Media
    c:\users\admin\Media\videos\AMD_Logo_movie.wmv
    c:\users\admin\Media\videos\Darksiders_Intro_CG_1280x720.wmv
    c:\windows\apppatch\AppLoc.exe
    c:\windows\SysWow64\drivers\SysLib5.sys
    c:\windows\SysWow64\drivers\SysLib6.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NETHFDRV
    -------\Service_BkavAuto
    -------\Service_SysLib
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-02-23 to 2015-03-23 )))))))))))))))))))))))))))))))
    .
    .
    2015-03-23 13:07 . 2015-03-23 13:07 -------- d-----w- c:\users\MSSQL$HUY\AppData\Local\temp
    2015-03-23 13:07 . 2015-03-23 13:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-03-22 05:44 . 2015-03-22 06:25 -------- d-----w- c:\users\admin\AppData\Roaming\Dropbox
    2015-03-22 05:30 . 2015-03-22 05:30 -------- d-----w- c:\users\admin\AppData\Roaming\AVAST Software
    2015-03-22 05:24 . 2015-03-22 05:37 -------- d-----w- c:\windows\SysWow64\vbox
    2015-03-22 05:24 . 2015-03-22 05:37 -------- d-----w- c:\windows\system32\vbox
    2015-03-22 05:22 . 2015-03-22 05:22 268640 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2015-03-22 05:22 . 2015-03-22 05:22 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2015-03-22 05:22 . 2015-03-22 05:22 441728 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2015-03-22 05:22 . 2015-03-22 05:22 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2015-03-22 05:22 . 2015-03-22 05:22 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2015-03-22 05:22 . 2015-03-22 05:21 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2015-03-22 05:22 . 2015-03-22 05:21 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2015-03-22 05:22 . 2015-03-22 05:21 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2015-03-22 05:22 . 2015-03-22 05:21 364472 ----a-w- c:\windows\system32\aswBoot.exe
    2015-03-22 05:21 . 2015-03-22 05:21 43112 ----a-w- c:\windows\avastSS.scr
    2015-03-22 05:20 . 2015-03-22 05:20 -------- d-----w- c:\program files\AVAST Software
    2015-03-22 05:16 . 2015-03-22 05:16 -------- d-----w- c:\programdata\AVAST Software
    2015-03-22 05:16 . 2015-03-22 05:16 441728 ----a-w- c:\windows\system32\drivers\wqjbnkgz.sys
    2015-03-20 14:52 . 2015-03-20 15:38 -------- d-----w- c:\users\admin\AppData\Roaming\BitTorrent
    2015-03-20 03:36 . 2015-03-20 03:38 -------- d-----w- C:\AdwCleaner
    2015-03-20 02:55 . 2015-03-23 12:47 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-03-20 02:54 . 2015-03-20 02:54 -------- d-----w- c:\programdata\Malwarebytes
    2015-03-20 02:54 . 2015-03-16 23:15 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-03-20 02:54 . 2015-03-16 23:15 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-03-20 02:54 . 2015-03-16 23:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-03-20 02:41 . 2015-03-20 02:41 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-03-20 02:41 . 2015-03-20 02:57 -------- d-----w- c:\programdata\RogueKiller
    2015-03-20 02:20 . 2015-03-20 02:20 0 ----a-w- c:\windows\SysWow64\link.sys
    2015-03-20 02:11 . 2015-03-20 02:11 -------- d-----w- c:\users\admin\AppData\Roaming\Bkav2009
    2015-03-20 02:08 . 2015-03-20 03:25 -------- d-----w- c:\users\Temp
    2015-03-19 03:33 . 2015-03-19 03:35 -------- d-----w- C:\FRST
    2015-03-16 10:01 . 2015-03-16 10:01 -------- d-----w- c:\program files (x86)\Realtek
    2015-03-16 10:01 . 2010-05-07 02:42 245280 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
    2015-03-16 10:01 . 2015-03-16 10:01 -------- d-----w- C:\DRIVERS
    2015-03-13 12:07 . 2014-11-14 14:15 23752 ----a-w- c:\windows\SysWow64\drivers\efimon.sys
    2015-03-13 12:05 . 2015-03-13 12:05 -------- d-sh--w- c:\programdata\360Quarant
    2015-03-12 11:00 . 2015-03-14 14:11 -------- d-----w- c:\programdata\PopCap Games
    2015-03-12 10:56 . 2015-03-14 14:10 -------- d-----w- c:\program files (x86)\Opera
    2015-03-12 10:56 . 2015-03-13 15:51 -------- d-----w- c:\program files (x86)\360
    2015-03-12 02:42 . 2015-03-12 02:42 -------- d-----w- c:\users\admin\AppData\Roaming\JAM Software
    2015-03-08 11:16 . 2015-03-08 11:16 -------- d-----w- c:\users\admin\AppData\Roaming\Tencent
    2015-03-06 03:17 . 2015-03-06 03:17 -------- d-----w- c:\programdata\Microsoft Visual Studio
    2015-03-06 02:41 . 2015-03-06 02:41 2562208 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
    2015-03-06 02:36 . 2015-03-06 02:36 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2015-03-06 02:34 . 2015-03-06 02:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2015-03-06 02:34 . 2015-03-06 02:34 -------- d-----w- c:\program files\Application Verifier
    2015-03-06 02:34 . 2015-03-06 02:34 -------- d-----w- c:\program files (x86)\Application Verifier
    2015-03-06 02:34 . 2015-03-06 02:34 -------- d-----w- c:\programdata\Windows App Certification Kit
    2015-03-06 02:33 . 2015-03-06 02:33 -------- d-----w- c:\program files (x86)\Common Files\Microsoft
    2015-03-06 02:32 . 2015-03-06 02:32 -------- d-----w- c:\programdata\PreEmptive Solutions
    2015-03-06 02:30 . 2015-03-06 02:31 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
    2015-03-06 02:30 . 2015-03-06 02:30 -------- d-----w- c:\program files (x86)\Microsoft Web Tools
    2015-03-06 02:30 . 2015-03-06 02:30 -------- d-----w- c:\program files\Microsoft
    2015-03-06 02:29 . 2015-03-06 02:29 -------- d-----w- c:\program files\IIS Express
    2015-03-06 02:29 . 2015-03-06 02:29 -------- d-----w- c:\program files (x86)\IIS Express
    2015-03-06 02:29 . 2015-03-06 02:29 -------- d-----w- c:\program files (x86)\NuGet
    2015-03-06 02:28 . 2015-03-06 02:28 -------- d-----w- c:\program files (x86)\Microsoft WCF Data Services
    2015-03-06 02:28 . 2015-03-06 02:28 -------- d-----w- c:\program files\IIS
    2015-03-06 02:28 . 2015-03-06 02:28 -------- d-----w- c:\program files (x86)\IIS
    2015-03-06 02:26 . 2015-03-06 02:26 -------- d-----w- c:\program files (x86)\Windows Kits
    2015-03-06 02:20 . 2015-03-06 02:20 -------- d-----w- c:\program files (x86)\HTML Help Workshop
    2015-03-06 02:20 . 2015-03-06 02:20 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer
    2015-03-06 02:12 . 2015-03-06 02:12 -------- d-----w- c:\windows\symbols
    2015-03-06 02:12 . 2015-03-06 02:12 -------- d-----w- c:\program files\Microsoft Visual Studio 11.0
    2015-03-06 02:08 . 2015-03-06 02:08 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-03-19 15:38 . 2014-08-17 15:38 70144 ----a-w- c:\windows\SysWow64\tasks.dll
    2015-03-06 02:37 . 2014-10-08 02:26 84448 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2015-02-15 15:40 . 2015-02-06 15:42 239104 ----a-w- c:\windows\mlwps.exe
    2015-02-02 12:15 . 2009-08-18 05:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2015-02-02 12:13 . 2009-08-18 04:24 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-11-07 01:41 2169856 --sha-w- c:\windows\System32\hale.exe
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [-] 2012-11-07 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
    .
    [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
    [-] 2012-11-07 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UniKey"="c:\unikey 4.0 rc2 win64\UniKeyNT.exe" [2009-11-01 316928]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-24 6595928]
    "GarenaPlus"="d:\games\LienMinhHuyenThoai\GameData\GarenaMessenger.exe" [2015-01-20 9981528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "YouCam Service"="d:\duy\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe" [2011-09-09 247016]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-10-16 291648]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-04 343168]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "BkavHome"="c:\program files (x86)\BkavHome\BkavHome.exe" [2015-01-14 2435584]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-22 5511352]
    .
    c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-3-29 227712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Canon LBP3000 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB3LAD.EXE [2014-11-30 60384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    R1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV64.sys;c:\windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x]
    R1 SysLib0;SysLib0;c:\windows\System32\Drivers\SysLib0.sys;c:\windows\SYSNATIVE\Drivers\SysLib0.sys [x]
    R1 SysLib1;SysLib1;c:\windows\System32\Drivers\SysLib1.sys;c:\windows\SYSNATIVE\Drivers\SysLib1.sys [x]
    R1 SysLib2;SysLib2;c:\windows\System32\Drivers\SysLib2.sys;c:\windows\SYSNATIVE\Drivers\SysLib2.sys [x]
    R1 SysLib3;SysLib3;c:\windows\System32\Drivers\SysLib3.sys;c:\windows\SYSNATIVE\Drivers\SysLib3.sys [x]
    R1 SysLib4;SysLib4;c:\windows\System32\Drivers\SysLib4.sys;c:\windows\SYSNATIVE\Drivers\SysLib4.sys [x]
    R1 SysLib5;SysLib5;c:\windows\System32\Drivers\SysLib5.sys;c:\windows\SYSNATIVE\Drivers\SysLib5.sys [x]
    R1 SysLib6;SysLib6;c:\windows\System32\Drivers\SysLib6.sys;c:\windows\SYSNATIVE\Drivers\SysLib6.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service; [x]
    R2 MBAMScheduler;MBAMScheduler;e:\huy\Malwarebytes Anti-Malware\mbamscheduler.exe;e:\huy\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    R2 MBAMService;MBAMService;e:\huy\Malwarebytes Anti-Malware\mbamservice.exe;e:\huy\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 MSSQL$HUY;SQL Server (HUY);e:\huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\sqlservr.exe;e:\huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\sqlservr.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
    R3 cxasbt;cxasbt;d:\duy\GAMES\AvatarStarVN\avital\cxbtf64.sys;d:\duy\GAMES\AvatarStarVN\avital\cxbtf64.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 GGSAFERDriver;GGSAFER Driver;d:\games\LienMinhHuyenThoai\GameData\Room\safedrv.sys;d:\games\LienMinhHuyenThoai\GameData\Room\safedrv.sys [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 Ndisrd;WinpkFilter Service;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
    R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    R4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
    R4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
    R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R4 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0200.sys [x]
    R4 SQLAgent$HUY;SQL Server Agent (HUY);e:\huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\SQLAGENT.EXE;e:\huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\SQLAGENT.EXE [x]
    R4 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
    R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    R4 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
    S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    S2 BkavHomeUpdateService;BkavHomeUpdateService;c:\program files (x86)\BkavHome\BkavHomeUpdateService.exe;c:\program files (x86)\BkavHome\BkavHomeUpdateService.exe [x]
    S2 BkavService;BkavService;c:\windows\system32\BkavService.exe;c:\windows\SYSNATIVE\BkavService.exe [x]
    S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
    S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-03-20 09:19 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
    .
     
  23. Troubling

    Troubling TS Rookie Topic Starter Posts: 57

    Contents of the 'Scheduled Tasks' folder
    .
    2015-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-09 10:48]
    .
    2015-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-14 02:13]
    .
    2015-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-14 02:13]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 185824 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 185824 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 185824 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 185824 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 185824 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 185824 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 185824 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 185824 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2015-03-22 05:21 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2015-02-19 07:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2015-02-19 07:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2015-02-19 07:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2015-02-19 07:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2015-02-19 07:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
    "Chew7Hale"="c:\windows\System32\hale.exe" [2012-11-07 2169856]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = 00
    mDefault_Search_URL = 00
    mDefault_Page_URL = 00
    mStart Page = 00
    mSearch Page = 00
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D0ED8A5C-3945-4A08-9E15-4394A60F2552}: NameServer = 208.67.222.222,208.67.220.220
    TCP: Interfaces\{D0ED8A5C-3945-4A08-9E15-4394A60F2552}\155716E67602849656E6: NameServer = 208.67.222.222,208.67.220.220
    TCP: Interfaces\{D0ED8A5C-3945-4A08-9E15-4394A60F2552}\175716E676869656E613: NameServer = 208.67.222.222,208.67.220.220
    Handler: bksa - {AFBCA127-FD48-4FF5-B523-0E0DB4B8C295} - c:\program files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Eusing Free Registry Cleaner - e:\huy\Ze\EUSING~1\UNWISE.EXE
    AddRemove-Guitar Pro 5_is1 - d:\duy\UNG DUNG\Guitar Pro 5\unins000.exe
    AddRemove-Mozilla Firefox 25.0 (x86 en-US) - c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
    AddRemove-Teenage Mutant Ninja Turtles: Out of the Shadows_is1 - d:\games\Teenage_Mutant_Ninja_Turtles_Out_of_the_Shadows-FLT\TMNT-OotS\unins000.exe
    AddRemove-The Witcher 2 - Assassins of Kings Enhanced Edition_is1 - d:\games\New folder\The Witcher 2 Enhanced Edition\unins000.exe
    AddRemove-VirtuallTek Fighter Factory Classic_is1 - e:\huy\Mugen\FF\Fighter Factory Classic\unins000.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\BkavService.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    d:\games\LienMinhHuyenThoai\GameData\ggdllhost.exe
    .
    **************************************************************************
    .
    Completion time: 2015-03-23 20:34:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2015-03-23 13:34
    .
    Pre-Run: 10.078.175.232 bytes free
    Post-Run: 13.018.177.536 bytes free
    .
    - - End Of File - - 6D1CAB53C12802B339FE4EF6D104D2A5
    A36C5E4F47E84449FF07ED3517B43A31
     
  24. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Your computer is still infected.

    Re-read my rules I posted in my first reply, especially:
    Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    You can't be running computer without any AV program. Reinstall Avast.

    Next....

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\drivers\wqjbnkgz.sys
    c:\windows\SysWow64\tasks.dll
    c:\windows\System32\hale.exe
    
    Folder::
    
    Driver::
    wqjbnkgz
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Chew7Hale"=-
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  25. Troubling

    Troubling TS Rookie Topic Starter Posts: 57

    Well I don't know about your computer but my run extremely slow when avast is there . Basically I took more than 10 min to type just this much if it were there and that definitely not helping me . I'll reinstall and test it again to see if its still slow me down but if its does there's nothing I can do about it , its my computer spec that cause its and not the virus .
     
    Last edited: Mar 26, 2015

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...