Solved Browser hijacker

[Troubling]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015
Ran by admin (administrator) on ADMIN-PC (05-09-2015 11:17:40)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin & MSSQL$HUY & (Available Profiles: admin & MSSQL$HUY)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(CANON INC.) C:\Windows\System32\CNAB3RPD.EXE
() D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) D:\DUY\UNG DUNG\avast\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) E:\Huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) D:\DUY\UNG DUNG\Game Booster\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe
() D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Update\1.3.39.17\CocCocCrashHandler.exe
(CyberLink Corp.) D:\DUY\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
() D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\BBTalk.exe
(Malwarebytes Corporation) D:\DUY\UNG DUNG\avast\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Solid State Networks) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\lol.exe
() D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\Air\LolClient.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2057000 2010-02-18] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [YouCam Service] => D:\DUY\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-10-16] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [UniKey] => C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe [316928 2009-11-02] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [GarenaPlus] => D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe [10016704 2015-09-03] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [RGSC] => D:\DUY\GAMES\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [CocCoc Update] => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [140488 2015-07-14] (Coc Coc Co., Ltd.)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [UniKey] => C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe [316928 2009-11-02] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarenaPlus] => D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe [10016704 2015-09-03] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RGSC] => D:\DUY\GAMES\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CocCoc Update] => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [140488 2015-07-14] (Coc Coc Co., Ltd.)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-11-14]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP3000 Status Window.lnk [2014-11-30]
ShortcutTarget: Canon LBP3000 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB3LAD.EXE (CANON INC.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D0ED8A5C-3945-4A08-9E15-4394A60F2552}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130850202647942019&GUID=976E6C5F-4404-4638-A704-8719CAF19D3D
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=vi-VN&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fvn.search.yahoo.com%2F%3Ffr%3Dhp%2Dddc%2Dbd%26type%3Dpr%2Dbir%2Ddg%5F%5Falt%5F%5Fddc%5Fdsssyc%5Fbd%5Fcom&OSP=http%3A%2F%2Fvn.search.yahoo.com%2Fyhs%2Fsearch%3Fhspart%3Dddc%26hsimp%3Dyhs%2Dddc%5Fbd%26type%3Dpr%2Dbir%2Ddg%5F%5Falt%5F%5Fddc%5Fdss%5Fbd%5Fcom%26p%3D%7BsearchTerms%7D
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130850202647942019&GUID=976E6C5F-4404-4638-A704-8719CAF19D3D
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=vi-VN&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fvn.search.yahoo.com%2F%3Ffr%3Dhp%2Dddc%2Dbd%26type%3Dpr%2Dbir%2Ddg%5F%5Falt%5F%5Fddc%5Fdsssyc%5Fbd%5Fcom&OSP=http%3A%2F%2Fvn.search.yahoo.com%2Fyhs%2Fsearch%3Fhspart%3Dddc%26hsimp%3Dyhs%2Dddc%5Fbd%26type%3Dpr%2Dbir%2Ddg%5F%5Falt%5F%5Fddc%5Fdss%5Fbd%5Fcom%26p%3D%7BsearchTerms%7D
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-3669532553-1905751560-421692475-2796484278-3223018999 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-80-3669532553-1905751560-421692475-2796484278-3223018999-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: bksa - {AFBCA127-FD48-4FF5-B523-0E0DB4B8C295} - C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27] (Skype Technologies S.A.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll [2012-11-09] ()
FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\Windows\system32\npDeployJava1.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll [2012-11-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: bkav.com.vn/BkavSiteAdvisorPlugin -> C:\Program Files (x86)\BkavHome\npBkavSiteAdvisorPlugin.dll No File
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: bkav.com.vn/BkavSiteAdvisorPlugin -> C:\Program Files (x86)\BkavHome\npBkavSiteAdvisorPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [bkavsiteadvisor@bkav.com.vn] - C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox

 

[Troubling]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (NAVER Vietnam Toolbar for Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfgmhilhjkklfkcopoogicgkbpnocdoe [2015-04-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-09-27]
CHR HKLM-x32\...\Chrome\Extension: [mfgmhilhjkklfkcopoogicgkbpnocdoe] - C:\Program Files (x86)\Naver\NaverChromeToolbar\naver_chrome_toolbar_vn_win.crx [2012-09-05]
CHR HKLM-x32\...\Chrome\Extension: [pcnancbdijenfaameanloddnkbjhfaal] - C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavChrSiteAdvisor.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-07-25] (Macrovision Europe Ltd.) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-21] (Intel Corporation)
R2 MBAMScheduler; D:\DUY\UNG DUNG\avast\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; D:\DUY\UNG DUNG\avast\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 MSSQL$HUY; E:\Huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-03-11] ()
R2 RzKLService; D:\DUY\UNG DUNG\Game Booster\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2012-11-07] (Microsoft Corporation) [File not signed]
S4 SQLAgent$HUY; E:\Huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
S2 381a0ef7; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\RelaySoft\RelaySoft.dll",serv
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 GGSAFERDriver; D:\GAMES\LienMinhHuyenThoai\GameData\Room\safedrv.sys [27744 2015-07-30] ()
R1 ISODrive; D:\DUY\UNG DUNG\UltraISO\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R1 MpKsl66d1e02e; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2ECB8A09-3BB4-4EB0-BB1A-81DCC9C5913C}\MpKsl66d1e02e.sys [44928 2015-09-05] (Microsoft Corporation)
R1 MpKsld734a67e; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2ECB8A09-3BB4-4EB0-BB1A-81DCC9C5913C}\MpKsld734a67e.sys [44928 2015-09-05] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-03-11] (Razer, Inc.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-10-25] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-20] ()
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-10-11] (Oracle Corporation)
S3 VSPerfDrv110; E:\Huy\Window\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-05 11:17 - 2015-09-05 11:20 - 00022408 _____ C:\Users\admin\Desktop\FRST.txt
2015-09-05 11:17 - 2015-09-05 11:17 - 00000000 ____D C:\FRST
2015-09-05 11:15 - 2015-09-05 11:15 - 02188800 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2015-09-05 09:25 - 2015-09-05 11:02 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-05 09:25 - 2015-06-18 09:27 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-05 09:25 - 2015-06-18 09:27 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-05 09:25 - 2015-06-18 09:27 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-04 21:44 - 2015-09-04 21:44 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-04 21:09 - 2015-09-04 21:09 - 03459152 ____N (AVAST Software) C:\Users\Public\Documents\aswOfferTool.exe
2015-09-04 20:25 - 2015-09-05 10:55 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2015-09-04 20:13 - 2015-09-05 10:55 - 00000000 ____D C:\Users\admin\AppData\Roaming\Elex-tech
2015-09-02 12:57 - 2015-09-02 12:57 - 00000000 ____D C:\Users\admin\Documents\BNE
2015-08-24 17:14 - 2015-08-26 06:52 - 00000000 ____D C:\Program Files (x86)\SegmentSegment
2015-08-20 07:47 - 2015-08-24 17:14 - 00000000 ____D C:\ProgramData\eedcf1fe00000d81
2015-08-20 07:47 - 2015-08-24 17:13 - 00000000 ____D C:\ProgramData\883f6f9a0000536a
2015-08-20 07:46 - 2015-08-24 17:13 - 00000000 ____D C:\ProgramData\f407040a00007121
2015-08-20 07:24 - 2015-08-26 06:52 - 00000000 ____D C:\Program Files (x86)\CutterProc
2015-08-19 09:13 - 2015-08-19 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resident Evil Revelations 2
2015-08-19 08:01 - 2015-09-04 19:40 - 00000340 _____ C:\Windows\Tasks\Superclean.job
2015-08-19 08:01 - 2015-08-20 07:40 - 00003252 _____ C:\Windows\System32\Tasks\Superclean
2015-08-18 11:40 - 2015-08-18 11:33 - 56576846 _____ C:\Users\admin\Documents\Capture_20150818.mp4
2015-08-15 08:08 - 2015-09-05 08:57 - 00000000 ____D C:\Program Files (x86)\Alarm
2015-08-15 08:07 - 2015-09-05 09:06 - 00000000 ____D C:\Program Files (x86)\SaverrExtensioenn
2015-08-10 10:40 - 2015-09-05 09:06 - 00000000 ____D C:\Program Files (x86)\Twitch Smiles
2015-08-10 10:39 - 2015-09-05 09:07 - 00000000 ____D C:\Program Files (x86)\MinimumPrIcee
2015-08-10 09:58 - 2015-08-26 06:51 - 00000000 ____D C:\Program Files (x86)\IncludeInstance
2015-08-08 23:16 - 2015-08-12 16:15 - 00000000 ____D C:\Users\admin\Documents\KoeiTecmo
2015-08-08 22:05 - 2015-08-08 22:05 - 00000000 ____D C:\Users\admin\Documents\My ISO Files
2015-08-07 21:51 - 2015-09-05 10:57 - 00003488 _____ C:\Windows\System32\Tasks\gg_uac_daemon_admin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-05 11:09 - 2015-07-14 19:59 - 00001002 _____ C:\Windows\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000UA.job
2015-09-05 11:01 - 2012-11-07 11:46 - 00000000 ____D C:\Users\admin\AppData\Roaming\GarenaPlus
2015-09-05 11:01 - 2012-11-07 11:46 - 00000000 ____D C:\ProgramData\GarenaMessenger
2015-09-05 11:01 - 2012-11-07 08:44 - 01073982 _____ C:\Windows\WindowsUpdate.log
2015-09-05 10:56 - 2015-07-20 17:45 - 00007838 _____ C:\Windows\setupact.log
2015-09-05 10:56 - 2009-07-14 12:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-05 10:55 - 2015-07-20 17:45 - 00641170 _____ C:\Windows\PFRO.log
2015-09-05 10:55 - 2009-07-14 11:45 - 00000000 ____D C:\Windows\Setup
2015-09-05 10:47 - 2009-07-14 11:45 - 00022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-05 10:47 - 2009-07-14 11:45 - 00022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-05 10:40 - 2012-11-09 17:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-05 09:25 - 2015-03-20 09:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-05 09:20 - 2015-05-11 21:19 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2015-09-05 09:20 - 2009-07-14 10:20 - 00000000 __RHD C:\Users\Default
2015-09-05 09:10 - 2013-07-14 21:40 - 00000000 ____D C:\ProgramData\install_clap
2015-09-05 09:10 - 2012-11-07 23:32 - 00000000 ____D C:\Windows\Panther
2015-09-05 09:10 - 2012-11-07 10:24 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2015-09-05 09:10 - 2012-11-07 08:53 - 00000000 ____D C:\Users\admin\AppData\Local\Microsoft Help
2015-09-05 09:08 - 2015-07-13 15:18 - 00000000 ____D C:\Program Files (x86)\HowToSimplified
2015-09-05 09:08 - 2015-07-02 13:23 - 00000000 ____D C:\Program Files (x86)\EasyBib Too
2015-09-05 09:08 - 2015-07-02 13:23 - 00000000 ____D C:\Program Files (x86)\DownSaaveu
2015-09-05 09:07 - 2015-07-17 21:59 - 00000000 ____D C:\Program Files (x86)\RaeeguLarDealS
2015-09-05 09:07 - 2015-07-13 15:19 - 00000000 ____D C:\Program Files (x86)\ReegularDeaLLs
2015-09-05 09:07 - 2015-07-10 19:18 - 00000000 ____D C:\Program Files (x86)\RiaindomPrice
2015-09-05 09:07 - 2015-06-30 10:13 - 00000000 ____D C:\Program Files (x86)\OneClick Cleaner for Chrome
2015-09-05 09:07 - 2015-06-25 21:42 - 00000000 ____D C:\Program Files (x86)\MaineimuMPirice
2015-09-05 09:07 - 2015-06-18 15:38 - 00000000 ____D C:\Program Files (x86)\PricieMInus
2015-09-05 09:06 - 2015-06-18 15:39 - 00000000 ____D C:\Program Files (x86)\ZenMate Security Privacy Unblock VPN
2015-09-05 09:01 - 2015-07-17 21:59 - 00000000 ____D C:\Program Files (x86)\AppJump App Launcher and Organizer
2015-09-05 09:01 - 2015-07-15 21:00 - 00000000 ____D C:\Program Files (x86)\CChEapMe
2015-09-05 09:01 - 2015-07-15 21:00 - 00000000 ____D C:\Program Files (x86)\AntiGameOrigin
2015-09-05 09:01 - 2015-06-29 20:20 - 00000000 ____D C:\Program Files (x86)\Authy Chrome Extension
2015-09-05 09:00 - 2015-06-30 10:14 - 00000000 ____D C:\Program Files (x86)\DigiCoupoon
2015-09-05 09:00 - 2015-06-29 20:20 - 00000000 ____D C:\Program Files (x86)\DOwinSave
2015-09-05 08:49 - 2009-07-14 12:13 - 00908038 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-05 08:39 - 2015-03-22 12:16 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-04 20:46 - 2015-07-14 19:59 - 00000950 _____ C:\Windows\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000Core.job
2015-09-04 20:32 - 2015-06-29 13:27 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2015-09-04 20:26 - 2014-01-25 08:20 - 00002299 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-04 20:25 - 2015-01-16 22:40 - 00000000 ____D C:\Windows\system32\log
2015-08-25 19:29 - 2015-02-19 20:02 - 00000000 ____D C:\Users\admin\AppData\Roaming\xim
2015-08-22 07:44 - 2009-07-14 12:08 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-20 08:05 - 2015-06-18 15:38 - 00000000 ____D C:\ProgramData\1124024527645818065
2015-08-20 07:48 - 2015-06-30 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2015-08-20 07:48 - 2012-11-07 08:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-19 09:15 - 2015-01-27 13:18 - 00000000 ____D C:\Users\admin\AppData\Local\CAPCOM
2015-08-14 14:44 - 2015-06-26 16:45 - 00000024 _____ C:\Users\admin\AppData\Roaming\appdataFr25.bin
2015-08-13 08:29 - 2013-06-29 11:58 - 00001413 _____ C:\Users\admin\Desktop\Lien Minh Huyen Thoai - Shortcut.lnk
2015-08-08 22:05 - 2013-07-14 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2015-08-08 18:34 - 2009-07-14 12:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-08 18:12 - 2009-07-14 09:34 - 00000580 _____ C:\Windows\win.ini
2015-08-07 14:11 - 2015-07-14 20:03 - 00002384 _____ C:\Users\admin\Desktop\Cốc Cốc.lnk

==================== Files in the root of some directories =======

2015-07-15 12:52 - 2015-07-15 12:52 - 0000020 _____ () C:\Users\admin\AppData\Roaming\appdataFr2.bin
2015-06-26 16:45 - 2015-08-14 14:44 - 0000024 _____ () C:\Users\admin\AppData\Roaming\appdataFr25.bin
2015-06-29 13:35 - 2015-06-29 13:35 - 0000017 _____ () C:\Users\admin\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\Checkupdate.exe
C:\Users\admin\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\admin\AppData\Local\Temp\gcapi_dll.dll
C:\Users\admin\AppData\Local\Temp\gtapi_signed.dll
C:\Users\admin\AppData\Local\Temp\VN_150729to150807.exe
C:\Users\admin\AppData\Local\Temp\VN_150807to150825.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-26 17:59

==================== End of FRST.txt ============================

 

[Troubling]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-09-2015
Ran by admin (2015-09-05 11:21:06)
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-3818046159-3689817371-2580797029-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3818046159-3689817371-2580797029-500 - Administrator - Disabled)
Guest (S-1-5-21-3818046159-3689817371-2580797029-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3818046159-3689817371-2580797029-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{C05A4975-B08D-26FA-C153-D6BBFF579705}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Balsamiq Mockups 3 (HKLM-x32\...\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 3.1.1 - Balsamiq SRL)
Balsamiq Mockups 3 (x32 Version: 3.1.1 - Balsamiq SRL) Hidden
BlazBlue: Continuum Shift Extend (HKLM-x32\...\BlazBlue: Continuum Shift Extend_is1) (Version: - H2 Interactive Co., Ltd.)
Canon LBP3000 (HKLM\...\Canon LBP3000) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
ccTalk (HKLM-x32\...\{F768F6BA-F164-4599-BC26-DCCFC2F71983}_is1) (Version: 4.0.2 - ccTalk)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
C-Free 4 Professional (HKLM-x32\...\C-Free 4_is1) (Version: - Program Arts)
Cốc Cốc (HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\CocCocBrowser) (Version: 44.0.2403.125 - Đơn vị chủ quản Cốc Cốc)
Cốc Cốc (HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CocCocBrowser) (Version: 44.0.2403.125 - Đơn vị chủ quản Cốc Cốc)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
DYNASTY WARRIORS® 8 Empires (HKLM-x32\...\DYNASTY WARRIORS® 8 Empires_is1) (Version: - )
Dynomite Deluxe (HKLM-x32\...\Dynomite Deluxe) (Version: - )
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Garena - FIFA ONLINE 3(Vietnam) (HKLM-x32\...\FO3VN) (Version: - Garena Online Pte Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IBM Rational Rose Enterprise Edition (HKLM-x32\...\{22D66ACE-E0A1-482E-B797-0A6A377D3E91}) (Version: 7.0.0.0 - Rational Software)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{54EB8041-1115-4406-AA4B-44D236E84B3B}) (Version: 15.01.1000.0927 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
Java SE Development Kit 7 Update 4 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170040}) (Version: 1.7.0.40 - Oracle)
Java(TM) 6 Update 16 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 7 Update 4 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417004FF}) (Version: 7.0.40 - Oracle)
Java(TM) SE Development Kit 6 Update 16 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160160}) (Version: 1.6.0.160 - Sun Microsystems, Inc.)
JavaFX 2.1.0 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-210648764D10}) (Version: 2.1.0 - Oracle Corporation)
JavaFX 2.1.0 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-210648764D10}) (Version: 2.1.0 - Oracle Corporation)
K-Lite Codec Pack 8.1.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.1.0 - )
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Metal Gear Rising: Revengeance (HKLM-x32\...\Metal Gear Rising: Revengeance_is1) (Version: - )
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31125 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{ae17ae9b-af38-40d2-a194-6102c56ed502}) (Version: 11.0.50727.26 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0 - Mozilla)
Naruto Shippuden Ultimate Ninja Storm Revolution (HKLM-x32\...\Naruto Shippuden Ultimate Ninja Storm Revolution_is1) (Version: - )
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst_is1) (Version: - Namco Bandai Games)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Paint XP version 1.2 (HKLM-x32\...\{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1) (Version: 1.2 - MSPAINTXP.COM)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Pro Evolution Soccer 2015 (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
PhotoZoom Professional 1.2.8 (HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\PhotoZoom Professional) (Version: 1.2.8 - BenVista Ltd)
PhotoZoom Professional 1.2.8 (HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\PhotoZoom Professional) (Version: 1.2.8 - BenVista Ltd)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.4.15.0 - Razer Inc.)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30118 - Realtek Semiconductor Corp.)
Resident Evil Revelations 2 (HKLM-x32\...\Resident Evil Revelations 2_is1) (Version: - )
Scribblenauts Unlimited (HKLM-x32\...\Scribblenauts Unlimited_is1) (Version: - )
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Star Wars Jedi Knight Jedi Academy (HKLM-x32\...\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}) (Version: - )
Star Wars Republic Commando (HKLM-x32\...\Star Wars Republic Commando_is1) (Version: - )
Street Fighter X Tekken (x32 Version: 1.0.0004.130 - CAPCOM U.S.A., INC) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.9.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.5.0.77 - KMP Media co., Ltd)
TreeSize Free V3.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3 - JAM Software)
UltraISO Premium V9.65 (HKLM-x32\...\UltraISO_is1) (Version: - )
Unity Web Player (HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VBR_1021_Full (HKLM-x32\...\{FF7E25F8-F688-4FC4-914E-74D4F9C74371}_is1) (Version: - VTCGame)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XSplit Broadcaster (HKLM-x32\...\{3678DA80-4221-457A-A7AB-F94264807883}) (Version: 1.3.1310.1103 - SplitMediaLabs)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-03-23 20:07 - 2015-03-26 15:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02125155-7DC8-4E26-9111-2B8936FDAE90} - System32\Tasks\{F749A93F-D823-4F5E-B664-7F9CB7C6799A} => D:\GAMES\***\Assassin's Creed IV Black Flag\AC4BFSP.exe
Task: {1177659E-4A61-4FA1-8FE1-50DD2A0F8AB8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-09] (Adobe Systems Incorporated)
Task: {1BD6351D-5A36-4097-92F8-8164C1BEBD08} - System32\Tasks\{D5177AAC-BCE9-4AC3-9CEE-C90751DA6BF6} => pcalua.exe -a D:\C\Windows\BT\bai01.exe -d D:\C\Windows\BT
Task: {21073F1B-8B5E-4498-9837-45288B58B39C} - System32\Tasks\{947472E8-A5D0-4F35-93FF-E7BD403CCB40} => pcalua.exe -a E:\Huy\Originals\Uninstall.exe
Task: {34E1F3E8-2744-42E2-9F8D-F06EAC27A6AC} - System32\Tasks\{CA9F35EC-2E48-4ABC-AEC1-11B29843986A} => pcalua.exe -a "E:\Huy\Originals\PhotoZoom Professional Setup.exe" -d E:\Huy\Originals
Task: {36715A6C-9DCD-4969-8EC8-B48FCB93C622} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe
Task: {37C445E6-35FA-4842-AD15-8DBCE118EE6D} - System32\Tasks\{E0FBBA98-E6F5-46B3-B365-F16C237A6636} => Chrome.exe http://ui.skype.com/ui/0/6.1.0.129.272/vi/abandoninstall?page=tsProgressBar
Task: {37CC2F66-AF07-4896-AD4B-6BEF1A22BCE0} - System32\Tasks\gg_uac_daemon_admin => D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe [2015-09-03] ()
Task: {388A179F-8E20-48DB-846F-B0ED40B41749} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {395A3A50-DF1A-491A-9590-76B3591210A3} - System32\Tasks\{6578B33F-BE5C-40E3-8EB4-F017B59D7DCF} => pcalua.exe -a "D:\GAMES\SWCMR\Star Wars Republic Commando [CHK88]\Republic Commando [CHK88]\[PC-Full]-SW-Republic.Commando.exe" -d "D:\GAMES\SWCMR\Star Wars Republic Commando [CHK88]\Republic Commando [CHK88]"
Task: {4617E916-92E8-473D-8720-2A35DF2439F5} - System32\Tasks\{67659D67-741B-43E0-9D5B-E630A49031FF} => pcalua.exe -a D:\GAMES\SWJK\JediAcademy.exe -d D:\GAMES\SWJK
Task: {6E5B0555-8FD5-4D9F-BF75-DB10169E821F} - System32\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000Core => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [2015-07-14] (Coc Coc Co., Ltd.)
Task: {76DBC42B-88A3-4D89-B3AE-C9CBA33FC6BD} - \DoctorPC_Popup -> No File <==== ATTENTION
Task: {8041E7FA-BBC6-43F8-9E56-4F7ABCBE678D} - System32\Tasks\{9A49B636-3FD2-41DA-8332-19A9F882F665} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {8B5BCFCB-DE58-47B0-ACA9-AD518FD2C21B} - System32\Tasks\{0D66A9C9-3137-43D8-9A9D-E4D394146DE5} => pcalua.exe -a "D:\DUY\GAMES\Zing speed\2S-setup-110.exe" -d "D:\DUY\GAMES\Zing speed"
Task: {B8820E18-028F-46AD-A13E-4CD572070045} - System32\Tasks\{87CAB124-17DE-4292-9BC4-7777ADEBDFCC} => Firefox.exe http://ui.skype.com/ui/0/6.0.0.126/vi/abandoninstall?page=tsProgressBar
Task: {D9E84FC2-DB2A-418C-BDAA-95B1FE118362} - System32\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000UA => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [2015-07-14] (Coc Coc Co., Ltd.)
Task: {DA255089-7810-409D-95B3-4ADAA0422A80} - System32\Tasks\{75323A41-E23B-480A-8EF4-9F8E63FB6719} => pcalua.exe -a "E:\Huy\Rational Rose\IBM.Rational.Rose.Enterprise.v7.0_Blog.HanhTrinhTuoiTre.Com\setup.exe" -d "E:\Huy\Rational Rose\IBM.Rational.Rose.Enterprise.v7.0_Blog.HanhTrinhTuoiTre.Com"
Task: {E3482EE7-FEBC-4270-949D-74206E3B78DA} - System32\Tasks\Superclean => c:\programdata\{18360452-5a27-4923-1836-604525a21149}\hqghumeaylnlf.exe <==== ATTENTION
Task: {EF2397D0-6706-4C2D-A48B-626A88F0FC7E} - System32\Tasks\{503E338D-E662-45EC-8A2F-AD3C2880012F} => pcalua.exe -a D:\GAMES\SWJK\autorun.exe -d D:\GAMES\SWJK
Task: {F155C81B-6271-49A4-9B23-6C62609C9CED} - \AutoKMS -> No File <==== ATTENTION
Task: {F2C596F2-F9E7-4E1C-BD63-7CB3F81A4071} - \DoctorPC_Start -> No File <==== ATTENTION
Task: {F7975478-5CCD-4EA6-821F-5215613B4445} - System32\Tasks\{34BF06CC-4E30-4900-BD2E-832C2B1159D3} => pcalua.exe -a G:\OriginInstaller.exe -d G:\
Task: {FA1DBBEF-C7B0-49B5-8891-B9FC1E9607E9} - System32\Tasks\{E3883D28-6D4C-4C2E-8535-0553082E5067} => pcalua.exe -a "D:\DUY\GAMES\Vua Bóng Rổ\install.exe" -d "D:\DUY\GAMES\Vua Bóng Rổ"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000Core.job => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe
Task: C:\Windows\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000UA.job => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{18360452-5a27-4923-1836-604525a21149}\hqghumeaylnlf.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2013-07-12 19:13 - 2015-09-03 15:35 - 00089536 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe
2012-11-07 10:27 - 2009-11-02 01:13 - 00296960 _____ () C:\UniKey 4.0 RC2 Win64\UKHook40.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-11 01:20 - 2015-03-11 01:20 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2012-11-07 09:55 - 2012-03-19 15:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-07 10:27 - 2009-11-02 01:13 - 00316928 _____ () C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe
2013-06-29 11:53 - 2015-09-03 15:35 - 10016704 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe
2012-03-05 04:43 - 2012-03-05 04:43 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-12-13 16:10 - 2011-12-13 16:10 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-10-31 11:44 - 2015-08-27 15:56 - 06794176 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\BBtalk.exe
2013-06-29 11:49 - 2013-07-13 07:24 - 00074752 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Apps\LoLVN\Air\LOLClient.exe
2013-06-29 11:53 - 2015-09-03 15:35 - 02062784 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ggspawn.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00111192 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\CommonLib.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00040024 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\DibModule.dll
2013-06-29 11:53 - 2015-09-03 15:35 - 00040896 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\VersionModule.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00057944 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\FileLoader.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00093784 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\PluginKernel.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00493656 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\CxImage.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00031832 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\PluginModule.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00177240 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\fs\YYFileSystem.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00380504 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\Http.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00191064 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\MP3Module.dll
2013-06-29 11:53 - 2012-02-22 15:52 - 00162304 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lame_enc.DLL
2012-10-31 11:44 - 2015-01-20 19:20 - 00226392 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\TaskManagerLib.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00112728 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\UILayout.dll
2012-10-31 11:44 - 2015-05-27 11:47 - 00965056 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\XLL.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00061528 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\XmlUIModule.dll
2013-06-29 11:53 - 2012-02-22 15:52 - 00573100 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\sqlite3.dll
2012-10-31 11:44 - 2015-09-03 15:35 - 00231872 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Plugins\StatsPlugin.dll
2012-11-01 12:15 - 2015-09-03 15:35 - 02077120 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Plugins\ggplugin.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00199256 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ImageModule.dll
2013-06-30 10:54 - 2015-01-20 19:20 - 00161880 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\libmpg123.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 02947672 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ggdownloader.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00072280 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\AudioMixerLib.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00023128 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\ClientTcp.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 01551960 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\FileSender.dll
2013-06-29 11:53 - 2013-02-01 12:42 - 00153088 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\libzmq.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00962648 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\GaFileTransfer.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00251480 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\MediaEngine.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00032856 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ServerMemAlloc.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00523352 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\RSALib.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00074840 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\UdtLib.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00153688 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\xIM.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00596568 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\xim\plugin_msn.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00467032 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\xim\plugin_xmpp.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00201304 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\xim\plugin_yahoo.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00107608 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Plugins\PlatformPlugin.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00243288 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Plugins\PluginNews.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00404056 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Plugins\GarenaTalkPlugin.dll
2012-12-01 11:09 - 2015-01-20 19:20 - 00293464 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Plugins\DailyTaskPlugin.dll
2013-07-12 19:13 - 2015-01-20 19:20 - 00222808 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Plugins\GameSalePlugin.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-03-08 12:17 - 2013-03-08 12:17 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\avcodec-54.dll
2013-03-08 12:17 - 2013-03-08 12:17 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\avutil-52.dll
2013-03-08 12:17 - 2013-03-08 12:17 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\avformat-54.dll
2013-03-08 12:17 - 2013-03-08 12:17 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\swscale-2.dll
2013-03-08 12:17 - 2013-03-08 12:17 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\swresample-0.dll
2012-10-31 21:53 - 2015-01-16 11:27 - 00073304 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\InputHook.dll
2012-10-31 11:44 - 2015-08-27 15:56 - 02457024 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\Overlay.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00069720 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\PluginKernel.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00110680 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\CommonLib.dll
2015-08-07 14:11 - 2015-07-29 18:17 - 01405080 _____ () C:\Users\admin\AppData\Local\CocCoc\Browser\Application\44.0.2403.125\libglesv2.dll
2015-08-07 14:11 - 2015-07-29 18:17 - 00080536 _____ () C:\Users\admin\AppData\Local\CocCoc\Browser\Application\44.0.2403.125\libegl.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00039512 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\DibModule.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00388696 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\ImageModule.dll
2013-07-12 19:13 - 2015-01-16 11:27 - 00823896 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\gagmhook.dll
2013-08-24 09:54 - 2015-01-16 11:27 - 00047704 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lollauncher.dll
2012-10-31 11:44 - 2015-08-28 14:19 - 00029632 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\VersionModule.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00454600 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\sqlite3.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00115288 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\AudioMixerLib.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00036440 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\ChannelUrlDll.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00431192 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\exchndl.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00083544 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\FileManager.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00059480 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\FileSystem.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00380504 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\Http.dll
2012-10-31 21:53 - 2015-01-16 11:27 - 00053336 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\InputHookLib.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00048216 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\IPCLib.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00062040 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\LangLib.dll
2012-10-31 21:53 - 2015-01-16 11:27 - 00096344 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\audiohost.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00141400 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\MessagePumpLib.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00036952 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\MP3Saver.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00244824 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\libmp3lame.DLL
2013-12-21 13:38 - 2015-01-16 11:27 - 01054296 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\RealTimeVideoEngine.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00062552 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\ResLib.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00105560 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\PngModule.dll
2013-04-06 21:30 - 2015-01-16 11:27 - 00134232 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\TcpClient.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00143960 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\UdpClient.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00117336 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\UILayout.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00872536 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\UILib.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00062040 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\XmlUIModule.dll
2013-06-29 11:53 - 2012-08-02 16:18 - 00954368 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Apps\LoLVN\launcher.lib.dll
2013-06-29 11:53 - 2012-08-02 16:18 - 00053248 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Apps\LoLVN\launcher.lang-en.dll
2013-06-29 11:48 - 2013-07-13 07:23 - 04774248 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Apps\LoLVN\Air\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2015-08-07 14:11 - 2015-07-29 18:17 - 16308040 _____ () C:\Users\admin\AppData\Local\CocCoc\Browser\Application\44.0.2403.125\PepperFlash\pepflashplayer.dll

 

[Troubling]

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMPPALR3 => 2
MSCONFIG\Services: BTHSSecurityMgr => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: PanService => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: ZeroConfigService => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9AB32D9D-9DDB-4C89-9A5B-85CE2A1969B5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{68F0D4EF-091C-4397-A6BC-6C1347E88097}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{897D68F3-276A-4046-87E7-8055AA85B7D1}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E5BBCB73-B2CD-45ED-B4B9-CC4090BF3BF8}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{B51B2C48-D7FF-427A-A579-8909526AA020}] => (Allow) LPort=8370
FirewallRules: [{14690F9A-0CCB-4297-BF68-746AB427EAF6}] => (Allow) LPort=8370
FirewallRules: [{9B472E7D-626C-422D-81AB-1465E7426850}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\Air\LolClient.exe
FirewallRules: [{D90588E7-D044-4651-BA80-53AAA4EBAF19}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\Air\LolClient.exe
FirewallRules: [{040FA8AA-EEA1-4E94-AAB8-6B14B87A341C}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\Game\League of Legends.exe
FirewallRules: [{95C2E066-F0DA-4687-B5DB-142591149D0D}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\Game\League of Legends.exe
FirewallRules: [{CED8FAEC-35D6-41A1-9A51-4E3C53D52625}] => (Allow) LPort=8370
FirewallRules: [{C784C6CB-E21A-4DCF-BD53-194D8E64D242}] => (Allow) LPort=8370
FirewallRules: [{3BF29EC4-301B-418C-B7F0-23704CD4ED36}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\Air\LolClient.exe
FirewallRules: [{3C21E3F4-F4E8-4C09-AC70-B358C4152D45}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\Air\LolClient.exe
FirewallRules: [{584A721F-4B13-4219-A9E6-716B322F5E88}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\Game\League of Legends.exe
FirewallRules: [{A1C93AF6-3F08-40C4-AC3C-B8EBE0C00043}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\Game\League of Legends.exe
FirewallRules: [{94332CDB-10B8-4E90-B926-922BD5EFEAC6}] => (Allow) C:\Program Files (x86)\naver\NaverCommon_VN\NaverAdminAPISvc.exe
FirewallRules: [{92DC7D2C-4022-4E6A-8267-A5B3BAEBD363}] => (Allow) C:\Program Files (x86)\naver\NaverCommon_VN\NaverAdminAPISvc.exe
FirewallRules: [{E3F439D8-5896-4AC9-BC6E-BFE2DE7FC1E4}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe
FirewallRules: [{447E66C3-DCA6-482D-B612-E7C7879D69D0}] => (Allow) C:\Program Files (x86)\naver\NaverCommon_VN\NaverAdminAPISvc.exe
FirewallRules: [{98A65C03-91E6-4CB2-8874-CBD118E24528}] => (Allow) C:\Program Files (x86)\naver\NaverCommon_VN\NaverAdminAPISvc.exe
FirewallRules: [{A9E5B49A-C4A4-45FD-B282-FA00761F7D59}] => (Allow) D:\DUY\GAMES\PlayPark2\HaG\Heroes & Generals\live\hng.exe
FirewallRules: [{E262E038-B10E-4431-8DBD-B3A946C66801}] => (Allow) D:\DUY\GAMES\PlayPark2\HaG\Heroes & Generals\live\hng.exe
FirewallRules: [{7197D186-9E83-4378-B0C9-8A7D54BBD616}] => (Allow) D:\DUY\GAMES\HaG\Heroes & Generals\live\hng.exe
FirewallRules: [{6B9A944F-250E-46EB-9286-57FFF10EAAE7}] => (Allow) D:\DUY\GAMES\HaG\Heroes & Generals\live\hng.exe
FirewallRules: [TCP Query User{69F20F7A-970B-4BF8-9717-39162ECDF200}D:\games\lienminhhuyenthoai\gamedata\bbtalk\bbtalk.exe] => (Block) D:\games\lienminhhuyenthoai\gamedata\bbtalk\bbtalk.exe
FirewallRules: [UDP Query User{9FBDD633-C057-4D2E-AFE1-5F1E82C82AEC}D:\games\lienminhhuyenthoai\gamedata\bbtalk\bbtalk.exe] => (Block) D:\games\lienminhhuyenthoai\gamedata\bbtalk\bbtalk.exe
FirewallRules: [TCP Query User{B25E39E7-D204-4A03-8E0F-2A96D73B9634}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{195170D3-5294-4495-AFA5-DA02625B0D5B}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [TCP Query User{80FA1D02-77AF-4841-B075-06BDA2D8E383}D:\games\lienminhhuyenthoai\gamedata\updatemanager.exe] => (Allow) D:\games\lienminhhuyenthoai\gamedata\updatemanager.exe
FirewallRules: [UDP Query User{DF6080E3-203B-4A37-A242-C304A741BB5B}D:\games\lienminhhuyenthoai\gamedata\updatemanager.exe] => (Allow) D:\games\lienminhhuyenthoai\gamedata\updatemanager.exe
FirewallRules: [TCP Query User{B752F7A6-D29C-4961-9A48-EBF813C2CFA3}D:\games\lienminhhuyenthoai\gamedata\garenamessenger.exe] => (Allow) D:\games\lienminhhuyenthoai\gamedata\garenamessenger.exe
FirewallRules: [UDP Query User{A9FBB11C-E690-4EE8-B1E7-96FE690241C7}D:\games\lienminhhuyenthoai\gamedata\garenamessenger.exe] => (Allow) D:\games\lienminhhuyenthoai\gamedata\garenamessenger.exe
FirewallRules: [{2746D67D-DB9A-4F06-A7D8-9E36724BB999}] => (Allow) C:\Users\admin\AppData\Local\GC\Clicker.exe
FirewallRules: [{D376A9FF-9CAB-45A6-B9D2-59DDCB248669}] => (Allow) C:\Users\admin\AppData\Local\GC\Clicker.exe
FirewallRules: [{84443C57-BF5F-4F03-80BB-D016F0959499}] => (Allow) C:\Users\admin\AppData\Local\GC\Clicker.exe
FirewallRules: [TCP Query User{B59D26C9-6A9E-4DC6-B12D-94213BF3EC4B}C:\users\admin\appdata\local\xyzsoft\ft\client.exe] => (Allow) C:\users\admin\appdata\local\xyzsoft\ft\client.exe
FirewallRules: [UDP Query User{D77E5423-A3C1-4C86-89F4-DB7EDCF1D7FD}C:\users\admin\appdata\local\xyzsoft\ft\client.exe] => (Allow) C:\users\admin\appdata\local\xyzsoft\ft\client.exe
FirewallRules: [{73A3C27F-2ADB-4468-8470-C30081F228B7}] => (Allow) LPort=6973
FirewallRules: [{B23AEEA1-8987-4748-99E1-49F82BD51812}] => (Allow) LPort=6973
FirewallRules: [{894FC446-D8B2-472E-9728-C632DA9339B1}] => (Allow) LPort=6968
FirewallRules: [{29E6706A-6814-4767-AB12-C19C479A12A0}] => (Allow) LPort=6968
FirewallRules: [TCP Query User{F9B089A5-26DE-4C01-8884-1C983F795ACA}E:\huy\psp\brs\ppsspp\ppssppwindows64.exe] => (Allow) E:\huy\psp\brs\ppsspp\ppssppwindows64.exe
FirewallRules: [UDP Query User{03EB4D95-1276-49F2-B56A-ED4094E77AEA}E:\huy\psp\brs\ppsspp\ppssppwindows64.exe] => (Allow) E:\huy\psp\brs\ppsspp\ppssppwindows64.exe
FirewallRules: [TCP Query User{76078BF9-8B21-4A7D-8603-C28BD5F10D5B}E:\huy\psp\brs\ppsspp\adhocserverproonline\adhocsever.exe] => (Allow) E:\huy\psp\brs\ppsspp\adhocserverproonline\adhocsever.exe
FirewallRules: [UDP Query User{DA81F199-9DCD-4A4E-B1B9-FD985D0C4DF3}E:\huy\psp\brs\ppsspp\adhocserverproonline\adhocsever.exe] => (Allow) E:\huy\psp\brs\ppsspp\adhocserverproonline\adhocsever.exe
FirewallRules: [{F5851B27-693E-4FEC-A955-476E41EF0CD5}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{0C605377-5C06-4D3A-AD70-0429A4362684}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{F482E3C5-8457-4CEF-AB6E-86F4D10570A4}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{F523526D-9C0F-49FC-A878-66BBDC39745C}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{0DAA9CB1-1959-4E7A-865A-A0A3CC262D32}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{CDDFCBB8-CE38-4F80-8BB3-C761482C34A7}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{871C1457-F728-41A2-9615-83DA8B45EE83}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{4E586303-1D14-418D-B6D7-B83DA4D2F731}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [TCP Query User{B862D7BC-CED7-4285-B48C-7169CB0895E0}E:\huy\dmc\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe] => (Allow) E:\huy\dmc\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe
FirewallRules: [UDP Query User{C91CACF7-9B43-4284-8FF6-2E00641D1026}E:\huy\dmc\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe] => (Allow) E:\huy\dmc\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe
FirewallRules: [TCP Query User{06E510A6-1812-4755-B680-93ADA2A10C3F}D:\games\re 6\resident evil 6\bh6.exe] => (Allow) D:\games\re 6\resident evil 6\bh6.exe
FirewallRules: [UDP Query User{9733D995-C257-4EF4-9845-4B4982D4D468}D:\games\re 6\resident evil 6\bh6.exe] => (Allow) D:\games\re 6\resident evil 6\bh6.exe
FirewallRules: [{EC6185F2-4D38-4376-BF83-AF9FC479F7C3}] => (Allow) E:\Huy\Steam\Steam.exe
FirewallRules: [{D6696C07-835B-4EC0-A2E3-6CC3702265A1}] => (Allow) E:\Huy\Steam\Steam.exe
FirewallRules: [TCP Query User{6E7AB07A-6B8E-424B-AF5E-F50A66FA3737}D:\games\***\assassins creed iv black flag\ac4bfmp.exe] => (Allow) D:\games\***\assassins creed iv black flag\ac4bfmp.exe
FirewallRules: [UDP Query User{53366B33-ED77-4B5C-B0F8-6064CFCAD8AC}D:\games\***\assassins creed iv black flag\ac4bfmp.exe] => (Allow) D:\games\***\assassins creed iv black flag\ac4bfmp.exe
FirewallRules: [TCP Query User{C0BE8080-20E9-4597-82A2-641F1FE5D337}D:\games\swjk\gamedata\gamedata\jamp.exe] => (Block) D:\games\swjk\gamedata\gamedata\jamp.exe
FirewallRules: [UDP Query User{456D7EC5-AA2A-4A8E-87AF-537A055532CF}D:\games\swjk\gamedata\gamedata\jamp.exe] => (Block) D:\games\swjk\gamedata\gamedata\jamp.exe
FirewallRules: [TCP Query User{A881C6C6-1FB3-4446-99A2-BB735A3572EF}D:\games\swgl\game\battlegrounds_x1.exe] => (Allow) D:\games\swgl\game\battlegrounds_x1.exe
FirewallRules: [UDP Query User{41C8258E-18C3-4194-934E-7F497DF62535}D:\games\swgl\game\battlegrounds_x1.exe] => (Allow) D:\games\swgl\game\battlegrounds_x1.exe
FirewallRules: [TCP Query User{90B324BA-1048-4D99-9A19-3AE0FF368602}D:\games\swjk\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe] => (Block) D:\games\swjk\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe
FirewallRules: [UDP Query User{EA2B65D4-77B6-4D86-A3E6-FA6DB321E05F}D:\games\swjk\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe] => (Block) D:\games\swjk\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe
FirewallRules: [TCP Query User{2C0B758A-6B18-4CFA-B8FB-AD5BBA533C06}D:\games\sc2\versions\base15405\sc2.exe] => (Allow) D:\games\sc2\versions\base15405\sc2.exe
FirewallRules: [UDP Query User{C3E9F498-1520-48E6-8735-96DAE98742B3}D:\games\sc2\versions\base15405\sc2.exe] => (Allow) D:\games\sc2\versions\base15405\sc2.exe
FirewallRules: [{49BFBB42-72D0-4450-9AE6-DC82450C1CA8}] => (Allow) D:\GAMES\Tomb Raider\Tombraider\Steam.exe
FirewallRules: [{7558B54F-9D1C-42CA-87F6-D512923217EA}] => (Allow) D:\GAMES\Tomb Raider\Tombraider\Steam.exe
FirewallRules: [{40205D53-9518-47DB-8BE9-077A26FD3A9A}] => (Allow) D:\GAMES\Tomb Raider\Tombraider\Steam.exe
FirewallRules: [{4E2500D3-BFE3-49D1-A15A-363B3902E437}] => (Allow) D:\GAMES\Tomb Raider\Tombraider\Steam.exe
FirewallRules: [{364A6918-B1C4-4F26-A0D2-D95E9465DB1F}] => (Allow) D:\DUY\UNG DUNG\ccTalk\ccTalk\Bin\ccTalk.exe
FirewallRules: [{F94E1DC5-575B-415C-AFC6-5FD9CB5A9860}] => (Allow) D:\DUY\UNG DUNG\ccTalk\ccTalk\Bin\ccTalk.exe
FirewallRules: [TCP Query User{0D1BCA55-4948-4C4A-B625-35A85CC7B202}C:\users\admin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\admin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{69677F2C-A5D9-4231-8BCC-2C99A6F93CBD}C:\users\admin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\admin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{192C4143-1B46-4536-8093-1AFCB33FC158}] => (Allow) LPort=6963
FirewallRules: [{FB24F615-88ED-4DC4-BECA-26E25D64BE0E}] => (Allow) LPort=6963
FirewallRules: [TCP Query User{0D46D3EF-6310-4572-A211-1EB3E8F98CE3}D:\duy\games\zing speed\vdownloader.exe] => (Allow) D:\duy\games\zing speed\vdownloader.exe
FirewallRules: [UDP Query User{2CEE923B-90FB-4B05-8521-EC98CDC6D9B1}D:\duy\games\zing speed\vdownloader.exe] => (Allow) D:\duy\games\zing speed\vdownloader.exe
FirewallRules: [TCP Query User{789E5035-7DD5-4F1E-8A33-D1D9050AA0CE}D:\duy\games\zing speed\releasephysx27\zingspeedloader.exe] => (Allow) D:\duy\games\zing speed\releasephysx27\zingspeedloader.exe
FirewallRules: [UDP Query User{A56E7C5C-6E55-4873-8133-C6135D20F8C3}D:\duy\games\zing speed\releasephysx27\zingspeedloader.exe] => (Allow) D:\duy\games\zing speed\releasephysx27\zingspeedloader.exe
FirewallRules: [TCP Query User{E4E78FDC-25C1-4096-B70E-E2B707CA412E}C:\programdata\qqkartliveupdate\liveupdaterun\liveupdate.exe] => (Block) C:\programdata\qqkartliveupdate\liveupdaterun\liveupdate.exe
FirewallRules: [UDP Query User{FC11A7B4-D615-479E-A184-655E6B36D33B}C:\programdata\qqkartliveupdate\liveupdaterun\liveupdate.exe] => (Block) C:\programdata\qqkartliveupdate\liveupdaterun\liveupdate.exe
FirewallRules: [{278A1F8E-8875-43B7-A7FC-920571320C32}] => (Allow) C:\Windows\System32\CNAB3RPD.EXE
FirewallRules: [{7EA9658A-8232-405E-81FB-899EA49F3FBB}] => (Allow) C:\Windows\System32\CNAB3RPD.EXE
FirewallRules: [TCP Query User{8804C7C8-2325-44AE-9B9B-0AE3E916E9CC}E:\huy\reop\resident evil - operation raccoon city\raccooncity.exe] => (Allow) E:\huy\reop\resident evil - operation raccoon city\raccooncity.exe
FirewallRules: [UDP Query User{AB68B210-B711-439F-A48F-110A58D28242}E:\huy\reop\resident evil - operation raccoon city\raccooncity.exe] => (Allow) E:\huy\reop\resident evil - operation raccoon city\raccooncity.exe
FirewallRules: [TCP Query User{689C31D0-F61E-4F6B-845A-28B9AF8C4B59}D:\games\re6\resident evil 6\bh6.exe] => (Allow) D:\games\re6\resident evil 6\bh6.exe
FirewallRules: [UDP Query User{38410A8F-50B6-4BBC-85F0-A5B50CB55DDA}D:\games\re6\resident evil 6\bh6.exe] => (Allow) D:\games\re6\resident evil 6\bh6.exe
FirewallRules: [TCP Query User{D953BAB9-E652-4760-B9A0-E6C5F13C2353}D:\games\dark sector\dark sector\ds.exe] => (Allow) D:\games\dark sector\dark sector\ds.exe
FirewallRules: [UDP Query User{B957360A-BBEC-4712-AC06-E62A5C3E669B}D:\games\dark sector\dark sector\ds.exe] => (Allow) D:\games\dark sector\dark sector\ds.exe
FirewallRules: [{B601206C-D973-4B51-ACA4-10A6FD4FCCF5}] => (Allow) D:\GAMES\RE5\RE5DX9.EXE
FirewallRules: [{E3A923ED-762C-45A9-86DE-0C0706015709}] => (Allow) D:\GAMES\RE5\RE5DX9.EXE
FirewallRules: [{C9A36809-CCCA-46D8-9A84-FF76FE4B627A}] => (Allow) D:\GAMES\RE5\RE5DX10.EXE
FirewallRules: [{81C52905-8ADE-4D5B-B0DD-D2384461708A}] => (Allow) D:\GAMES\RE5\RE5DX10.EXE
FirewallRules: [TCP Query User{C9846342-827C-4CD4-B7C9-5A7B9F635972}D:\games\witcher\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\games\witcher\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [UDP Query User{3178E02A-02CB-4F9F-A504-1E7B76B71C81}D:\games\witcher\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\games\witcher\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [{D67DC790-198D-4054-B7C8-3932AC413CEC}] => (Allow) LPort=6912
FirewallRules: [{4AB4B1BD-2E7F-4C25-AFD3-C029AA0A54FC}] => (Allow) LPort=6912
FirewallRules: [TCP Query User{A23AB384-964C-4A0E-8079-51415F2B7BD4}D:\games\swjk\gamedata\gamedata\jamp.exe] => (Block) D:\games\swjk\gamedata\gamedata\jamp.exe
FirewallRules: [UDP Query User{AFE9BBFC-6933-4AAC-9FAE-D6F17946F737}D:\games\swjk\gamedata\gamedata\jamp.exe] => (Block) D:\games\swjk\gamedata\gamedata\jamp.exe
FirewallRules: [TCP Query User{1127FCB8-6DF7-425C-90BE-A83CAC38F957}D:\games\witcher\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\games\witcher\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [UDP Query User{EB98AE1E-9C7B-484A-91FA-83401D8233D6}D:\games\witcher\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\games\witcher\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [{CE1CCF92-A308-45ED-B0B2-25780384393B}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{BD9565AA-8E92-44D3-A6EA-5D11E33BA3E6}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{150CA673-BF93-4101-B109-1C90D0578283}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{181FDF64-0B7B-467B-A3EA-044E43D52F50}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{230AC3E2-0FAB-4CFE-A660-9DD15DF8B2AF}] => (Allow) LPort=6995
FirewallRules: [{C81333E3-5C8E-4883-9422-768A91A3D140}] => (Allow) LPort=6995
FirewallRules: [TCP Query User{E6670FA8-578C-4252-95E6-00B9DC0341C1}D:\games\re6\resident evil 6\bh6.exe] => (Allow) D:\games\re6\resident evil 6\bh6.exe
FirewallRules: [UDP Query User{923D900B-F38D-46A2-B3DE-A44197A07026}D:\games\re6\resident evil 6\bh6.exe] => (Allow) D:\games\re6\resident evil 6\bh6.exe
FirewallRules: [TCP Query User{1C59C24A-BB07-4F20-9DF6-A0448F87B229}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{6AF0B4F9-AB59-4A43-9D09-9B968DBAB2EB}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [{B0A855FB-FB62-4C8D-9041-E0691F3CC317}] => (Allow) C:\GarenaDownload\Games\fo3vn\fo3vnInstaller.exe
FirewallRules: [{A5931D3F-79FB-4B64-BE38-7FC763CE3A87}] => (Allow) C:\GarenaDownload\Games\fo3vn\fo3vnInstaller.exe
FirewallRules: [{8C8F5386-65BA-46B8-BA22-70D6878C661F}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{D65BFBA2-B3A8-4E3C-9BEE-C0AA2EBDBBDD}] => (Allow) D:\GAMES\FIFA Online 2\GameData\Apps\FO3VN\fifazf.exe
FirewallRules: [{605F36CF-3EBC-42D6-9DA5-706E809993C1}] => (Allow) D:\GAMES\FIFA Online 2\GameData\Apps\FO3VN\fifazf.exe
FirewallRules: [TCP Query User{1F3DBD2D-2FA0-4AEF-BAA1-629717919371}E:\huy\coccoc\coccoc\browser\application\browser.exe] => (Block) E:\huy\coccoc\coccoc\browser\application\browser.exe
FirewallRules: [UDP Query User{80DAF584-5E93-4D03-A18E-A0232B0FE4CE}E:\huy\coccoc\coccoc\browser\application\browser.exe] => (Block) E:\huy\coccoc\coccoc\browser\application\browser.exe
FirewallRules: [{A8B8D9ED-5F87-4F9F-907D-19CC2706FEA4}] => (Allow) LPort=6954
FirewallRules: [{CBE95353-D238-4CCD-97DA-6E1941995EFB}] => (Allow) LPort=6954
FirewallRules: [{ED83EAE5-6AD7-41DE-BBAA-E515303CDACF}] => (Allow) D:\DUY\UNG DUNG\Steam\Steam.exe
FirewallRules: [{C5015ABC-F3CC-4B33-959B-1547D49CA769}] => (Allow) D:\DUY\UNG DUNG\Steam\Steam.exe
FirewallRules: [{82804736-AD6B-4525-A290-09721C6FEEE0}] => (Allow) D:\DUY\UNG DUNG\Steam\bin\steamwebhelper.exe
FirewallRules: [{2482A710-6D88-4BE6-AB41-C04F17B949EC}] => (Allow) D:\DUY\UNG DUNG\Steam\bin\steamwebhelper.exe
FirewallRules: [{43C6201E-70EE-4AC9-A22D-9B81B955EE8D}] => (Allow) E:\Huy\Window\Common7\IDE\devenv.exe
FirewallRules: [{01989F86-A1C3-4265-BDCB-70D324EB1BCD}] => (Allow) E:\Huy\Window\Common7\IDE\devenv.exe
FirewallRules: [{BB4CF169-9468-4D32-A8FB-8C97729A9E67}] => (Allow) E:\Huy\Window\Common7\IDE\devenv.exe
FirewallRules: [{19618185-C0F5-47A3-B06F-69EDCB002320}] => (Allow) E:\Huy\Window\Common7\IDE\devenv.exe
FirewallRules: [{89997FAC-CFB1-4108-AA0D-A4A18C0207F7}] => (Allow) E:\Huy\Window\Common7\IDE\devenv.exe
FirewallRules: [{5C86548E-5B35-4CAB-94A4-ADE9210D4562}] => (Allow) E:\Huy\Window\Common7\IDE\devenv.exe
FirewallRules: [{0831F118-E1EF-4E27-9CB1-EAA4BE1716BE}] => (Allow) E:\Huy\Window\Common7\IDE\devenv.exe
FirewallRules: [{D7E58B48-3CBB-4449-A79F-8F52BB3235D5}] => (Allow) LPort=6899
FirewallRules: [{D9A9BA0D-8705-46AA-9F6D-A7E956EE9F68}] => (Allow) LPort=6899
FirewallRules: [TCP Query User{47CE8E7A-41C6-44F4-A79A-6C15FA609E7F}D:\games\saint row\saints row gat out of hell\saintsrowgatoutofhell.exe] => (Allow) D:\games\saint row\saints row gat out of hell\saintsrowgatoutofhell.exe
FirewallRules: [UDP Query User{22AE930A-0C9E-4B9F-915D-6A1270991BF6}D:\games\saint row\saints row gat out of hell\saintsrowgatoutofhell.exe] => (Allow) D:\games\saint row\saints row gat out of hell\saintsrowgatoutofhell.exe
FirewallRules: [TCP Query User{2F145A6D-1E2D-4F75-AA46-5E4B18A0AB2A}D:\duy\games\freestyle 2\freestyle2.exe] => (Allow) D:\duy\games\freestyle 2\freestyle2.exe
FirewallRules: [UDP Query User{CC25EEC6-E30C-4DF6-BCB8-5C6E62C154D8}D:\duy\games\freestyle 2\freestyle2.exe] => (Allow) D:\duy\games\freestyle 2\freestyle2.exe
FirewallRules: [{562A47C8-C88B-4719-8B34-EBC8D8E20BA4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{79264E8B-4C91-40DB-930B-4697C8E88EFE}D:\duy\games\a story about my uncle\binaries\win32\asamu-win32-shipping.exe] => (Allow) D:\duy\games\a story about my uncle\binaries\win32\asamu-win32-shipping.exe
FirewallRules: [UDP Query User{4242ED5D-EF0C-47D1-8888-ED5D72013B4C}D:\duy\games\a story about my uncle\binaries\win32\asamu-win32-shipping.exe] => (Allow) D:\duy\games\a story about my uncle\binaries\win32\asamu-win32-shipping.exe
FirewallRules: [TCP Query User{672F78C0-6372-4EBB-A1EC-920FF1A586D7}D:\duy\games\enslaved odyssey to the west\enslaved odyssey to the west premium edition\binaries\win32\enslaved.exe] => (Allow) D:\duy\games\enslaved odyssey to the west\enslaved odyssey to the west premium edition\binaries\win32\enslaved.exe
FirewallRules: [UDP Query User{D92738E9-E644-4636-A7BA-798AE5FB9561}D:\duy\games\enslaved odyssey to the west\enslaved odyssey to the west premium edition\binaries\win32\enslaved.exe] => (Allow) D:\duy\games\enslaved odyssey to the west\enslaved odyssey to the west premium edition\binaries\win32\enslaved.exe
FirewallRules: [{96455DB1-D8A1-4BCC-BFB3-120F72B2C602}] => (Allow) D:\GAMES\Nba\nba2k14.exe
FirewallRules: [{9E3BAA05-7516-4205-89D7-B0FED0DFD054}] => (Allow) D:\GAMES\Nba\nba2k14.exe
FirewallRules: [TCP Query User{6058A088-0EF2-4FAB-ADCB-6EB020943080}D:\duy\games\ff\fifa 15\fifa15.exe] => (Allow) D:\duy\games\ff\fifa 15\fifa15.exe
FirewallRules: [UDP Query User{1C4E18FA-584F-432F-9C75-2E8B58419A0F}D:\duy\games\ff\fifa 15\fifa15.exe] => (Allow) D:\duy\games\ff\fifa 15\fifa15.exe
FirewallRules: [{7BF75CFE-DD7D-4AB1-829A-E4C0D7432906}] => (Allow) D:\DUY\GAMES\ff\Fifa 15\fifasetup\fifaconfig.exe
FirewallRules: [{D29A9112-8C1C-48EC-93E5-CCFB0C1D61DE}] => (Allow) D:\DUY\GAMES\ff\Fifa 15\fifasetup\fifaconfig.exe
FirewallRules: [TCP Query User{DA9167F6-B55A-4D53-8E12-083D7E899377}D:\duy\games\pes 2015\pro evolution soccer 2015\pes2015.exe] => (Allow) D:\duy\games\pes 2015\pro evolution soccer 2015\pes2015.exe
FirewallRules: [UDP Query User{20D15BEC-3414-4985-A124-F8B8F5363EC6}D:\duy\games\pes 2015\pro evolution soccer 2015\pes2015.exe] => (Allow) D:\duy\games\pes 2015\pro evolution soccer 2015\pes2015.exe
FirewallRules: [{5C9367C9-DAE2-4DE5-8D66-C25638B4E692}] => (Allow) D:\DUY\GAMES\GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{019F6295-ECBD-4CC4-83D5-619C6595275B}] => (Allow) D:\DUY\GAMES\GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{BD1F7B48-EE39-4DBC-AAF0-739D23938982}] => (Allow) D:\DUY\GAMES\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{04C10A31-01B8-4C12-9109-A2633A460A3C}] => (Allow) D:\DUY\GAMES\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [TCP Query User{C4603FEC-0659-4439-85CA-EF11CB06B6C4}D:\duy\games\new folder\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe] => (Allow) D:\duy\games\new folder\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe
FirewallRules: [UDP Query User{B873337C-B578-4BDE-A5C8-577D14852C8C}D:\duy\games\new folder\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe] => (Allow) D:\duy\games\new folder\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe
FirewallRules: [TCP Query User{FFC2471A-0786-4BCC-821C-80E987D2802F}D:\duy\games\new folder\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird_dx11.exe] => (Allow) D:\duy\games\new folder\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{47A9DD11-A9D7-4EC8-9EB8-20D2DABCDF41}D:\duy\games\new folder\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird_dx11.exe] => (Allow) D:\duy\games\new folder\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{2D60B970-439E-4343-A85E-EEB7031B81F1}D:\duy\games\saint row the third\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe] => (Allow) D:\duy\games\saint row the third\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe
FirewallRules: [UDP Query User{92D1C6AE-EFB0-4943-84F7-2FE72C43433E}D:\duy\games\saint row the third\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe] => (Allow) D:\duy\games\saint row the third\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe
FirewallRules: [TCP Query User{1E47D8B5-F4DA-4CED-8DBF-AFFC56B41E53}D:\duy\games\saint row the third\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe] => (Allow) D:\duy\games\saint row the third\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe
FirewallRules: [UDP Query User{F2E028C9-D2F9-451C-B0D2-9E26F2C6FDD8}D:\duy\games\saint row the third\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe] => (Allow) D:\duy\games\saint row the third\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe
FirewallRules: [{DE37B04A-F20B-451E-A4FA-CF592275FD56}] => (Allow) C:\GarenaDownload\Games\fo3vn\fo3vnInstaller.exe
FirewallRules: [{5AABDEEA-4785-4804-ACCF-973F16C57707}] => (Allow) C:\GarenaDownload\Games\fo3vn\fo3vnInstaller.exe
FirewallRules: [{D17E8E04-DFC0-4E8B-B9ED-A1ED3BCFCC02}] => (Allow) D:\GAMES\FFO3\GameData\Apps\FO3VN\fifazf.exe
FirewallRules: [{ACFB9CD0-E0AD-445C-BFE0-B24EAA9C4500}] => (Allow) D:\GAMES\FFO3\GameData\Apps\FO3VN\fifazf.exe
FirewallRules: [TCP Query User{387C97CC-E0BF-49B2-8688-8032AA11ADFE}D:\duy\games\vua bong ro\freestyle2.exe] => (Block) D:\duy\games\vua bong ro\freestyle2.exe
FirewallRules: [UDP Query User{58279D5A-4ADB-4E39-B017-A25B65ACF8F0}D:\duy\games\vua bong ro\freestyle2.exe] => (Block) D:\duy\games\vua bong ro\freestyle2.exe
FirewallRules: [{B75E9445-5DA5-4D52-B6E0-0B92D177A55F}] => (Allow) LPort=6922
FirewallRules: [{9A9B5F1E-2556-4252-BEDE-13537BBA98C0}] => (Allow) LPort=6922
FirewallRules: [{8E89C32E-E9E5-4DEE-AB70-4CD97955FC55}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{35D8595F-13E2-49A2-838A-4B19E75A85B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{549D84BC-1A65-45CA-947F-64318E2077FE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FCCDAF5B-8364-48A4-AC64-745D63C69B9B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3092E4E2-FC69-487A-B8D3-1FE8EB50FBA2}] => (Allow) LPort=6983
FirewallRules: [{E4441467-E7D2-436A-87F5-3C5DAE228275}] => (Allow) LPort=6983
FirewallRules: [TCP Query User{B0D7CD03-F38E-4EA9-B76E-7713EB90F150}D:\duy\games\vua bong ro\freestyle2.exe] => (Allow) D:\duy\games\vua bong ro\freestyle2.exe
FirewallRules: [UDP Query User{5B89E1C2-8645-4B01-98BB-48381CF6DDA9}D:\duy\games\vua bong ro\freestyle2.exe] => (Allow) D:\duy\games\vua bong ro\freestyle2.exe
FirewallRules: [TCP Query User{1A772BF5-AC28-4D91-90DF-0B40CE961F8F}D:\duy\games\dolphin\dolphin-x64\dolphin.exe] => (Block) D:\duy\games\dolphin\dolphin-x64\dolphin.exe
FirewallRules: [UDP Query User{74A6B18F-0FFB-400D-BCFB-9C9E4ECFDB8F}D:\duy\games\dolphin\dolphin-x64\dolphin.exe] => (Block) D:\duy\games\dolphin\dolphin-x64\dolphin.exe
FirewallRules: [{8B2FE785-38AF-42BB-9A55-D4D5420B9B6A}] => (Allow) LPort=6986
FirewallRules: [{EE0A2598-EF1E-4F24-A523-2BE574F668A3}] => (Allow) LPort=6986
FirewallRules: [{D6AE37F6-D74B-4A46-A156-003DA049F552}] => (Allow) LPort=6884
FirewallRules: [{F3AB7CA3-A175-4530-A1C1-1017CC1A2E92}] => (Allow) LPort=6884
FirewallRules: [{0B80E42F-4744-4652-B9B5-240D4F52266F}] => (Allow) LPort=6894
FirewallRules: [{7DF891FB-38D3-4FE1-9DC0-6B18C0C1981F}] => (Allow) LPort=6894
FirewallRules: [{AB3ED8B2-92E7-4955-AC4C-2E0BBF95457D}] => (Allow) LPort=6996
FirewallRules: [{8AE48795-F28E-4CD7-BBE1-29F41F0BEC07}] => (Allow) LPort=6996
FirewallRules: [{A5020A80-8AC5-4C95-9945-4414C423BB5B}] => (Allow) LPort=6911
FirewallRules: [{B782E08F-30F1-40E1-9A79-233A908466BC}] => (Allow) LPort=6911
FirewallRules: [{C517CCAA-70DC-4FA8-91E5-21A2DD8D86E8}] => (Allow) LPort=6990
FirewallRules: [{8339BF42-5776-4ABF-81FE-3D3E1EB3C21B}] => (Allow) LPort=6990
FirewallRules: [{B187801E-C98C-43D9-A643-B7F5608F7913}] => (Allow) LPort=6938
FirewallRules: [{ACB592E2-973B-420D-B999-4928089B2D65}] => (Allow) LPort=6938
FirewallRules: [{863F7DDB-DA55-46C9-A083-34ADE7EBB1A9}] => (Allow) LPort=6942
FirewallRules: [{27923769-8263-4071-BC25-62605DD32430}] => (Allow) LPort=6942
FirewallRules: [{7CB61BE5-8E7E-4F7B-BCE8-23CF393230BC}] => (Allow) LPort=6889
FirewallRules: [{22D59470-E235-4041-A83E-56AE4657DDD5}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\lol.exe
FirewallRules: [{1836BC9B-9258-4A29-9875-F3BFE9206473}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\lol.exe
FirewallRules: [{8ACEE8FB-60AB-40DD-8736-486F32E6CE5F}] => (Allow) LPort=6889
FirewallRules: [{51A56975-6444-426E-AC66-2DE9CFC83B80}] => (Allow) LPort=8393
FirewallRules: [{B162E34E-7A89-42F2-BA0B-39D2A10C9A80}] => (Allow) LPort=8393
FirewallRules: [{3047586E-CD3C-4945-90AA-B681C7C98EA2}] => (Allow) LPort=8390
FirewallRules: [{C2840F91-3DB2-43F6-ACEB-EDFA1E056CE1}] => (Allow) LPort=8390

==================== Faulty Device Manager Devices =============

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2015 10:58:14 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/05/2015 10:58:14 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4400}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/05/2015 10:58:14 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (09/05/2015 10:58:14 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (09/05/2015 10:58:14 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (09/05/2015 10:58:14 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (09/05/2015 10:58:11 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (09/05/2015 10:58:08 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Context: Windows Application

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Error: (09/05/2015 10:58:08 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=2801}. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Error: (09/05/2015 10:58:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/05/2015 11:20:29 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/05/2015 11:20:29 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/05/2015 11:20:29 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/05/2015 11:20:29 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/05/2015 11:20:29 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/05/2015 11:18:18 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/05/2015 11:18:18 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/05/2015 11:18:18 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/05/2015 11:18:18 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/05/2015 11:18:18 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


Microsoft Office:
=========================
Error: (09/05/2015 10:58:14 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (09/05/2015 10:58:14 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
4400

Error: (09/05/2015 10:58:14 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (09/05/2015 10:58:14 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (09/05/2015 10:58:14 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (09/05/2015 10:58:14 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (09/05/2015 10:58:11 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)
Search.JetPropStore

Error: (09/05/2015 10:58:08 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Context: Windows Application

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)
The catalog is corrupt

Error: (09/05/2015 10:58:08 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Context: Windows Application

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)
2801

Error: (09/05/2015 10:58:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity:
===================================
Date: 2015-03-26 14:58:42.409
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-26 14:58:21.554
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-26 14:58:00.709
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-26 14:57:39.611
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-23 20:06:13.659
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-23 20:05:52.637
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-13 06:36:49.059
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\nethfdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-13 06:36:25.956
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\nethfdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-13 06:29:32.137
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\nethfdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-13 06:29:11.389
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\nethfdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 75%
Total physical RAM: 3998.36 MB
Available physical RAM: 987.69 MB
Total Virtual: 7994.91 MB
Available Virtual: 4250.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:13.91 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (CHUONG TRINH) (Fixed) (Total:205.08 GB) (Free:80.49 GB) NTFS
Drive e: (LUU TRU) (Fixed) (Total:211.85 GB) (Free:60.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FAC058BE)
Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=205.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=211.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Troubling]

After scanning with everything and probably delete tons of stuff ilivid still bothering me

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[Troubling]

RogueKiller V10.10.4.0 [Sep 4 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : admin [Administrator]
Started from : C:\Users\admin\Desktop\RogueKiller.exe
Mode : Delete -- Date : 09/06/2015 11:04:11

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] 99f95ab09a9451390866e9a36792bb44
[BSP] 922cade1be87a028dea69f1dee342bc2 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 50006 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 102416384 | Size: 210000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 532496384 | Size: 216930 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
*END*

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 06/09/2015
Scan Time: 10:38 SA
Logfile: MBAM.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.05.07
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 466804
Time Elapsed: 52 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

# AdwCleaner v5.005 - Logfile created 06/09/2015 at 11:52:03
# Updated 31/08/2015 by Xplode
# Database : 2015-09-04.4 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : admin - ADMIN-PC
# Running from : C:\Users\admin\Desktop\adwcleaner_5.005.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Elex-tech
[-] Folder Deleted : C:\Program Files (x86)\CChEapMe
[-] Folder Deleted : C:\Program Files (x86)\DigiCoupoon
[-] Folder Deleted : C:\Program Files (x86)\DOwinSave
[-] Folder Deleted : C:\Program Files (x86)\DownSaaveu
[-] Folder Deleted : C:\Program Files (x86)\MaineimuMPirice
[-] Folder Deleted : C:\Program Files (x86)\MinimumPrIcee
[-] Folder Deleted : C:\Program Files (x86)\PricieMInus
[-] Folder Deleted : C:\Program Files (x86)\RaeeguLarDealS
[-] Folder Deleted : C:\Program Files (x86)\ReegularDeaLLs
[-] Folder Deleted : C:\Program Files (x86)\RiaindomPrice
[-] Folder Deleted : C:\Program Files (x86)\SaverrExtensioenn
[-] Folder Deleted : C:\Program Files (x86)\HowToSimplified
[-] Folder Deleted : C:\ProgramData\tencent
[-] Folder Deleted : C:\ProgramData\883f6f9a0000536a
[-] Folder Deleted : C:\ProgramData\eedcf1fe00000d81
[-] Folder Deleted : C:\ProgramData\f407040a00007121
[-] Folder Deleted : C:\ProgramData\{60eb6620-fc4e-34c5-60eb-b6620fc49883}
[-] Folder Deleted : C:\ProgramData\{de40805b-fefc-8c96-de40-0805bfef016f}
[-] Folder Deleted : C:\Users\admin\AppData\Local\Temp\iSafeRightKeyScan
[-] Folder Deleted : C:\Users\admin\AppData\Roaming\Elex-tech
[-] Folder Deleted : C:\Users\admin\AppData\Roaming\tencent

***** [ Files ] *****

[-] File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\YAC.lnk
[-] File Deleted : C:\Windows\Sysnative\log\iSafeKrnlCall.log

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : DoctorPC_Popup
[-] Task Deleted : DoctorPC_Start

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\646f5413-c5bb-f212-796b-4a29bd1f3e09
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{04A0F1FA-CF83-4ECD-9F68-D94D3F8A7622}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5ADB067E-40D9-49AD-BDFC-2DBD725D3842}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74CA59B5-0066-48C3-9D1A-84E0C0BB9AD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B83055E5-D13F-4DB9-A034-3B89A4CFE680}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D109FD35-ED23-483B-87F3-9160F08B53B8}
[-] Key Deleted : HKLM\SOFTWARE\Elex-tech
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3152 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 7 Ultimate x64
Ran by admin on 06/09/2015 at 11:58:14,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\admin\AppData\Roaming\appdataFr2.bin
Successfully deleted: [File] C:\Users\admin\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\Users\admin\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage



~~~ Folders

Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin



~~~ Chrome


[C:\Users\admin\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\admin\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\admin\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\admin\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/09/2015 at 12:02:26,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Troubling]

ComboFix 15-09-07.01 - admin 09/09/2015 12:30:41.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1258.84.1033.18.3998.2218 [GMT 7:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-08-09 to 2015-09-09 )))))))))))))))))))))))))))))))
.
.
2015-09-09 06:58 . 2015-09-09 06:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-09-09 06:58 . 2015-09-09 06:58 -------- d-----w- c:\users\MSSQL$HUY\AppData\Local\temp
2015-09-09 06:58 . 2015-09-09 06:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-08 11:24 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2ED0286A-7453-459C-83AA-8693ABDBD182}\mpengine.dll
2015-09-07 03:51 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-09-06 04:38 . 2015-09-06 04:57 -------- d-----w- C:\AdwCleaner
2015-09-05 04:17 . 2015-09-05 04:22 -------- d-----w- C:\FRST
2015-09-05 02:25 . 2015-09-09 01:56 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-05 02:25 . 2015-06-18 02:27 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-09-05 02:25 . 2015-06-18 02:27 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-09-05 02:25 . 2015-06-18 02:27 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-04 14:44 . 2015-09-04 14:44 43112 ----a-w- c:\windows\avastSS.scr
2015-09-04 09:49 . 2015-07-02 05:47 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA0F7431-3E0C-4E6E-8D86-0498D3317F12}\gapaengine.dll
2015-08-24 10:14 . 2015-08-25 23:52 -------- d-----w- c:\program files (x86)\SegmentSegment
2015-08-20 00:24 . 2015-08-25 23:52 -------- d-----w- c:\program files (x86)\CutterProc
2015-08-15 01:08 . 2015-09-05 01:57 -------- d-----w- c:\program files (x86)\Alarm
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-09 01:54 . 2015-03-20 02:41 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-05 10:08 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-07-02 05:47 . 2015-03-31 11:09 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-30 15:40 . 2015-06-30 15:40 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2012-11-07 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-11-07 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UniKey"="c:\unikey 4.0 rc2 win64\UniKeyNT.exe" [2009-11-01 316928]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-24 6595928]
"GarenaPlus"="d:\games\LienMinhHuyenThoai\GameData\GarenaMessenger.exe" [2015-09-03 10016704]
"CocCoc Update"="c:\users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe" [2015-07-14 140488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Service"="d:\duy\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe" [2011-09-09 247016]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-10-16 291648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-04 343168]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-3-29 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP3000 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB3LAD.EXE [2014-11-30 60384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;d:\duy\UNG DUNG\avast\Malwarebytes Anti-Malware\mbamscheduler.exe;d:\duy\UNG DUNG\avast\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;d:\duy\UNG DUNG\avast\Malwarebytes Anti-Malware\mbamservice.exe;d:\duy\UNG DUNG\avast\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 MSSQL$HUY;SQL Server (HUY);e:\huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\sqlservr.exe;e:\huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\sqlservr.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R2 RzKLService;RzKLService;d:\duy\UNG DUNG\Game Booster\Razer Game Booster\RzKLService.exe;d:\duy\UNG DUNG\Game Booster\Razer Game Booster\RzKLService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;d:\games\LienMinhHuyenThoai\GameData\Room\safedrv.sys;d:\games\LienMinhHuyenThoai\GameData\Room\safedrv.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Ndisrd;WinpkFilter Service;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R4 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0200.sys [x]
R4 SQLAgent$HUY;SQL Server Agent (HUY);e:\huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\SQLAGENT.EXE;e:\huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\SQLAGENT.EXE [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R4 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-10 02:28 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-09 10:48]
.
2015-09-08 c:\windows\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000Core.job
- c:\users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [2015-07-14 12:59]
.
2015-09-09 c:\windows\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000UA.job
- c:\users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [2015-07-14 12:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-05-19 08:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-05-19 08:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-05-19 08:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-05-19 08:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-05-19 08:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-29 1332296]
.
------- Supplementary Scan -------
.
mDefault_Search_URL = www.google.com
mDefault_Page_URL = about:blank
mSearch Page = www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D0ED8A5C-3945-4A08-9E15-4394A60F2552}\155716E67602849656E6: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{D0ED8A5C-3945-4A08-9E15-4394A60F2552}\175716E676869656E613: NameServer = 208.67.222.222,208.67.220.220
Handler: bksa - {AFBCA127-FD48-4FF5-B523-0E0DB4B8C295} -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RGSC - d:\duy\GAMES\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PhotoZoom Professional - e:\huy\Originals\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\SecuROM\License information*]
"datasecu"=hex:33,54,d0,05,94,ac,4e,18,d1,c1,7e,d7,35,03,9f,57,c3,57,91,2a,6f,
61,f0,42,e3,b8,bc,44,eb,13,9b,17,88,66,b9,63,2f,c9,07,15,8a,4a,fb,39,3d,f7,\
"rkeysecu"=hex:91,07,51,5c,b3,b8,3a,f5,33,99,b5,65,7c,38,ac,46
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-09-09 14:37:55
ComboFix-quarantined-files.txt 2015-09-09 07:37
.
Pre-Run: 14.664.151.040 bytes free
Post-Run: 14.883.389.440 bytes free
.
- - End Of File - - 62FC920AE7867E961A4BBE8F18C85E3C
A36C5E4F47E84449FF07ED3517B43A31

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[Troubling]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
Ran by admin (administrator) on ADMIN-PC (10-09-2015 12:06:32)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin & MSSQL$HUY (Available Profiles: admin & MSSQL$HUY)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) D:\DUY\UNG DUNG\avast\Malwarebytes Anti-Malware\mbamscheduler.exe
(CANON INC.) C:\Windows\System32\CNAB3RPD.EXE
() D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe
(Malwarebytes Corporation) D:\DUY\UNG DUNG\avast\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe
() D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Update\1.3.39.17\CocCocCrashHandler.exe
(Microsoft Corporation) E:\Huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\sqlservr.exe
(CyberLink Corp.) D:\DUY\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Razer Inc.) D:\DUY\UNG DUNG\Game Booster\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2057000 2010-02-18] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [YouCam Service] => D:\DUY\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-10-16] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [UniKey] => C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe [316928 2009-11-02] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [GarenaPlus] => D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe [10016704 2015-09-03] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [CocCoc Update] => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [140488 2015-07-14] (Coc Coc Co., Ltd.)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-11-14]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP3000 Status Window.lnk [2014-11-30]
ShortcutTarget: Canon LBP3000 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB3LAD.EXE (CANON INC.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D0ED8A5C-3945-4A08-9E15-4394A60F2552}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130850202647942019&GUID=976E6C5F-4404-4638-A704-8719CAF19D3D
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=vi-VN&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fvn.search.yahoo.com%2F%3Ffr%3Dhp%2Dddc%2Dbd%26type%3Dpr%2Dbir%2Ddg%5F%5Falt%5F%5Fddc%5Fdsssyc%5Fbd%5Fcom&OSP=http%3A%2F%2Fvn.search.yahoo.com%2Fyhs%2Fsearch%3Fhspart%3Dddc%26hsimp%3Dyhs%2Dddc%5Fbd%26type%3Dpr%2Dbir%2Ddg%5F%5Falt%5F%5Fddc%5Fdss%5Fbd%5Fcom%26p%3D%7BsearchTerms%7D
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-3669532553-1905751560-421692475-2796484278-3223018999 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: bksa - {AFBCA127-FD48-4FF5-B523-0E0DB4B8C295} - C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27] (Skype Technologies S.A.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll [2012-11-09] ()
FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\Windows\system32\npDeployJava1.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll [2012-11-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: bkav.com.vn/BkavSiteAdvisorPlugin -> C:\Program Files (x86)\BkavHome\npBkavSiteAdvisorPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [bkavsiteadvisor@bkav.com.vn] - C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (NAVER Vietnam Toolbar for Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfgmhilhjkklfkcopoogicgkbpnocdoe [2015-04-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-09-27]
CHR HKLM-x32\...\Chrome\Extension: [mfgmhilhjkklfkcopoogicgkbpnocdoe] - C:\Program Files (x86)\Naver\NaverChromeToolbar\naver_chrome_toolbar_vn_win.crx [2012-09-05]
CHR HKLM-x32\...\Chrome\Extension: [pcnancbdijenfaameanloddnkbjhfaal] - C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavChrSiteAdvisor.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-07-25] (Macrovision Europe Ltd.) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-21] (Intel Corporation)
R2 MBAMScheduler; D:\DUY\UNG DUNG\avast\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; D:\DUY\UNG DUNG\avast\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 MSSQL$HUY; E:\Huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-03-11] ()
R2 RzKLService; D:\DUY\UNG DUNG\Game Booster\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2012-11-07] (Microsoft Corporation) [File not signed]
S4 SQLAgent$HUY; E:\Huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]

 

[Troubling]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 GGSAFERDriver; D:\GAMES\LienMinhHuyenThoai\GameData\Room\safedrv.sys [27744 2015-07-30] ()
R1 ISODrive; D:\DUY\UNG DUNG\UltraISO\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-10] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-03-11] (Razer, Inc.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-10-25] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-09] ()
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-10-11] (Oracle Corporation)
S3 VSPerfDrv110; E:\Huy\Window\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-10 12:06 - 2015-09-10 12:08 - 00018223 _____ C:\Users\admin\Desktop\FRST.txt
2015-09-10 12:05 - 2015-09-10 12:05 - 02190336 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2015-09-09 14:38 - 2015-09-09 14:38 - 00021296 _____ C:\ComboFix.txt
2015-09-09 12:29 - 2011-06-26 13:45 - 00256000 _____ C:\Windows\PEV.exe
2015-09-09 12:29 - 2010-11-08 00:20 - 00208896 _____ C:\Windows\MBR.exe
2015-09-09 12:29 - 2009-04-20 11:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-09 12:29 - 2000-08-31 07:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-09 12:29 - 2000-08-31 07:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-09 12:29 - 2000-08-31 07:00 - 00098816 _____ C:\Windows\sed.exe
2015-09-09 12:29 - 2000-08-31 07:00 - 00080412 _____ C:\Windows\grep.exe
2015-09-09 12:29 - 2000-08-31 07:00 - 00068096 _____ C:\Windows\zip.exe
2015-09-09 12:27 - 2015-09-09 14:41 - 00000000 ____D C:\Qoobox
2015-09-09 08:53 - 2015-09-09 08:53 - 05635119 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2015-09-09 08:52 - 2015-09-09 08:53 - 18779208 _____ C:\Users\admin\Desktop\RogueKiller.exe
2015-09-09 08:52 - 2015-09-09 08:53 - 01799392 _____ (Malwarebytes Corporation) C:\Users\admin\Desktop\JRT.exe
2015-09-09 08:52 - 2015-09-09 08:52 - 01660416 _____ C:\Users\admin\Desktop\adwcleaner_5.007.exe
2015-09-06 11:38 - 2015-09-09 14:43 - 00000000 ____D C:\AdwCleaner
2015-09-05 23:56 - 2015-09-05 23:56 - 00013281 _____ C:\Users\admin\Desktop\nba2k14.exe - Shortcut.lnk
2015-09-05 11:17 - 2015-09-10 12:06 - 00000000 ____D C:\FRST
2015-09-05 09:25 - 2015-09-10 12:00 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-05 09:25 - 2015-06-18 09:27 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-05 09:25 - 2015-06-18 09:27 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-05 09:25 - 2015-06-18 09:27 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-04 21:44 - 2015-09-04 21:44 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-04 21:09 - 2015-09-04 21:09 - 03459152 ____N (AVAST Software) C:\Users\Public\Documents\aswOfferTool.exe
2015-09-02 12:57 - 2015-09-02 12:57 - 00000000 ____D C:\Users\admin\Documents\BNE
2015-08-24 17:14 - 2015-08-26 06:52 - 00000000 ____D C:\Program Files (x86)\SegmentSegment
2015-08-20 07:24 - 2015-08-26 06:52 - 00000000 ____D C:\Program Files (x86)\CutterProc
2015-08-19 09:13 - 2015-08-19 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resident Evil Revelations 2
2015-08-18 11:40 - 2015-08-18 11:33 - 56576846 _____ C:\Users\admin\Documents\Capture_20150818.mp4
2015-08-15 08:08 - 2015-09-05 08:57 - 00000000 ____D C:\Program Files (x86)\Alarm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-10 12:09 - 2015-07-14 19:59 - 00001002 _____ C:\Windows\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000UA.job
2015-09-10 12:03 - 2012-11-07 11:46 - 00000000 ____D C:\Users\admin\AppData\Roaming\GarenaPlus
2015-09-10 12:03 - 2012-11-07 11:46 - 00000000 ____D C:\ProgramData\GarenaMessenger
2015-09-10 12:03 - 2012-11-07 08:44 - 01973484 _____ C:\Windows\WindowsUpdate.log
2015-09-10 11:59 - 2015-08-07 21:51 - 00003488 _____ C:\Windows\System32\Tasks\gg_uac_daemon_admin
2015-09-10 11:57 - 2015-07-20 17:45 - 00008678 _____ C:\Windows\setupact.log
2015-09-10 11:57 - 2009-07-14 12:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-09 22:20 - 2009-07-14 11:45 - 00022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-09 22:20 - 2009-07-14 11:45 - 00022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-09 21:40 - 2012-11-09 17:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-09 20:46 - 2015-07-14 19:59 - 00000950 _____ C:\Windows\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000Core.job
2015-09-09 18:46 - 2009-07-14 12:13 - 00908038 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-09 14:52 - 2015-03-20 09:41 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-09 14:44 - 2015-07-20 17:45 - 00657984 _____ C:\Windows\PFRO.log
2015-09-09 14:43 - 2015-07-30 20:21 - 00000000 ____D C:\Users\admin\AppData\Roaming\Yahoo!
2015-09-09 14:43 - 2012-11-07 10:29 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-09-09 14:00 - 2009-07-14 09:34 - 00000215 _____ C:\Windows\system.ini
2015-09-09 12:29 - 2014-10-08 08:18 - 00000000 ____D C:\Users\MSSQL$HUY
2015-09-09 12:29 - 2009-07-14 10:20 - 00000000 __RHD C:\Users\Default
2015-09-08 10:12 - 2015-06-29 13:27 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2015-09-06 11:52 - 2015-01-16 22:40 - 00000000 ____D C:\Windows\system32\log
2015-09-06 11:05 - 2015-03-20 09:41 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-05 11:54 - 2009-07-14 12:32 - 00000000 ____D C:\Windows\Offline Web Pages
2015-09-05 10:55 - 2009-07-14 11:45 - 00000000 ____D C:\Windows\Setup
2015-09-05 09:25 - 2015-03-20 09:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-05 09:20 - 2015-05-11 21:19 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2015-09-05 09:10 - 2013-07-14 21:40 - 00000000 ____D C:\ProgramData\install_clap
2015-09-05 09:10 - 2012-11-07 23:32 - 00000000 ____D C:\Windows\Panther
2015-09-05 09:10 - 2012-11-07 10:24 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2015-09-05 09:10 - 2012-11-07 08:53 - 00000000 ____D C:\Users\admin\AppData\Local\Microsoft Help
2015-09-05 09:08 - 2015-07-02 13:23 - 00000000 ____D C:\Program Files (x86)\EasyBib Too
2015-09-05 09:07 - 2015-06-30 10:13 - 00000000 ____D C:\Program Files (x86)\OneClick Cleaner for Chrome
2015-09-05 09:06 - 2015-08-10 10:40 - 00000000 ____D C:\Program Files (x86)\Twitch Smiles
2015-09-05 09:06 - 2015-06-18 15:39 - 00000000 ____D C:\Program Files (x86)\ZenMate Security Privacy Unblock VPN
2015-09-05 09:01 - 2015-07-17 21:59 - 00000000 ____D C:\Program Files (x86)\AppJump App Launcher and Organizer
2015-09-05 09:01 - 2015-07-15 21:00 - 00000000 ____D C:\Program Files (x86)\AntiGameOrigin
2015-09-05 09:01 - 2015-06-29 20:20 - 00000000 ____D C:\Program Files (x86)\Authy Chrome Extension
2015-09-05 08:39 - 2015-03-22 12:16 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-04 20:26 - 2014-01-25 08:20 - 00002299 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-26 06:51 - 2015-08-10 09:58 - 00000000 ____D C:\Program Files (x86)\IncludeInstance
2015-08-25 19:29 - 2015-02-19 20:02 - 00000000 ____D C:\Users\admin\AppData\Roaming\xim
2015-08-22 07:44 - 2009-07-14 12:08 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-20 07:48 - 2015-06-30 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2015-08-20 07:48 - 2012-11-07 08:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-19 09:15 - 2015-01-27 13:18 - 00000000 ____D C:\Users\admin\AppData\Local\CAPCOM
2015-08-13 08:29 - 2013-06-29 11:58 - 00001413 _____ C:\Users\admin\Desktop\Lien Minh Huyen Thoai - Shortcut.lnk
2015-08-12 16:15 - 2015-08-08 23:16 - 00000000 ____D C:\Users\admin\Documents\KoeiTecmo

==================== Files in the root of some directories =======

2015-06-29 13:35 - 2015-06-29 13:35 - 0000017 _____ () C:\Users\admin\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\dllnt_dump.dll
C:\Users\admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-26 17:59

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-09-2015
Ran by admin (2015-09-10 12:09:25)
Running from C:\Users\admin\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2012-11-07 01:39:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-3818046159-3689817371-2580797029-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3818046159-3689817371-2580797029-500 - Administrator - Disabled)
Guest (S-1-5-21-3818046159-3689817371-2580797029-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3818046159-3689817371-2580797029-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{C05A4975-B08D-26FA-C153-D6BBFF579705}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Balsamiq Mockups 3 (HKLM-x32\...\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 3.1.1 - Balsamiq SRL)
Balsamiq Mockups 3 (x32 Version: 3.1.1 - Balsamiq SRL) Hidden
BlazBlue: Continuum Shift Extend (HKLM-x32\...\BlazBlue: Continuum Shift Extend_is1) (Version: - H2 Interactive Co., Ltd.)
Canon LBP3000 (HKLM\...\Canon LBP3000) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
ccTalk (HKLM-x32\...\{F768F6BA-F164-4599-BC26-DCCFC2F71983}_is1) (Version: 4.0.2 - ccTalk)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
C-Free 4 Professional (HKLM-x32\...\C-Free 4_is1) (Version: - Program Arts)
Cốc Cốc (HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\CocCocBrowser) (Version: 44.0.2403.125 - Đơn vị chủ quản Cốc Cốc)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
DYNASTY WARRIORS® 8 Empires (HKLM-x32\...\DYNASTY WARRIORS® 8 Empires_is1) (Version: - )
Dynomite Deluxe (HKLM-x32\...\Dynomite Deluxe) (Version: - )
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Garena - FIFA ONLINE 3(Vietnam) (HKLM-x32\...\FO3VN) (Version: - Garena Online Pte Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IBM Rational Rose Enterprise Edition (HKLM-x32\...\{22D66ACE-E0A1-482E-B797-0A6A377D3E91}) (Version: 7.0.0.0 - Rational Software)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{54EB8041-1115-4406-AA4B-44D236E84B3B}) (Version: 15.01.1000.0927 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
Java SE Development Kit 7 Update 4 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170040}) (Version: 1.7.0.40 - Oracle)
Java(TM) 6 Update 16 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 7 Update 4 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417004FF}) (Version: 7.0.40 - Oracle)
Java(TM) SE Development Kit 6 Update 16 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160160}) (Version: 1.6.0.160 - Sun Microsystems, Inc.)
JavaFX 2.1.0 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-210648764D10}) (Version: 2.1.0 - Oracle Corporation)
JavaFX 2.1.0 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-210648764D10}) (Version: 2.1.0 - Oracle Corporation)
K-Lite Codec Pack 8.1.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.1.0 - )
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Metal Gear Rising: Revengeance (HKLM-x32\...\Metal Gear Rising: Revengeance_is1) (Version: - )
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31125 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{ae17ae9b-af38-40d2-a194-6102c56ed502}) (Version: 11.0.50727.26 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0 - Mozilla)
Naruto Shippuden Ultimate Ninja Storm Revolution (HKLM-x32\...\Naruto Shippuden Ultimate Ninja Storm Revolution_is1) (Version: - )
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst_is1) (Version: - Namco Bandai Games)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Paint XP version 1.2 (HKLM-x32\...\{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1) (Version: 1.2 - MSPAINTXP.COM)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Pro Evolution Soccer 2015 (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.4.15.0 - Razer Inc.)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30118 - Realtek Semiconductor Corp.)
Resident Evil Revelations 2 (HKLM-x32\...\Resident Evil Revelations 2_is1) (Version: - )
Scribblenauts Unlimited (HKLM-x32\...\Scribblenauts Unlimited_is1) (Version: - )
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Star Wars Jedi Knight Jedi Academy (HKLM-x32\...\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}) (Version: - )
Star Wars Republic Commando (HKLM-x32\...\Star Wars Republic Commando_is1) (Version: - )
Street Fighter X Tekken (x32 Version: 1.0.0004.130 - CAPCOM U.S.A., INC) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.9.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.5.0.77 - KMP Media co., Ltd)
TreeSize Free V3.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3 - JAM Software)
UltraISO Premium V9.65 (HKLM-x32\...\UltraISO_is1) (Version: - )
Unity Web Player (HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VBR_1021_Full (HKLM-x32\...\{FF7E25F8-F688-4FC4-914E-74D4F9C74371}_is1) (Version: - VTCGame)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XSplit Broadcaster (HKLM-x32\...\{3678DA80-4221-457A-A7AB-F94264807883}) (Version: 1.3.1310.1103 - SplitMediaLabs)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )

 

[Troubling]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

09-09-2015 09:59:23 JRT Pre-Junkware Removal
09-09-2015 12:21:49 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-03-23 20:07 - 2015-03-26 15:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02125155-7DC8-4E26-9111-2B8936FDAE90} - System32\Tasks\{F749A93F-D823-4F5E-B664-7F9CB7C6799A} => D:\GAMES\***\Assassin's Creed IV Black Flag\AC4BFSP.exe
Task: {1177659E-4A61-4FA1-8FE1-50DD2A0F8AB8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-09] (Adobe Systems Incorporated)
Task: {1BD6351D-5A36-4097-92F8-8164C1BEBD08} - System32\Tasks\{D5177AAC-BCE9-4AC3-9CEE-C90751DA6BF6} => pcalua.exe -a D:\C\Windows\BT\bai01.exe -d D:\C\Windows\BT
Task: {21073F1B-8B5E-4498-9837-45288B58B39C} - System32\Tasks\{947472E8-A5D0-4F35-93FF-E7BD403CCB40} => pcalua.exe -a E:\Huy\Originals\Uninstall.exe
Task: {34E1F3E8-2744-42E2-9F8D-F06EAC27A6AC} - System32\Tasks\{CA9F35EC-2E48-4ABC-AEC1-11B29843986A} => pcalua.exe -a "E:\Huy\Originals\PhotoZoom Professional Setup.exe" -d E:\Huy\Originals
Task: {36715A6C-9DCD-4969-8EC8-B48FCB93C622} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe
Task: {37C445E6-35FA-4842-AD15-8DBCE118EE6D} - System32\Tasks\{E0FBBA98-E6F5-46B3-B365-F16C237A6636} => Chrome.exe http://ui.skype.com/ui/0/6.1.0.129.272/vi/abandoninstall?page=tsProgressBar
Task: {388A179F-8E20-48DB-846F-B0ED40B41749} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {395A3A50-DF1A-491A-9590-76B3591210A3} - System32\Tasks\{6578B33F-BE5C-40E3-8EB4-F017B59D7DCF} => pcalua.exe -a "D:\GAMES\SWCMR\Star Wars Republic Commando [CHK88]\Republic Commando [CHK88]\[PC-Full]-SW-Republic.Commando.exe" -d "D:\GAMES\SWCMR\Star Wars Republic Commando [CHK88]\Republic Commando [CHK88]"
Task: {4617E916-92E8-473D-8720-2A35DF2439F5} - System32\Tasks\{67659D67-741B-43E0-9D5B-E630A49031FF} => pcalua.exe -a D:\GAMES\SWJK\JediAcademy.exe -d D:\GAMES\SWJK
Task: {69FE8EC8-AECE-4806-A5D8-0A95C1D53A0C} - System32\Tasks\gg_uac_daemon_admin => D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe [2015-09-03] ()
Task: {6E5B0555-8FD5-4D9F-BF75-DB10169E821F} - System32\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000Core => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [2015-07-14] (Coc Coc Co., Ltd.)
Task: {8041E7FA-BBC6-43F8-9E56-4F7ABCBE678D} - System32\Tasks\{9A49B636-3FD2-41DA-8332-19A9F882F665} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {8B5BCFCB-DE58-47B0-ACA9-AD518FD2C21B} - System32\Tasks\{0D66A9C9-3137-43D8-9A9D-E4D394146DE5} => pcalua.exe -a "D:\DUY\GAMES\Zing speed\2S-setup-110.exe" -d "D:\DUY\GAMES\Zing speed"
Task: {B8820E18-028F-46AD-A13E-4CD572070045} - System32\Tasks\{87CAB124-17DE-4292-9BC4-7777ADEBDFCC} => Firefox.exe http://ui.skype.com/ui/0/6.0.0.126/vi/abandoninstall?page=tsProgressBar
Task: {D9E84FC2-DB2A-418C-BDAA-95B1FE118362} - System32\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000UA => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [2015-07-14] (Coc Coc Co., Ltd.)
Task: {DA255089-7810-409D-95B3-4ADAA0422A80} - System32\Tasks\{75323A41-E23B-480A-8EF4-9F8E63FB6719} => pcalua.exe -a "E:\Huy\Rational Rose\IBM.Rational.Rose.Enterprise.v7.0_Blog.HanhTrinhTuoiTre.Com\setup.exe" -d "E:\Huy\Rational Rose\IBM.Rational.Rose.Enterprise.v7.0_Blog.HanhTrinhTuoiTre.Com"
Task: {E3482EE7-FEBC-4270-949D-74206E3B78DA} - \Superclean -> No File <==== ATTENTION
Task: {EF2397D0-6706-4C2D-A48B-626A88F0FC7E} - System32\Tasks\{503E338D-E662-45EC-8A2F-AD3C2880012F} => pcalua.exe -a D:\GAMES\SWJK\autorun.exe -d D:\GAMES\SWJK
Task: {F155C81B-6271-49A4-9B23-6C62609C9CED} - \AutoKMS -> No File <==== ATTENTION
Task: {F7975478-5CCD-4EA6-821F-5215613B4445} - System32\Tasks\{34BF06CC-4E30-4900-BD2E-832C2B1159D3} => pcalua.exe -a G:\OriginInstaller.exe -d G:\
Task: {FA1DBBEF-C7B0-49B5-8891-B9FC1E9607E9} - System32\Tasks\{E3883D28-6D4C-4C2E-8535-0553082E5067} => pcalua.exe -a "D:\DUY\GAMES\Vua Bóng Rổ\install.exe" -d "D:\DUY\GAMES\Vua Bóng Rổ"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000Core.job => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe
Task: C:\Windows\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000UA.job => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-11-07 10:27 - 2009-11-02 01:13 - 00296960 _____ () C:\UniKey 4.0 RC2 Win64\UKHook40.dll
2013-07-12 19:13 - 2015-09-03 15:35 - 00089536 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe
2012-11-07 09:55 - 2012-03-19 15:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-07 10:27 - 2009-11-02 01:13 - 00316928 _____ () C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe
2013-06-29 11:53 - 2015-09-03 15:35 - 10016704 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe
2015-03-11 01:20 - 2015-03-11 01:20 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2012-03-05 04:43 - 2012-03-05 04:43 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-12-13 16:10 - 2011-12-13 16:10 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-06-29 11:53 - 2015-09-03 15:35 - 02062784 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ggspawn.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00111192 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\CommonLib.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00040024 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\DibModule.dll
2013-06-29 11:53 - 2015-09-08 21:26 - 00040896 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\VersionModule.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00057944 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\FileLoader.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00093784 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\PluginKernel.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00493656 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\CxImage.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00031832 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\PluginModule.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00177240 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\fs\YYFileSystem.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00380504 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\Http.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00191064 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\MP3Module.dll
2013-06-29 11:53 - 2012-02-22 15:52 - 00162304 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lame_enc.DLL
2012-10-31 11:44 - 2015-01-20 19:20 - 00226392 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\TaskManagerLib.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00112728 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\UILayout.dll
2012-10-31 11:44 - 2015-05-27 11:47 - 00965056 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\XLL.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00061528 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\XmlUIModule.dll
2013-06-29 11:53 - 2012-02-22 15:52 - 00573100 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\sqlite3.dll
2012-10-31 11:44 - 2015-09-03 15:35 - 00231872 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Plugins\StatsPlugin.dll
2012-11-01 12:15 - 2015-09-08 21:26 - 02095040 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Plugins\ggplugin.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00199256 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ImageModule.dll
2013-06-30 10:54 - 2015-01-20 19:20 - 00161880 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\libmpg123.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 02947672 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ggdownloader.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00072280 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\AudioMixerLib.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00023128 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\ClientTcp.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 01551960 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\FileSender.dll
2013-06-29 11:53 - 2013-02-01 12:42 - 00153088 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\libzmq.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00962648 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\GaFileTransfer.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00251480 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\MediaEngine.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00032856 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ServerMemAlloc.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00523352 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\RSALib.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00074840 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\UdtLib.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00153688 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\xIM.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00596568 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\xim\plugin_msn.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00467032 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\xim\plugin_xmpp.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00201304 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\xim\plugin_yahoo.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00107608 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Plugins\PlatformPlugin.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00243288 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Plugins\PluginNews.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00404056 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Plugins\GarenaTalkPlugin.dll
2012-12-01 11:09 - 2015-01-20 19:20 - 00293464 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Plugins\DailyTaskPlugin.dll
2013-07-12 19:13 - 2015-01-20 19:20 - 00222808 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Plugins\GameSalePlugin.dll
2013-03-08 12:17 - 2013-03-08 12:17 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\avcodec-54.dll
2013-03-08 12:17 - 2013-03-08 12:17 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\avutil-52.dll
2013-03-08 12:17 - 2013-03-08 12:17 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\avformat-54.dll
2013-03-08 12:17 - 2013-03-08 12:17 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\swscale-2.dll
2013-03-08 12:17 - 2013-03-08 12:17 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\swresample-0.dll
2015-08-07 14:11 - 2015-07-29 18:17 - 01405080 _____ () C:\Users\admin\AppData\Local\CocCoc\Browser\Application\44.0.2403.125\libglesv2.dll
2015-08-07 14:11 - 2015-07-29 18:17 - 00080536 _____ () C:\Users\admin\AppData\Local\CocCoc\Browser\Application\44.0.2403.125\libegl.dll
2015-08-07 14:11 - 2015-07-29 18:17 - 16308040 _____ () C:\Users\admin\AppData\Local\CocCoc\Browser\Application\44.0.2403.125\PepperFlash\pepflashplayer.dll
2012-10-31 11:44 - 2015-08-27 15:56 - 06794176 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\BBtalk.exe
2012-10-31 11:44 - 2015-01-16 11:27 - 00110680 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\CommonLib.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00069720 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\PluginKernel.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00039512 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\DibModule.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00388696 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\ImageModule.dll
2013-07-12 19:13 - 2015-01-16 11:27 - 00823896 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\gagmhook.dll
2013-08-24 09:54 - 2015-01-16 11:27 - 00047704 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lollauncher.dll
2012-10-31 11:44 - 2015-08-28 14:19 - 00029632 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\VersionModule.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00454600 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\sqlite3.dll
2012-10-31 11:44 - 2015-08-27 15:56 - 02457024 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\Overlay.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00115288 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\AudioMixerLib.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00036440 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\ChannelUrlDll.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00431192 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\exchndl.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00083544 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\FileManager.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00059480 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\FileSystem.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00380504 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\Http.dll
2012-10-31 21:53 - 2015-01-16 11:27 - 00053336 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\InputHookLib.dll
2012-10-31 21:53 - 2015-01-16 11:27 - 00073304 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\InputHook.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00048216 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\IPCLib.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00062040 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\LangLib.dll
2012-10-31 21:53 - 2015-01-16 11:27 - 00096344 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\audiohost.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00141400 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\MessagePumpLib.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00036952 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\MP3Saver.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00244824 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\libmp3lame.DLL
2013-12-21 13:38 - 2015-01-16 11:27 - 01054296 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\RealTimeVideoEngine.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00062552 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\ResLib.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00105560 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\PngModule.dll
2013-04-06 21:30 - 2015-01-16 11:27 - 00134232 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\TcpClient.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00143960 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\UdpClient.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00117336 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\UILayout.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00872536 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\UILib.dll
2012-10-31 11:44 - 2015-01-16 11:27 - 00062040 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\lib\XmlUIModule.dll
2013-06-29 11:53 - 2012-08-02 16:18 - 00954368 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Apps\LoLVN\launcher.lib.dll
2013-06-29 11:53 - 2012-08-02 16:18 - 00053248 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Apps\LoLVN\launcher.lang-en.dll
2013-06-29 11:49 - 2013-07-13 07:24 - 00074752 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Apps\LoLVN\Air\LOLClient.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMPPALR3 => 2
MSCONFIG\Services: BTHSSecurityMgr => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: PanService => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: ZeroConfigService => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9AB32D9D-9DDB-4C89-9A5B-85CE2A1969B5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{68F0D4EF-091C-4397-A6BC-6C1347E88097}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{897D68F3-276A-4046-87E7-8055AA85B7D1}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E5BBCB73-B2CD-45ED-B4B9-CC4090BF3BF8}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{B51B2C48-D7FF-427A-A579-8909526AA020}] => (Allow) LPort=8370
FirewallRules: [{14690F9A-0CCB-4297-BF68-746AB427EAF6}] => (Allow) LPort=8370
FirewallRules: [{9B472E7D-626C-422D-81AB-1465E7426850}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\Air\LolClient.exe
FirewallRules: [{D90588E7-D044-4651-BA80-53AAA4EBAF19}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\Air\LolClient.exe
FirewallRules: [{040FA8AA-EEA1-4E94-AAB8-6B14B87A341C}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\Game\League of Legends.exe
FirewallRules: [{95C2E066-F0DA-4687-B5DB-142591149D0D}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\Game\League of Legends.exe
FirewallRules: [{CED8FAEC-35D6-41A1-9A51-4E3C53D52625}] => (Allow) LPort=8370
FirewallRules: [{C784C6CB-E21A-4DCF-BD53-194D8E64D242}] => (Allow) LPort=8370
FirewallRules: [{3BF29EC4-301B-418C-B7F0-23704CD4ED36}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\Air\LolClient.exe
FirewallRules: [{3C21E3F4-F4E8-4C09-AC70-B358C4152D45}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\Air\LolClient.exe
FirewallRules: [{584A721F-4B13-4219-A9E6-716B322F5E88}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\Game\League of Legends.exe
FirewallRules: [{A1C93AF6-3F08-40C4-AC3C-B8EBE0C00043}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\Game\League of Legends.exe
FirewallRules: [{94332CDB-10B8-4E90-B926-922BD5EFEAC6}] => (Allow) C:\Program Files (x86)\naver\NaverCommon_VN\NaverAdminAPISvc.exe
FirewallRules: [{92DC7D2C-4022-4E6A-8267-A5B3BAEBD363}] => (Allow) C:\Program Files (x86)\naver\NaverCommon_VN\NaverAdminAPISvc.exe
FirewallRules: [{E3F439D8-5896-4AC9-BC6E-BFE2DE7FC1E4}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe
FirewallRules: [{447E66C3-DCA6-482D-B612-E7C7879D69D0}] => (Allow) C:\Program Files (x86)\naver\NaverCommon_VN\NaverAdminAPISvc.exe
FirewallRules: [{98A65C03-91E6-4CB2-8874-CBD118E24528}] => (Allow) C:\Program Files (x86)\naver\NaverCommon_VN\NaverAdminAPISvc.exe
FirewallRules: [{A9E5B49A-C4A4-45FD-B282-FA00761F7D59}] => (Allow) D:\DUY\GAMES\PlayPark2\HaG\Heroes & Generals\live\hng.exe
FirewallRules: [{E262E038-B10E-4431-8DBD-B3A946C66801}] => (Allow) D:\DUY\GAMES\PlayPark2\HaG\Heroes & Generals\live\hng.exe
FirewallRules: [{7197D186-9E83-4378-B0C9-8A7D54BBD616}] => (Allow) D:\DUY\GAMES\HaG\Heroes & Generals\live\hng.exe
FirewallRules: [{6B9A944F-250E-46EB-9286-57FFF10EAAE7}] => (Allow) D:\DUY\GAMES\HaG\Heroes & Generals\live\hng.exe
FirewallRules: [TCP Query User{69F20F7A-970B-4BF8-9717-39162ECDF200}D:\games\lienminhhuyenthoai\gamedata\bbtalk\bbtalk.exe] => (Block) D:\games\lienminhhuyenthoai\gamedata\bbtalk\bbtalk.exe
FirewallRules: [UDP Query User{9FBDD633-C057-4D2E-AFE1-5F1E82C82AEC}D:\games\lienminhhuyenthoai\gamedata\bbtalk\bbtalk.exe] => (Block) D:\games\lienminhhuyenthoai\gamedata\bbtalk\bbtalk.exe
FirewallRules: [TCP Query User{B25E39E7-D204-4A03-8E0F-2A96D73B9634}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{195170D3-5294-4495-AFA5-DA02625B0D5B}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [TCP Query User{80FA1D02-77AF-4841-B075-06BDA2D8E383}D:\games\lienminhhuyenthoai\gamedata\updatemanager.exe] => (Allow) D:\games\lienminhhuyenthoai\gamedata\updatemanager.exe
FirewallRules: [UDP Query User{DF6080E3-203B-4A37-A242-C304A741BB5B}D:\games\lienminhhuyenthoai\gamedata\updatemanager.exe] => (Allow) D:\games\lienminhhuyenthoai\gamedata\updatemanager.exe
FirewallRules: [TCP Query User{B752F7A6-D29C-4961-9A48-EBF813C2CFA3}D:\games\lienminhhuyenthoai\gamedata\garenamessenger.exe] => (Allow) D:\games\lienminhhuyenthoai\gamedata\garenamessenger.exe
FirewallRules: [UDP Query User{A9FBB11C-E690-4EE8-B1E7-96FE690241C7}D:\games\lienminhhuyenthoai\gamedata\garenamessenger.exe] => (Allow) D:\games\lienminhhuyenthoai\gamedata\garenamessenger.exe
FirewallRules: [{2746D67D-DB9A-4F06-A7D8-9E36724BB999}] => (Allow) C:\Users\admin\AppData\Local\GC\Clicker.exe
FirewallRules: [{D376A9FF-9CAB-45A6-B9D2-59DDCB248669}] => (Allow) C:\Users\admin\AppData\Local\GC\Clicker.exe
FirewallRules: [{84443C57-BF5F-4F03-80BB-D016F0959499}] => (Allow) C:\Users\admin\AppData\Local\GC\Clicker.exe
FirewallRules: [TCP Query User{B59D26C9-6A9E-4DC6-B12D-94213BF3EC4B}C:\users\admin\appdata\local\xyzsoft\ft\client.exe] => (Allow) C:\users\admin\appdata\local\xyzsoft\ft\client.exe
FirewallRules: [UDP Query User{D77E5423-A3C1-4C86-89F4-DB7EDCF1D7FD}C:\users\admin\appdata\local\xyzsoft\ft\client.exe] => (Allow) C:\users\admin\appdata\local\xyzsoft\ft\client.exe
FirewallRules: [{73A3C27F-2ADB-4468-8470-C30081F228B7}] => (Allow) LPort=6973
FirewallRules: [{B23AEEA1-8987-4748-99E1-49F82BD51812}] => (Allow) LPort=6973
FirewallRules: [{894FC446-D8B2-472E-9728-C632DA9339B1}] => (Allow) LPort=6968
FirewallRules: [{29E6706A-6814-4767-AB12-C19C479A12A0}] => (Allow) LPort=6968
FirewallRules: [TCP Query User{F9B089A5-26DE-4C01-8884-1C983F795ACA}E:\huy\psp\brs\ppsspp\ppssppwindows64.exe] => (Allow) E:\huy\psp\brs\ppsspp\ppssppwindows64.exe
FirewallRules: [UDP Query User{03EB4D95-1276-49F2-B56A-ED4094E77AEA}E:\huy\psp\brs\ppsspp\ppssppwindows64.exe] => (Allow) E:\huy\psp\brs\ppsspp\ppssppwindows64.exe
FirewallRules: [TCP Query User{76078BF9-8B21-4A7D-8603-C28BD5F10D5B}E:\huy\psp\brs\ppsspp\adhocserverproonline\adhocsever.exe] => (Allow) E:\huy\psp\brs\ppsspp\adhocserverproonline\adhocsever.exe
FirewallRules: [UDP Query User{DA81F199-9DCD-4A4E-B1B9-FD985D0C4DF3}E:\huy\psp\brs\ppsspp\adhocserverproonline\adhocsever.exe] => (Allow) E:\huy\psp\brs\ppsspp\adhocserverproonline\adhocsever.exe
FirewallRules: [{F5851B27-693E-4FEC-A955-476E41EF0CD5}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{0C605377-5C06-4D3A-AD70-0429A4362684}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{F482E3C5-8457-4CEF-AB6E-86F4D10570A4}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{F523526D-9C0F-49FC-A878-66BBDC39745C}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{0DAA9CB1-1959-4E7A-865A-A0A3CC262D32}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{CDDFCBB8-CE38-4F80-8BB3-C761482C34A7}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{871C1457-F728-41A2-9615-83DA8B45EE83}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{4E586303-1D14-418D-B6D7-B83DA4D2F731}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [TCP Query User{B862D7BC-CED7-4285-B48C-7169CB0895E0}E:\huy\dmc\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe] => (Allow) E:\huy\dmc\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe
FirewallRules: [UDP Query User{C91CACF7-9B43-4284-8FF6-2E00641D1026}E:\huy\dmc\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe] => (Allow) E:\huy\dmc\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe
FirewallRules: [TCP Query User{06E510A6-1812-4755-B680-93ADA2A10C3F}D:\games\re 6\resident evil 6\bh6.exe] => (Allow) D:\games\re 6\resident evil 6\bh6.exe
FirewallRules: [UDP Query User{9733D995-C257-4EF4-9845-4B4982D4D468}D:\games\re 6\resident evil 6\bh6.exe] => (Allow) D:\games\re 6\resident evil 6\bh6.exe
FirewallRules: [{EC6185F2-4D38-4376-BF83-AF9FC479F7C3}] => (Allow) E:\Huy\Steam\Steam.exe
FirewallRules: [{D6696C07-835B-4EC0-A2E3-6CC3702265A1}] => (Allow) E:\Huy\Steam\Steam.exe
FirewallRules: [TCP Query User{6E7AB07A-6B8E-424B-AF5E-F50A66FA3737}D:\games\***\assassins creed iv black flag\ac4bfmp.exe] => (Allow) D:\games\***\assassins creed iv black flag\ac4bfmp.exe
FirewallRules: [UDP Query User{53366B33-ED77-4B5C-B0F8-6064CFCAD8AC}D:\games\***\assassins creed iv black flag\ac4bfmp.exe] => (Allow) D:\games\***\assassins creed iv black flag\ac4bfmp.exe
FirewallRules: [TCP Query User{C0BE8080-20E9-4597-82A2-641F1FE5D337}D:\games\swjk\gamedata\gamedata\jamp.exe] => (Block) D:\games\swjk\gamedata\gamedata\jamp.exe
FirewallRules: [UDP Query User{456D7EC5-AA2A-4A8E-87AF-537A055532CF}D:\games\swjk\gamedata\gamedata\jamp.exe] => (Block) D:\games\swjk\gamedata\gamedata\jamp.exe
FirewallRules: [TCP Query User{A881C6C6-1FB3-4446-99A2-BB735A3572EF}D:\games\swgl\game\battlegrounds_x1.exe] => (Allow) D:\games\swgl\game\battlegrounds_x1.exe
FirewallRules: [UDP Query User{41C8258E-18C3-4194-934E-7F497DF62535}D:\games\swgl\game\battlegrounds_x1.exe] => (Allow) D:\games\swgl\game\battlegrounds_x1.exe
FirewallRules: [TCP Query User{90B324BA-1048-4D99-9A19-3AE0FF368602}D:\games\swjk\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe] => (Block) D:\games\swjk\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe
FirewallRules: [UDP Query User{EA2B65D4-77B6-4D86-A3E6-FA6DB321E05F}D:\games\swjk\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe] => (Block) D:\games\swjk\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe
FirewallRules: [TCP Query User{2C0B758A-6B18-4CFA-B8FB-AD5BBA533C06}D:\games\sc2\versions\base15405\sc2.exe] => (Allow) D:\games\sc2\versions\base15405\sc2.exe
FirewallRules: [UDP Query User{C3E9F498-1520-48E6-8735-96DAE98742B3}D:\games\sc2\versions\base15405\sc2.exe] => (Allow) D:\games\sc2\versions\base15405\sc2.exe
FirewallRules: [{49BFBB42-72D0-4450-9AE6-DC82450C1CA8}] => (Allow) D:\GAMES\Tomb Raider\Tombraider\Steam.exe
FirewallRules: [{7558B54F-9D1C-42CA-87F6-D512923217EA}] => (Allow) D:\GAMES\Tomb Raider\Tombraider\Steam.exe
FirewallRules: [{40205D53-9518-47DB-8BE9-077A26FD3A9A}] => (Allow) D:\GAMES\Tomb Raider\Tombraider\Steam.exe
FirewallRules: [{4E2500D3-BFE3-49D1-A15A-363B3902E437}] => (Allow) D:\GAMES\Tomb Raider\Tombraider\Steam.exe
FirewallRules: [{364A6918-B1C4-4F26-A0D2-D95E9465DB1F}] => (Allow) D:\DUY\UNG DUNG\ccTalk\ccTalk\Bin\ccTalk.exe
FirewallRules: [{F94E1DC5-575B-415C-AFC6-5FD9CB5A9860}] => (Allow) D:\DUY\UNG DUNG\ccTalk\ccTalk\Bin\ccTalk.exe
FirewallRules: [TCP Query User{0D1BCA55-4948-4C4A-B625-35A85CC7B202}C:\users\admin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\admin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{69677F2C-A5D9-4231-8BCC-2C99A6F93CBD}C:\users\admin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\admin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{192C4143-1B46-4536-8093-1AFCB33FC158}] => (Allow) LPort=6963
FirewallRules: [{FB24F615-88ED-4DC4-BECA-26E25D64BE0E}] => (Allow) LPort=6963
FirewallRules: [TCP Query User{0D46D3EF-6310-4572-A211-1EB3E8F98CE3}D:\duy\games\zing speed\vdownloader.exe] => (Allow) D:\duy\games\zing speed\vdownloader.exe
FirewallRules: [UDP Query User{2CEE923B-90FB-4B05-8521-EC98CDC6D9B1}D:\duy\games\zing speed\vdownloader.exe] => (Allow) D:\duy\games\zing speed\vdownloader.exe
FirewallRules: [TCP Query User{789E5035-7DD5-4F1E-8A33-D1D9050AA0CE}D:\duy\games\zing speed\releasephysx27\zingspeedloader.exe] => (Allow) D:\duy\games\zing speed\releasephysx27\zingspeedloader.exe
FirewallRules: [UDP Query User{A56E7C5C-6E55-4873-8133-C6135D20F8C3}D:\duy\games\zing speed\releasephysx27\zingspeedloader.exe] => (Allow) D:\duy\games\zing speed\releasephysx27\zingspeedloader.exe
FirewallRules: [TCP Query User{E4E78FDC-25C1-4096-B70E-E2B707CA412E}C:\programdata\qqkartliveupdate\liveupdaterun\liveupdate.exe] => (Block) C:\programdata\qqkartliveupdate\liveupdaterun\liveupdate.exe
FirewallRules: [UDP Query User{FC11A7B4-D615-479E-A184-655E6B36D33B}C:\programdata\qqkartliveupdate\liveupdaterun\liveupdate.exe] => (Block) C:\programdata\qqkartliveupdate\liveupdaterun\liveupdate.exe
FirewallRules: [{278A1F8E-8875-43B7-A7FC-920571320C32}] => (Allow) C:\Windows\System32\CNAB3RPD.EXE
FirewallRules: [{7EA9658A-8232-405E-81FB-899EA49F3FBB}] => (Allow) C:\Windows\System32\CNAB3RPD.EXE
FirewallRules: [TCP Query User{8804C7C8-2325-44AE-9B9B-0AE3E916E9CC}E:\huy\reop\resident evil - operation raccoon city\raccooncity.exe] => (Allow) E:\huy\reop\resident evil - operation raccoon city\raccooncity.exe
FirewallRules: [UDP Query User{AB68B210-B711-439F-A48F-110A58D28242}E:\huy\reop\resident evil - operation raccoon city\raccooncity.exe] => (Allow) E:\huy\reop\resident evil - operation raccoon city\raccooncity.exe
FirewallRules: [TCP Query User{689C31D0-F61E-4F6B-845A-28B9AF8C4B59}D:\games\re6\resident evil 6\bh6.exe] => (Allow) D:\games\re6\resident evil 6\bh6.exe
FirewallRules: [UDP Query User{38410A8F-50B6-4BBC-85F0-A5B50CB55DDA}D:\games\re6\resident evil 6\bh6.exe] => (Allow) D:\games\re6\resident evil 6\bh6.exe
FirewallRules: [TCP Query User{D953BAB9-E652-4760-B9A0-E6C5F13C2353}D:\games\dark sector\dark sector\ds.exe] => (Allow) D:\games\dark sector\dark sector\ds.exe
FirewallRules: [UDP Query User{B957360A-BBEC-4712-AC06-E62A5C3E669B}D:\games\dark sector\dark sector\ds.exe] => (Allow) D:\games\dark sector\dark sector\ds.exe
FirewallRules: [{B601206C-D973-4B51-ACA4-10A6FD4FCCF5}] => (Allow) D:\GAMES\RE5\RE5DX9.EXE
FirewallRules: [{E3A923ED-762C-45A9-86DE-0C0706015709}] => (Allow) D:\GAMES\RE5\RE5DX9.EXE
FirewallRules: [{C9A36809-CCCA-46D8-9A84-FF76FE4B627A}] => (Allow) D:\GAMES\RE5\RE5DX10.EXE
FirewallRules: [{81C52905-8ADE-4D5B-B0DD-D2384461708A}] => (Allow) D:\GAMES\RE5\RE5DX10.EXE
FirewallRules: [TCP Query User{C9846342-827C-4CD4-B7C9-5A7B9F635972}D:\games\witcher\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\games\witcher\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [UDP Query User{3178E02A-02CB-4F9F-A504-1E7B76B71C81}D:\games\witcher\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\games\witcher\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [{D67DC790-198D-4054-B7C8-3932AC413CEC}] => (Allow) LPort=6912
FirewallRules: [{4AB4B1BD-2E7F-4C25-AFD3-C029AA0A54FC}] => (Allow) LPort=6912
FirewallRules: [TCP Query User{A23AB384-964C-4A0E-8079-51415F2B7BD4}D:\games\swjk\gamedata\gamedata\jamp.exe] => (Block) D:\games\swjk\gamedata\gamedata\jamp.exe
FirewallRules: [UDP Query User{AFE9BBFC-6933-4AAC-9FAE-D6F17946F737}D:\games\swjk\gamedata\gamedata\jamp.exe] => (Block) D:\games\swjk\gamedata\gamedata\jamp.exe
FirewallRules: [TCP Query User{1127FCB8-6DF7-425C-90BE-A83CAC38F957}D:\games\witcher\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\games\witcher\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [UDP Query User{EB98AE1E-9C7B-484A-91FA-83401D8233D6}D:\games\witcher\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\games\witcher\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [{CE1CCF92-A308-45ED-B0B2-25780384393B}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{BD9565AA-8E92-44D3-A6EA-5D11E33BA3E6}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{150CA673-BF93-4101-B109-1C90D0578283}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{181FDF64-0B7B-467B-A3EA-044E43D52F50}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{230AC3E2-0FAB-4CFE-A660-9DD15DF8B2AF}] => (Allow) LPort=6995
FirewallRules: [{C81333E3-5C8E-4883-9422-768A91A3D140}] => (Allow) LPort=6995
FirewallRules: [TCP Query User{E6670FA8-578C-4252-95E6-00B9DC0341C1}D:\games\re6\resident evil 6\bh6.exe] => (Allow) D:\games\re6\resident evil 6\bh6.exe
FirewallRules: [UDP Query User{923D900B-F38D-46A2-B3DE-A44197A07026}D:\games\re6\resident evil 6\bh6.exe] => (Allow) D:\games\re6\resident evil 6\bh6.exe
FirewallRules: [TCP Query User{1C59C24A-BB07-4F20-9DF6-A0448F87B229}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{6AF0B4F9-AB59-4A43-9D09-9B968DBAB2EB}C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\admin\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [{B0A855FB-FB62-4C8D-9041-E0691F3CC317}] => (Allow) C:\GarenaDownload\Games\fo3vn\fo3vnInstaller.exe
FirewallRules: [{A5931D3F-79FB-4B64-BE38-7FC763CE3A87}] => (Allow) C:\GarenaDownload\Games\fo3vn\fo3vnInstaller.exe
FirewallRules: [{8C8F5386-65BA-46B8-BA22-70D6878C661F}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{D65BFBA2-B3A8-4E3C-9BEE-C0AA2EBDBBDD}] => (Allow) D:\GAMES\FIFA Online 2\GameData\Apps\FO3VN\fifazf.exe
FirewallRules: [{605F36CF-3EBC-42D6-9DA5-706E809993C1}] => (Allow) D:\GAMES\FIFA Online 2\GameData\Apps\FO3VN\fifazf.exe
FirewallRules: [TCP Query User{1F3DBD2D-2FA0-4AEF-BAA1-629717919371}E:\huy\coccoc\coccoc\browser\application\browser.exe] => (Block) E:\huy\coccoc\coccoc\browser\application\browser.exe
FirewallRules: [UDP Query User{80DAF584-5E93-4D03-A18E-A0232B0FE4CE}E:\huy\coccoc\coccoc\browser\application\browser.exe] => (Block) E:\huy\coccoc\coccoc\browser\application\browser.exe
FirewallRules: [{A8B8D9ED-5F87-4F9F-907D-19CC2706FEA4}] => (Allow) LPort=6954
FirewallRules: [{CBE95353-D238-4CCD-97DA-6E1941995EFB}] => (Allow) LPort=6954
FirewallRules: [{ED83EAE5-6AD7-41DE-BBAA-E515303CDACF}] => (Allow) D:\DUY\UNG DUNG\Steam\Steam.exe
FirewallRules: [{C5015ABC-F3CC-4B33-959B-1547D49CA769}] => (Allow) D:\DUY\UNG DUNG\Steam\Steam.exe
FirewallRules: [{82804736-AD6B-4525-A290-09721C6FEEE0}] => (Allow) D:\DUY\UNG DUNG\Steam\bin\steamwebhelper.exe
FirewallRules: [{2482A710-6D88-4BE6-AB41-C04F17B949EC}] => (Allow) D:\DUY\UNG DUNG\Steam\bin\steamwebhelper.exe
FirewallRules: [{43C6201E-70EE-4AC9-A22D-9B81B955EE8D}] => (Allow) E:\Huy\Window\Common7\IDE\devenv.exe
FirewallRules: [{01989F86-A1C3-4265-BDCB-70D324EB1BCD}] => (Allow) E:\Huy\Window\Common7\IDE\devenv.exe
FirewallRules: [{BB4CF169-9468-4D32-A8FB-8C97729A9E67}] => (Allow) E:\Huy\Window\Common7\IDE\devenv.exe
FirewallRules: [{19618185-C0F5-47A3-B06F-69EDCB002320}] => (Allow) E:\Huy\Window\Common7\IDE\devenv.exe
FirewallRules: [{89997FAC-CFB1-4108-AA0D-A4A18C0207F7}] => (Allow) E:\Huy\Window\Common7\IDE\devenv.exe
FirewallRules: [{5C86548E-5B35-4CAB-94A4-ADE9210D4562}] => (Allow) E:\Huy\Window\Common7\IDE\devenv.exe
FirewallRules: [{0831F118-E1EF-4E27-9CB1-EAA4BE1716BE}] => (Allow) E:\Huy\Window\Common7\IDE\devenv.exe
FirewallRules: [{D7E58B48-3CBB-4449-A79F-8F52BB3235D5}] => (Allow) LPort=6899
FirewallRules: [{D9A9BA0D-8705-46AA-9F6D-A7E956EE9F68}] => (Allow) LPort=6899
FirewallRules: [TCP Query User{47CE8E7A-41C6-44F4-A79A-6C15FA609E7F}D:\games\saint row\saints row gat out of hell\saintsrowgatoutofhell.exe] => (Allow) D:\games\saint row\saints row gat out of hell\saintsrowgatoutofhell.exe
FirewallRules: [UDP Query User{22AE930A-0C9E-4B9F-915D-6A1270991BF6}D:\games\saint row\saints row gat out of hell\saintsrowgatoutofhell.exe] => (Allow) D:\games\saint row\saints row gat out of hell\saintsrowgatoutofhell.exe
FirewallRules: [TCP Query User{2F145A6D-1E2D-4F75-AA46-5E4B18A0AB2A}D:\duy\games\freestyle 2\freestyle2.exe] => (Allow) D:\duy\games\freestyle 2\freestyle2.exe
FirewallRules: [UDP Query User{CC25EEC6-E30C-4DF6-BCB8-5C6E62C154D8}D:\duy\games\freestyle 2\freestyle2.exe] => (Allow) D:\duy\games\freestyle 2\freestyle2.exe
FirewallRules: [{562A47C8-C88B-4719-8B34-EBC8D8E20BA4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{79264E8B-4C91-40DB-930B-4697C8E88EFE}D:\duy\games\a story about my uncle\binaries\win32\asamu-win32-shipping.exe] => (Allow) D:\duy\games\a story about my uncle\binaries\win32\asamu-win32-shipping.exe
FirewallRules: [UDP Query User{4242ED5D-EF0C-47D1-8888-ED5D72013B4C}D:\duy\games\a story about my uncle\binaries\win32\asamu-win32-shipping.exe] => (Allow) D:\duy\games\a story about my uncle\binaries\win32\asamu-win32-shipping.exe
FirewallRules: [TCP Query User{672F78C0-6372-4EBB-A1EC-920FF1A586D7}D:\duy\games\enslaved odyssey to the west\enslaved odyssey to the west premium edition\binaries\win32\enslaved.exe] => (Allow) D:\duy\games\enslaved odyssey to the west\enslaved odyssey to the west premium edition\binaries\win32\enslaved.exe
FirewallRules: [UDP Query User{D92738E9-E644-4636-A7BA-798AE5FB9561}D:\duy\games\enslaved odyssey to the west\enslaved odyssey to the west premium edition\binaries\win32\enslaved.exe] => (Allow) D:\duy\games\enslaved odyssey to the west\enslaved odyssey to the west premium edition\binaries\win32\enslaved.exe
FirewallRules: [{96455DB1-D8A1-4BCC-BFB3-120F72B2C602}] => (Allow) D:\GAMES\Nba\nba2k14.exe
FirewallRules: [{9E3BAA05-7516-4205-89D7-B0FED0DFD054}] => (Allow) D:\GAMES\Nba\nba2k14.exe
FirewallRules: [TCP Query User{6058A088-0EF2-4FAB-ADCB-6EB020943080}D:\duy\games\ff\fifa 15\fifa15.exe] => (Allow) D:\duy\games\ff\fifa 15\fifa15.exe
FirewallRules: [UDP Query User{1C4E18FA-584F-432F-9C75-2E8B58419A0F}D:\duy\games\ff\fifa 15\fifa15.exe] => (Allow) D:\duy\games\ff\fifa 15\fifa15.exe
FirewallRules: [{7BF75CFE-DD7D-4AB1-829A-E4C0D7432906}] => (Allow) D:\DUY\GAMES\ff\Fifa 15\fifasetup\fifaconfig.exe
FirewallRules: [{D29A9112-8C1C-48EC-93E5-CCFB0C1D61DE}] => (Allow) D:\DUY\GAMES\ff\Fifa 15\fifasetup\fifaconfig.exe
FirewallRules: [TCP Query User{DA9167F6-B55A-4D53-8E12-083D7E899377}D:\duy\games\pes 2015\pro evolution soccer 2015\pes2015.exe] => (Allow) D:\duy\games\pes 2015\pro evolution soccer 2015\pes2015.exe
FirewallRules: [UDP Query User{20D15BEC-3414-4985-A124-F8B8F5363EC6}D:\duy\games\pes 2015\pro evolution soccer 2015\pes2015.exe] => (Allow) D:\duy\games\pes 2015\pro evolution soccer 2015\pes2015.exe
FirewallRules: [{5C9367C9-DAE2-4DE5-8D66-C25638B4E692}] => (Allow) D:\DUY\GAMES\GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{019F6295-ECBD-4CC4-83D5-619C6595275B}] => (Allow) D:\DUY\GAMES\GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{BD1F7B48-EE39-4DBC-AAF0-739D23938982}] => (Allow) D:\DUY\GAMES\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{04C10A31-01B8-4C12-9109-A2633A460A3C}] => (Allow) D:\DUY\GAMES\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [TCP Query User{C4603FEC-0659-4439-85CA-EF11CB06B6C4}D:\duy\games\new folder\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe] => (Allow) D:\duy\games\new folder\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe
FirewallRules: [UDP Query User{B873337C-B578-4BDE-A5C8-577D14852C8C}D:\duy\games\new folder\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe] => (Allow) D:\duy\games\new folder\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe
FirewallRules: [TCP Query User{FFC2471A-0786-4BCC-821C-80E987D2802F}D:\duy\games\new folder\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird_dx11.exe] => (Allow) D:\duy\games\new folder\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{47A9DD11-A9D7-4EC8-9EB8-20D2DABCDF41}D:\duy\games\new folder\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird_dx11.exe] => (Allow) D:\duy\games\new folder\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{2D60B970-439E-4343-A85E-EEB7031B81F1}D:\duy\games\saint row the third\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe] => (Allow) D:\duy\games\saint row the third\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe
FirewallRules: [UDP Query User{92D1C6AE-EFB0-4943-84F7-2FE72C43433E}D:\duy\games\saint row the third\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe] => (Allow) D:\duy\games\saint row the third\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe
FirewallRules: [TCP Query User{1E47D8B5-F4DA-4CED-8DBF-AFFC56B41E53}D:\duy\games\saint row the third\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe] => (Allow) D:\duy\games\saint row the third\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe
FirewallRules: [UDP Query User{F2E028C9-D2F9-451C-B0D2-9E26F2C6FDD8}D:\duy\games\saint row the third\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe] => (Allow) D:\duy\games\saint row the third\saints_row_the_third_complet_ edition\saints row the third\saintsrowthethird.exe
FirewallRules: [{DE37B04A-F20B-451E-A4FA-CF592275FD56}] => (Allow) C:\GarenaDownload\Games\fo3vn\fo3vnInstaller.exe
FirewallRules: [{5AABDEEA-4785-4804-ACCF-973F16C57707}] => (Allow) C:\GarenaDownload\Games\fo3vn\fo3vnInstaller.exe
FirewallRules: [{D17E8E04-DFC0-4E8B-B9ED-A1ED3BCFCC02}] => (Allow) D:\GAMES\FFO3\GameData\Apps\FO3VN\fifazf.exe
FirewallRules: [{ACFB9CD0-E0AD-445C-BFE0-B24EAA9C4500}] => (Allow) D:\GAMES\FFO3\GameData\Apps\FO3VN\fifazf.exe
FirewallRules: [TCP Query User{387C97CC-E0BF-49B2-8688-8032AA11ADFE}D:\duy\games\vua bong ro\freestyle2.exe] => (Block) D:\duy\games\vua bong ro\freestyle2.exe
FirewallRules: [UDP Query User{58279D5A-4ADB-4E39-B017-A25B65ACF8F0}D:\duy\games\vua bong ro\freestyle2.exe] => (Block) D:\duy\games\vua bong ro\freestyle2.exe
FirewallRules: [{B75E9445-5DA5-4D52-B6E0-0B92D177A55F}] => (Allow) LPort=6922
FirewallRules: [{9A9B5F1E-2556-4252-BEDE-13537BBA98C0}] => (Allow) LPort=6922
FirewallRules: [{8E89C32E-E9E5-4DEE-AB70-4CD97955FC55}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{35D8595F-13E2-49A2-838A-4B19E75A85B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{549D84BC-1A65-45CA-947F-64318E2077FE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FCCDAF5B-8364-48A4-AC64-745D63C69B9B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3092E4E2-FC69-487A-B8D3-1FE8EB50FBA2}] => (Allow) LPort=6983
FirewallRules: [{E4441467-E7D2-436A-87F5-3C5DAE228275}] => (Allow) LPort=6983
FirewallRules: [TCP Query User{B0D7CD03-F38E-4EA9-B76E-7713EB90F150}D:\duy\games\vua bong ro\freestyle2.exe] => (Allow) D:\duy\games\vua bong ro\freestyle2.exe
FirewallRules: [UDP Query User{5B89E1C2-8645-4B01-98BB-48381CF6DDA9}D:\duy\games\vua bong ro\freestyle2.exe] => (Allow) D:\duy\games\vua bong ro\freestyle2.exe
FirewallRules: [TCP Query User{1A772BF5-AC28-4D91-90DF-0B40CE961F8F}D:\duy\games\dolphin\dolphin-x64\dolphin.exe] => (Block) D:\duy\games\dolphin\dolphin-x64\dolphin.exe
FirewallRules: [UDP Query User{74A6B18F-0FFB-400D-BCFB-9C9E4ECFDB8F}D:\duy\games\dolphin\dolphin-x64\dolphin.exe] => (Block) D:\duy\games\dolphin\dolphin-x64\dolphin.exe
FirewallRules: [{8B2FE785-38AF-42BB-9A55-D4D5420B9B6A}] => (Allow) LPort=6986
FirewallRules: [{EE0A2598-EF1E-4F24-A523-2BE574F668A3}] => (Allow) LPort=6986
FirewallRules: [{D6AE37F6-D74B-4A46-A156-003DA049F552}] => (Allow) LPort=6884
FirewallRules: [{F3AB7CA3-A175-4530-A1C1-1017CC1A2E92}] => (Allow) LPort=6884
FirewallRules: [{0B80E42F-4744-4652-B9B5-240D4F52266F}] => (Allow) LPort=6894
FirewallRules: [{7DF891FB-38D3-4FE1-9DC0-6B18C0C1981F}] => (Allow) LPort=6894
FirewallRules: [{AB3ED8B2-92E7-4955-AC4C-2E0BBF95457D}] => (Allow) LPort=6996
FirewallRules: [{8AE48795-F28E-4CD7-BBE1-29F41F0BEC07}] => (Allow) LPort=6996
FirewallRules: [{A5020A80-8AC5-4C95-9945-4414C423BB5B}] => (Allow) LPort=6911
FirewallRules: [{B782E08F-30F1-40E1-9A79-233A908466BC}] => (Allow) LPort=6911
FirewallRules: [{C517CCAA-70DC-4FA8-91E5-21A2DD8D86E8}] => (Allow) LPort=6990
FirewallRules: [{8339BF42-5776-4ABF-81FE-3D3E1EB3C21B}] => (Allow) LPort=6990
FirewallRules: [{B187801E-C98C-43D9-A643-B7F5608F7913}] => (Allow) LPort=6938
FirewallRules: [{ACB592E2-973B-420D-B999-4928089B2D65}] => (Allow) LPort=6938
FirewallRules: [{863F7DDB-DA55-46C9-A083-34ADE7EBB1A9}] => (Allow) LPort=6942
FirewallRules: [{27923769-8263-4071-BC25-62605DD32430}] => (Allow) LPort=6942
FirewallRules: [{16C15A01-EC36-4E85-BB3B-1CB42E18E965}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe
FirewallRules: [{719957B0-5F30-4A15-A7D5-1F6AA95FF4A9}] => (Allow) LPort=6916
FirewallRules: [{9EE83A47-8354-4A2C-BAB2-893C29141339}] => (Allow) LPort=6916
FirewallRules: [{E5E57F95-5480-49F6-B798-286EEF356709}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\lol.exe
FirewallRules: [{E4B08530-851E-409E-AE1A-52C0CC893B75}] => (Allow) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\lol.exe
FirewallRules: [{013A6986-D870-4FB6-B951-D9684B123C91}] => (Allow) LPort=8393
FirewallRules: [{3E1845EB-2369-4F4A-B52A-09882E19EE00}] => (Allow) LPort=8393
FirewallRules: [{DC3B4B49-075C-404B-A8D2-0D80E7A606C1}] => (Allow) LPort=8390
FirewallRules: [{0E6BF34F-50BF-4381-B565-669FA515D5F1}] => (Allow) LPort=8390

 

[Troubling]

==================== Faulty Device Manager Devices =============

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2015 11:59:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2015 06:41:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2015 02:46:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2015 08:49:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/08/2015 06:14:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/08/2015 10:12:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: YouCam.exe, version: 5.0.909.17551, time stamp: 0x4e69f98e
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58
Exception code: 0xc0000005
Fault offset: 0x0002e39e
Faulting process id: 0xce0
Faulting application start time: 0xYouCam.exe0
Faulting application path: YouCam.exe1
Faulting module path: YouCam.exe2
Report Id: YouCam.exe3

Error: (09/08/2015 10:11:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2015 08:17:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2015 05:55:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2015 10:41:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/10/2015 12:08:47 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/10/2015 12:08:47 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/10/2015 12:08:47 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/10/2015 12:08:47 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/10/2015 12:08:47 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/10/2015 12:08:47 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/10/2015 12:08:47 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/10/2015 12:08:47 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/10/2015 12:08:47 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/10/2015 12:08:47 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


Microsoft Office:
=========================
Error: (09/10/2015 11:59:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2015 06:41:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2015 02:46:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2015 08:49:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/08/2015 06:14:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/08/2015 10:12:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: YouCam.exe5.0.909.175514e69f98entdll.dll6.1.7601.175144ce7ba58c00000050002e39ece001d0e9e413f4c02fD:\DUY\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCam.exeC:\Windows\SysWOW64\ntdll.dll63c83a02-55d7-11e5-ba2b-685d43d1a3c5

Error: (09/08/2015 10:11:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2015 08:17:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2015 05:55:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2015 10:41:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity:
===================================
Date: 2015-03-26 14:58:42.409
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-26 14:58:21.554
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-26 14:58:00.709
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-26 14:57:39.611
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-23 20:06:13.659
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-23 20:05:52.637
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-13 06:36:49.059
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\nethfdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-13 06:36:25.956
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\nethfdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-13 06:29:32.137
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\nethfdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-13 06:29:11.389
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\nethfdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 67%
Total physical RAM: 3998.36 MB
Available physical RAM: 1310.06 MB
Total Virtual: 7994.91 MB
Available Virtual: 4860.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:13.9 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (CHUONG TRINH) (Fixed) (Total:205.08 GB) (Free:73.14 GB) NTFS
Drive e: (LUU TRU) (Fixed) (Total:211.85 GB) (Free:60.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FAC058BE)
Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=205.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=211.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[Troubling]

Fix result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by admin (2015-09-12 09:46:05) Run:1
Running from C:\Users\admin\Desktop
Loaded Profiles: admin & MSSQL$HUY (Available Profiles: admin & MSSQL$HUY)
Boot Mode: Normal
==============================================

fixlist content:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
Handler: bksa - {AFBCA127-FD48-4FF5-B523-0E0DB4B8C295} - C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [No File]
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: bkav.com.vn/BkavSiteAdvisorPlugin -> C:\Program Files (x86)\BkavHome\npBkavSiteAdvisorPlugin.dll No File
CHR HKLM-x32\...\Chrome\Extension: [pcnancbdijenfaameanloddnkbjhfaal] - C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavChrSiteAdvisor.crx <not found>
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
2015-06-29 13:35 - 2015-06-29 13:35 - 0000017 _____ () C:\Users\admin\AppData\Local\resmon.resmoncfg
C:\Users\admin\AppData\Local\Temp\dllnt_dump.dll
C:\Users\admin\AppData\Local\Temp\sqlite3.dll
Task: {E3482EE7-FEBC-4270-949D-74206E3B78DA} - \Superclean -> No File <==== ATTENTION
Task: {F155C81B-6271-49A4-9B23-6C62609C9CED} - \AutoKMS -> No File <==== ATTENTION

*****************

C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKCR\PROTOCOLS\Handler\bksa" => key removed successfully
HKCR\CLSID\{AFBCA127-FD48-4FF5-B523-0E0DB4B8C295} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2" => key removed successfully
"HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0" => key removed successfully
C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => not found.
"HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\MozillaPlugins\bkav.com.vn/BkavSiteAdvisorPlugin" => key removed successfully
C:\Program Files (x86)\BkavHome\npBkavSiteAdvisorPlugin.dll => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pcnancbdijenfaameanloddnkbjhfaal" => key removed successfully
gupdate => service removed successfully
gupdatem => service removed successfully
WinDefend => service removed successfully
EagleX64 => service removed successfully
C:\Users\admin\AppData\Local\resmon.resmoncfg => moved successfully
C:\Users\admin\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\admin\AppData\Local\Temp\sqlite3.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3482EE7-FEBC-4270-949D-74206E3B78DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3482EE7-FEBC-4270-949D-74206E3B78DA}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Superclean => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F155C81B-6271-49A4-9B23-6C62609C9CED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F155C81B-6271-49A4-9B23-6C62609C9CED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully


The system needed a reboot..

==== End of Fixlog 09:46:05 ====

 

[Troubling]

I doubt this will end soon . They are being persistent , its better than before but still happen sometime , the redirect doesn't happen every 5 second anymore .

 

[Broni]

If it's still happening...
Reset Chrome...
Click on "Customize and control Google Chrome":

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

• Close all Chrome windows and tabs.
• Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
• Click Programs and Features.
• Double-click Google Chrome.
• Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.

Install fresh copy.

Then last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[Troubling]

Farbar Service Scanner Version: 26-07-2015
Ran by admin (administrator) on 14-09-2015 at 12:14:47
Running from "C:\Users\admin\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


I can't download security check , link doens't work for me , and is that your true face broni ? You look so cool .

 

[Troubling]

It seems that I forgot to copy the log for 1 threat found by sophos , is that troublesome ? Also , ilivid stop visiting me . Done everything except the securitycheck .

 

[Broni]

It's my real face

Uploaded Security Check for you here: https://www.sendspace.com/file/pdmh98

FSS log shows couple of issues (missing system file and registry key).

Re-run FRST again.
Type the following in the edit box after "Search:".

MpSvc.dll

Click Search files button and post the log (Search.txt) it makes in your reply.

 

[Troubling]

Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by admin (2015-09-15 21:05:52)
Running from C:\Users\admin\Desktop
Boot Mode: Normal

================== Search Files: "MpSvc.dll" =============

C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll
[2009-07-14 06:54][2009-07-14 08:41] 1011712 ____A (Microsoft Corporation) CF318F60A84F15AF352439465A8D05F4 [File is digitally signed]

C:\Program Files\Microsoft Security Client\MpSvc.dll
[2015-01-30 03:17][2015-01-30 03:17] 1728592 ____A (Microsoft Corporation) 5541459937380505ADE8DD490B0F0B55 [File is digitally signed]

====== End of Search ======



Results of screen317's Security Check version 1.008
Windows 7 Service Pack 1 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 16
Java(TM) SE Development Kit 6 Update 16
Visual Studio Extensions for Windows Library for JavaScript
Java version 32-bit out of Date!
Adobe Flash Player 11.5.502.110 Flash Player out of Date!
Google Chrome (43.0.2357.124)
Google Chrome (43.0.2357.81)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbam.exe
UNG DUNG avast Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 28% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Thank you ! I like cool old people

 

[Broni]

I'm not THAT old...haha...

We'll run fix using FRST....

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Re-run FSS and post fresh log.

 

[Troubling]

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by admin (2015-09-16 12:03:31) Run:2
Running from C:\Users\admin\Desktop
Loaded Profiles: admin & MSSQL$HUY (Available Profiles: admin & MSSQL$HUY)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Replace: C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll C:\Program Files\Windows Defender\MpSvc.dll
*****************

"C:\Program Files\Windows Defender\MpSvc.dll" => not found
Could not replace C:\Program Files\Windows Defender\MpSvc.dll

==== End of Fixlog 12:03:31 ====


Farbar Service Scanner Version: 26-07-2015
Ran by admin (administrator) on 16-09-2015 at 12:04:12
Running from "C:\Users\admin\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Well you kinda look like my grandfather so I just assume , he was 87 years old or something so you must have been 60 or so . If you are just 40 then your country work it people way too hard

 

[Broni]

Replacement didn't work.
Possibly Windows Defender folder is missing.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box and paste it into the main textfield:

:folderfind
Windows Defender

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
• Note: The log can also be found on your Desktop entitled SystemLook.txt