Solved Sound coming out of nowhere

[Troubling]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by admin (administrator) on ADMIN-PC on 19-03-2015 10:34:25
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available profiles: admin & MSSQL$HUY)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bkav Corporation) C:\Program Files (x86)\BkavHome\BkavHomeUpdateService.exe
(Bkav Corporation) C:\Windows\SysWOW64\BkavService.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(AV Security Software) C:\Windows\mlwps.exe
() D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe
(CANON INC.) C:\Windows\System32\CNAB3RPD.EXE
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe
() D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Users\admin\AppData\Roaming\SpeedTray\speedtray.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Update\1.3.39.13\CocCocCrashHandler.exe
(CyberLink Corp.) D:\DUY\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Users\admin\AppData\Local\GC\runner.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Dolphin Deals\bin\utilDolphinDeals.exe
(Irismedia) C:\Program Files (x86)\hosts\hosts-bg.exe
() C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BrowserAdapter.exe
() C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BrowserAdapter64.exe
() C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BOASHelper.exe
() C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.expext.exe
() C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.PurBrowse64.exe
() C:\Program Files (x86)\Dolphin Deals\updateDolphinDeals.exe
() C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BOASPRT.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Google Inc.) C:\Users\admin\AppData\Local\GC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\GC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\GC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\GC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\GC\Chrome-bin\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2057000 2010-02-18] (Synaptics Incorporated)
HKLM\...\Run: [Chew7Hale] => C:\Windows\System32\hale.exe [2169856 2012-11-07] ()
HKLM-x32\...\Run: [YouCam Service] => D:\DUY\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-10-16] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BkavHome] => C:\Program Files (x86)\BkavHome\BkavHome.exe [2435584 2015-01-14] (Bkav Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [UniKey] => C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe [316928 2009-11-02] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\admin\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [GarenaPlus] => D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe [9981528 2015-01-20] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [CocCoc Update] => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [141528 2015-01-30] (Itim Technologies Co., Ltd.)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [Microsoft Application Manager] => C:\Users\admin\AppData\Roaming\Microsoft\ApplicationManager\mst.exe [193536 2014-03-26] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [SpeedTray] => C:\Users\admin\AppData\Roaming\SpeedTray\speedtray.exe [725518 2014-12-24] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [COOL] => wscript.exe //B "C:\Users\admin\AppData\Roaming\COOL.vbs"
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe [351904 2012-11-09] (Adobe Systems Incorporated)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COOL.vbs ()
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP3000 Status Window.lnk
ShortcutTarget: Canon LBP3000 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB3LAD.EXE (CANON INC.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3818046159-3689817371-2580797029-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3818046159-3689817371-2580797029-1000] => 127.0.0.1:8118
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 0x00
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 0x00
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 0x00
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 0x00
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {01bd49d7-c76b-4310-8beb-14d7e5f322c6} URL = http://search.easylifeapp.com/?q={s...c=ie2&r=2013/04/07&hid=4113113638&lg=EN&cc=VN
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchesplace.info...013/08/08&hid=4113113638&lg=EN&cc=VN&unqvl=30
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://start.mysearchdial.com/resul...FtCtAyBzytN1L1CzutCyD1B1P1R&cr=1042115618&ir=
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> {01bd49d7-c76b-4310-8beb-14d7e5f322c6} URL = http://search.easylifeapp.com/?q={s...c=ie2&r=2013/04/07&hid=4113113638&lg=EN&cc=VN
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://start.mysearchdial.com/resul...FtCtAyBzytN1L1CzutCyD1B1P1R&cr=1042115618&ir=
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B8B9685D43D1A3C2&affID=120695&tsp=5023
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
BHO: hosts -> {11111111-1111-1111-1111-110311531182} -> C:\Program Files (x86)\hosts\hosts-bho64.dll [2013-10-02] (Irismedia)
BHO: TrustMediaViewerV1alpha2724 -> {6b9694c1-2bda-43e2-94d3-dbd1b01b1c99} -> C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2724\ie\TrustMediaViewerV1alpha2724x64.dll [2014-06-26] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-04-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-04-04] (Oracle Corporation)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: SearchNewTab -> {0727E909-6CCD-BC6E-1AF5-766629DFA1FC} -> C:\ProgramData\SearchNewTab\Pt.dll [2012-08-08] ()
BHO-x32: hosts -> {11111111-1111-1111-1111-110311531182} -> C:\Program Files (x86)\hosts\hosts-bho.dll [2013-10-02] (Irismedia)
BHO-x32: Dolphin Deals 1.0.0.7 -> {15a4ce1e-d288-4d04-85bf-907170010a7a} -> C:\Program Files (x86)\Dolphin Deals\DolphinDealsbho.dll [2015-02-04] (Dolphin Deals)
BHO-x32: BkavSiteAdvisorEngine Class -> {2876549C-1023-4AA0-82FF-8ED7112D5269} -> C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll [2014-04-03] (Bkav Corporation)
BHO-x32: Media View -> {292a9c09-66a9-4123-85ac-222c4687b7c2} -> C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha45\ie\MediaViewV1alpha45.dll [2014-02-26] ()
BHO-x32: SearchNewTab -> {52277627-029D-B628-0018-88DEBE87176F} -> C:\ProgramData\SearchNewTab\51cebe6cefb8f.dll [2013-06-29] ()
BHO-x32: soaofEE saave -> {5BA25F6F-43EA-885B-D7E1-7AF775B28E35} -> C:\ProgramData\soaofEE saave\51cebe6178ebd.dll [2013-06-29] ()
BHO-x32: Trust Media Viewer -> {6b9694c1-2bda-43e2-94d3-dbd1b01b1c99} -> C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2724\ie\TrustMediaViewerV1alpha2724.dll [2014-06-26] ()
BHO-x32: BetterSurf -> {6E3C6B04-08FE-43BC-8E50-F90285024DEA} -> C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll [2013-11-13] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: Better-Surf -> {8271B5D6-76D3-4ABF-AEB3-1721161C76BC} -> C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll [2013-11-25] ()
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> E:\Huy\Window\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation)
BHO-x32: Video Player -> {8c5f32e4-6041-4971-ac87-682ed8142443} -> C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta640\ie\VideoPlayerV3beta640.dll [2014-01-08] ()
BHO-x32: Rich Media View -> {8fd55b40-fa85-4da7-97e3-9bc4f1e19a26} -> C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release961\ie\RichMediaViewV1release961.dll [2014-05-13] ()
BHO-x32: BryOOwsee2ssavoe -> {901CD782-0464-2CCD-80DE-74253A767314} -> C:\ProgramData\BryOOwsee2ssavoe\515edbe4c903b.dll [2013-04-05] ()
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Media View -> {90d9818b-8fc1-4d4b-88e7-2074b23c0bbf} -> C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3170\ie\MediaViewV1alpha3170.dll [2014-02-27] ()
BHO-x32: SearchNewTab -> {973AEBF9-6677-0B1D-805B-461A6610469C} -> C:\ProgramData\SearchNewTab\51cec9d0d6a16.dll [2013-06-29] ()
BHO-x32: Media Player -> {98646bc7-0aff-4397-9c82-4a19e39c12f6} -> C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha335\ie\MediaPlayerV1alpha335.dll [2014-01-28] ()
BHO-x32: Media Buzz -> {9a88259d-0ed6-487f-9c13-7226acf25a0f} -> C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5557\ie\MediaBuzzV1mode5557.dll [2014-04-24] ()
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Rich Media View -> {c70985eb-33b8-45cf-9570-853fdb4d4808} -> C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release4398\ie\RichMediaViewV1release4398.dll [2014-05-14] ()
BHO-x32: soaofEE saave -> {C764A995-9013-3BFD-B070-846E6F0BC454} -> C:\ProgramData\soaofEE saave\51cebdc3b8850.dll [2013-06-29] ()
BHO-x32: Media Watch -> {c83b83bb-248b-47e2-a6ae-b8bbf940ae49} -> C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home412\ie\MediaWatchV1home412.dll [2014-03-20] ()
BHO-x32: saveenshhaire -> {CD2AAB10-6B84-A81F-DF0D-6A1CAF6FF7AD} -> C:\ProgramData\saveenshhaire\rti6l.dll [2013-08-08] ()
BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll [2015-02-06] (Jelbrus)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: SearchNewTab -> {DFBE860F-A916-B5F6-D027-E353DA36659C} -> C:\ProgramData\SearchNewTab\51cebe3424822.dll [2013-06-29] ()
BHO-x32: mysearchdial Helper Object -> {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll No File
BHO-x32: Media Viewer -> {f9c04e97-8374-4c84-a242-0f918e4b4726} -> C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha680\ie\MediaViewerV1alpha680.dll [2014-02-23] ()
Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll No File
Handler-x32: bksa - {AFBCA127-FD48-4FF5-B523-0E0DB4B8C295} - C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll [2014-04-03] (Bkav Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27] (Skype Technologies S.A.)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D0ED8A5C-3945-4A08-9E15-4394A60F2552}: [NameServer] 208.67.222.222,208.67.220.220

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll [2012-11-09] ()
FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\Windows\system32\npDeployJava1.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll [2012-11-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> D:\DUY\GAMES\HaG\Heroes & Generals\live\npretoxlive.dll No File
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-11-04] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @t.garena.com/garenatalk -> D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-21] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: xyzgl-plugin@xyz-soft.com -> C:\Program Files (x86)\Fairy Tail 3D\npxyzgl.dll No File
FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff
FF Extension: BetterSurf - C:\Program Files (x86)\BetterSurf\ff [2013-11-15]
FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
FF Extension: Better-Surf - C:\Program Files (x86)\Better-Surf\ff [2013-11-25]
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta640.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta640\ff
FF Extension: Video Player - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta640\ff [2014-01-10]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha335.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha335\ff
FF Extension: Media Player - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha335\ff [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewerV1alpha680.net] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha680\ff
FF Extension: Media Viewer - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha680\ff [2014-02-24]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha45.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha45\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha45\ff [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha3170.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3170\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3170\ff [2014-03-16]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home412.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home412\ff
FF Extension: Media Watch - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home412\ff [2014-03-23]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaBuzzV1mode5557.net] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5557\ff
FF Extension: Media Buzz - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5557\ff [2014-04-26]
FF HKLM-x32\...\Firefox\Extensions: [ext@RichMediaViewV1release4398.net] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release4398\ff
FF Extension: Rich Media View - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release4398\ff [2014-05-14]
FF HKLM-x32\...\Firefox\Extensions: [ext@TrustMediaViewerV1alpha2724.net] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2724\ff
FF Extension: Trust Media Viewer - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2724\ff [2014-06-29]
FF HKLM-x32\...\Firefox\Extensions: [bkavsiteadvisor@bkav.com.vn] - C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox
FF Extension: Bkav SiteAdvisor - C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox [2014-09-17]
FF HKLM-x32\...\Firefox\Extensions: [ext@RichMediaViewV1release961.net] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release961\ff
FF Extension: Rich Media View - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release961\ff [2014-10-26]

 

[Troubling]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSearchURL: Default -> http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-16]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-03]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-03]
CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-03]
CHR Extension: (BetterSurf) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap [2013-11-15]
CHR Extension: (Media Buzz) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbipenidhbblafeghlnhomhbbekegeg [2014-04-26]
CHR Extension: (Rich Media View) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgbjpmmapeeebfocedgchboelhicjob [2014-10-26]
CHR Extension: (Media View) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjoipheamlalaopalfkdlpddibaammfd [2014-02-28]
CHR Extension: (Video Player) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaiamlebimfmojfhilaghbgljofblde [2014-01-10]
CHR Extension: (hkelgkihphkegiaagbcgglfidabmgkgp) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkelgkihphkegiaagbcgglfidabmgkgp [2014-10-19]
CHR Extension: (Dolphin Deals) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihihlmpikoblhkjbcpgafnleneppnfjd [2015-02-04]
CHR Extension: (Trust Media Viewer) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigbpcijgnghlbbckmblheliiphbcphn [2014-06-29]
CHR Extension: (Media Viewer) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbpdghncgldndhlnkfhgnofiokhefpoe [2014-02-24]
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (Rich Media View) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojmcblgmjhopempjhnhlohgbhhbaeapn [2014-05-14]
CHR Extension: (Bkav SiteAdvisor) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcnancbdijenfaameanloddnkbjhfaal [2015-03-13]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-03]
CHR Extension: (BetterSrf) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco [2013-11-25]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\admin\AppData\Local\mysearchdial-speeddial.crx [Not Found]
CHR HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\admin\AppData\Local\mysearchdial-speeddial.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [fhbipenidhbblafeghlnhomhbbekegeg] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5557\ch\MediaBuzzV1mode5557.crx [2014-04-24]
CHR HKLM-x32\...\Chrome\Extension: [fhgbjpmmapeeebfocedgchboelhicjob] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release961\ch\RichMediaViewV1release961.crx [2014-05-13]
CHR HKLM-x32\...\Chrome\Extension: [gjoipheamlalaopalfkdlpddibaammfd] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha45\ch\MediaViewV1alpha45.crx [2014-02-26]
CHR HKLM-x32\...\Chrome\Extension: [hjaiamlebimfmojfhilaghbgljofblde] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta640\ch\VideoPlayerV3beta640.crx [2014-01-08]
CHR HKLM-x32\...\Chrome\Extension: [iigbpcijgnghlbbckmblheliiphbcphn] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2724\ch\TrustMediaViewerV1alpha2724.crx [2014-06-26]
CHR HKLM-x32\...\Chrome\Extension: [kidaajcdcjnibldmcnniccdjphlpmbim] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home412\ch\MediaWatchV1home412.crx [2014-03-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-09-27]
CHR HKLM-x32\...\Chrome\Extension: [mfgmhilhjkklfkcopoogicgkbpnocdoe] - C:\Program Files (x86)\Naver\NaverChromeToolbar\naver_chrome_toolbar_vn_win.crx [2012-09-05]
CHR HKLM-x32\...\Chrome\Extension: [nbpdghncgldndhlnkfhgnofiokhefpoe] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha680\ch\MediaViewerV1alpha680.crx [2014-02-23]
CHR HKLM-x32\...\Chrome\Extension: [ojmcblgmjhopempjhnhlohgbhhbaeapn] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release4398\ch\RichMediaViewV1release4398.crx [2014-05-14]
CHR HKLM-x32\...\Chrome\Extension: [pcnancbdijenfaameanloddnkbjhfaal] - C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavChrSiteAdvisor.crx [2014-09-17]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\admin\AppData\Local\mysearchdial-speeddial.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pjhppeglijpjoiggbdhkcncpginnbnjo] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3170\ch\MediaViewV1alpha3170.crx [2014-02-27]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2013-11-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BkavHomeUpdateService; C:\Program Files (x86)\BkavHome\BkavHomeUpdateService.exe [1593344 2014-07-01] (Bkav Corporation) [File not signed]
R2 BkavService; C:\Windows\SysWOW64\BkavService.exe [291616 2014-07-01] (Bkav Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-08-16] (Cherished Technololgy LIMITED) [File not signed]
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-03-03] (Elex do Brasil Participações Ltda)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-21] (Intel Corporation)
R2 Live Malware Protection; C:\Windows\mlwps.exe [239104 2015-02-15] (AV Security Software) [File not signed] <==== ATTENTION
S2 MSSQL$HUY; E:\Huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 PrivoxyService; C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe [443202 2015-02-06] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
R3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2012-11-07] (Microsoft Corporation) [File not signed]
S4 SQLAgent$HUY; E:\Huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 Update Dolphin Deals; C:\Program Files (x86)\Dolphin Deals\updateDolphinDeals.exe [417064 2015-03-19] ()
R2 Util Dolphin Deals; C:\Program Files (x86)\Dolphin Deals\bin\utilDolphinDeals.exe [417064 2015-03-19] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [426160 2015-03-05] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
S2 HiPatchService; No ImagePath
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2015-03-03] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2015-03-03] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2015-03-03] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [42152 2015-03-03] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [93352 2015-03-03] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-02-15] (Elex do Brasil Participações Ltda)
R1 ISODrive; D:\DUY\UNG DUNG\UltraISO\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-10-25] (Anchorfree Inc.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-10-11] (Oracle Corporation)
S3 VSPerfDrv110; E:\Huy\Window\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
R1 {0b3befeb-e7d9-4648-a054-011aee951126}w64; C:\Windows\System32\drivers\{0b3befeb-e7d9-4648-a054-011aee951126}w64.sys [48840 2015-02-23] (StdLib)
R1 {17d7b7ef-d2d8-45f1-a2f2-2dea72852c07}w64; C:\Windows\System32\drivers\{17d7b7ef-d2d8-45f1-a2f2-2dea72852c07}w64.sys [48840 2015-02-05] (StdLib)
R1 {1bcac693-c506-4a13-8921-e885a8cb1d13}w64; C:\Windows\System32\drivers\{1bcac693-c506-4a13-8921-e885a8cb1d13}w64.sys [48840 2015-02-14] (StdLib)
R1 {2be54678-5f85-4937-975c-484112311e65}Gw64; C:\Windows\System32\drivers\{2be54678-5f85-4937-975c-484112311e65}Gw64.sys [48840 2015-02-03] (StdLib)
R1 {3c3ae2b4-4a36-40c4-a356-ffc1820b7ece}Gw64; C:\Windows\System32\drivers\{3c3ae2b4-4a36-40c4-a356-ffc1820b7ece}Gw64.sys [48824 2014-10-15] (StdLib)
R1 {3f837d36-3981-45f1-9497-67565ae84508}w64; C:\Windows\System32\drivers\{3f837d36-3981-45f1-9497-67565ae84508}w64.sys [48840 2015-03-13] (StdLib)
R1 {702bbd8f-e6dd-42a8-a995-6b431927d55e}w64; C:\Windows\System32\drivers\{702bbd8f-e6dd-42a8-a995-6b431927d55e}w64.sys [48840 2015-02-17] (StdLib)
R1 {95e63078-c8de-4514-94f6-859d098ae58c}w64; C:\Windows\System32\drivers\{95e63078-c8de-4514-94f6-859d098ae58c}w64.sys [48840 2015-02-20] (StdLib)
R1 {a524bf90-f804-4c41-b422-cc15288e85ca}w64; C:\Windows\System32\drivers\{a524bf90-f804-4c41-b422-cc15288e85ca}w64.sys [48840 2015-03-07] (StdLib)
R1 {a60ec2d2-55d8-408b-9b84-24e0bd56daf6}w64; C:\Windows\System32\drivers\{a60ec2d2-55d8-408b-9b84-24e0bd56daf6}w64.sys [48840 2015-02-26] (StdLib)
R1 {c4a7b09f-59a5-4aec-aa79-4922d6416b82}w64; C:\Windows\System32\drivers\{c4a7b09f-59a5-4aec-aa79-4922d6416b82}w64.sys [48840 2015-02-11] (StdLib)
R1 {cfcde8f5-41ca-4db2-b65e-84981eec55ca}w64; C:\Windows\System32\drivers\{cfcde8f5-41ca-4db2-b65e-84981eec55ca}w64.sys [48840 2015-02-08] (StdLib)
R1 {e189778b-c832-454e-b504-3be6620f674d}w64; C:\Windows\System32\drivers\{e189778b-c832-454e-b504-3be6620f674d}w64.sys [48840 2015-03-01] (StdLib)
R1 {e3ccc45b-550f-41ef-9f66-bf8e591166fe}w64; C:\Windows\System32\drivers\{e3ccc45b-550f-41ef-9f66-bf8e591166fe}w64.sys [48840 2015-03-17] (StdLib)
R1 {f40be314-6146-47fc-bd32-c76c91cbfb49}w64; C:\Windows\System32\drivers\{f40be314-6146-47fc-bd32-c76c91cbfb49}w64.sys [48840 2015-03-11] (StdLib)
R1 {fedcd8ab-e575-437f-b8ab-0f7bb23dd158}w64; C:\Windows\System32\drivers\{fedcd8ab-e575-437f-b8ab-0f7bb23dd158}w64.sys [48840 2015-03-04] (StdLib)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S0 BkavAuto; \SystemRoot\System32\Drivers\BkavAuto.sys [X]
S3 cxasbt; \??\D:\DUY\GAMES\AvatarStarVN\avital\cxbtf64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\D:\GAMES\LienMinhHuyenThoai\GameData\Room\safedrv.sys [X]
R4 nethfdrv; \??\C:\Windows\system32\drivers\nethfdrv.sys [X]
S1 pfnfd_1_10_0_9; system32\drivers\pfnfd_1_10_0_9.sys [X]
S3 RSUSBVSTOR; System32\Drivers\RtsUVStor.sys [X]
S1 SysLib; \SystemRoot\System32\Drivers\SysLib.sys [X]
S1 SysLib0; \SystemRoot\System32\Drivers\SysLib0.sys [X]
S1 SysLib1; \SystemRoot\System32\Drivers\SysLib1.sys [X]
S1 SysLib2; \SystemRoot\System32\Drivers\SysLib2.sys [X]
S1 SysLib3; \SystemRoot\System32\Drivers\SysLib3.sys [X]
S1 SysLib4; \SystemRoot\System32\Drivers\SysLib4.sys [X]
S1 SysLib5; \SystemRoot\System32\Drivers\SysLib5.sys [X]
S1 SysLib6; \SystemRoot\System32\Drivers\SysLib6.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 10:34 - 2015-03-19 10:35 - 00040111 _____ () C:\Users\admin\Desktop\FRST.txt
2015-03-19 10:33 - 2015-03-19 10:34 - 00000000 ____D () C:\FRST
2015-03-19 10:32 - 2015-03-19 10:32 - 02095616 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2015-03-19 09:05 - 2015-03-19 09:05 - 00000056 _____ () C:\Windows\setupact.log
2015-03-19 09:05 - 2015-03-19 09:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-17 17:40 - 2015-03-17 03:11 - 00048840 _____ (StdLib) C:\Windows\system32\Drivers\{e3ccc45b-550f-41ef-9f66-bf8e591166fe}w64.sys
2015-03-16 17:01 - 2015-03-16 17:01 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-03-16 17:01 - 2010-05-07 09:42 - 00245280 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys
2015-03-14 21:13 - 2015-03-14 21:13 - 00000769 _____ () C:\Users\admin\Desktop\Dynomite!™ Deluxe.lnk
2015-03-14 12:48 - 2015-03-13 21:08 - 00048840 _____ (StdLib) C:\Windows\system32\Drivers\{3f837d36-3981-45f1-9497-67565ae84508}w64.sys
2015-03-13 19:07 - 2014-11-14 21:15 - 00023752 _____ (360安全中心) C:\Windows\SysWOW64\Drivers\efimon.sys
2015-03-13 19:05 - 2015-03-13 19:05 - 00000000 __SHD () C:\ProgramData\360Quarant
2015-03-13 19:05 - 2015-03-13 19:05 - 00000000 __SHD () C:\$360Section
2015-03-12 18:00 - 2015-03-14 21:11 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-03-12 17:56 - 2015-03-14 21:10 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-12 17:56 - 2015-03-13 22:51 - 00000000 ____D () C:\Program Files (x86)\360
2015-03-12 17:55 - 2015-03-12 18:00 - 03874920 _____ () C:\Users\admin\Downloads\DynomiteSetup-en [1].exe
2015-03-12 10:00 - 2015-03-12 10:00 - 00003054 _____ () C:\Windows\System32\Tasks\{947472E8-A5D0-4F35-93FF-E7BD403CCB40}
2015-03-12 09:42 - 2015-03-12 09:42 - 00000000 ____D () C:\Users\admin\AppData\Roaming\JAM Software
2015-03-11 20:05 - 2015-03-11 03:07 - 00048840 _____ (StdLib) C:\Windows\system32\Drivers\{f40be314-6146-47fc-bd32-c76c91cbfb49}w64.sys
2015-03-08 18:16 - 2015-03-08 18:16 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Tencent
2015-03-08 11:16 - 2015-03-07 20:07 - 00048840 _____ (StdLib) C:\Windows\system32\Drivers\{a524bf90-f804-4c41-b422-cc15288e85ca}w64.sys
2015-03-06 10:17 - 2015-03-06 10:17 - 00000000 ____D () C:\ProgramData\Microsoft Visual Studio
2015-03-06 09:39 - 2015-03-06 10:16 - 00000000 ____D () C:\Users\admin\Documents\Visual Studio 2012
2015-03-06 09:36 - 2015-03-06 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-06 09:36 - 2015-03-06 09:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-06 09:35 - 2015-03-06 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
2015-03-06 09:35 - 2015-03-06 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
2015-03-06 09:34 - 2015-03-06 09:34 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
2015-03-06 09:34 - 2015-03-06 09:34 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2015-03-06 09:34 - 2015-03-06 09:34 - 00000000 ____D () C:\Program Files\Application Verifier
2015-03-06 09:34 - 2015-03-06 09:34 - 00000000 ____D () C:\Program Files (x86)\Application Verifier
2015-03-06 09:33 - 2015-03-06 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-03-06 09:32 - 2015-03-06 09:32 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions
2015-03-06 09:30 - 2015-03-06 09:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-03-06 09:30 - 2015-03-06 09:30 - 00002059 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
2015-03-06 09:30 - 2015-03-06 09:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools
2015-03-06 09:29 - 2015-03-06 09:29 - 00000000 ____D () C:\Program Files\IIS Express
2015-03-06 09:29 - 2015-03-06 09:29 - 00000000 ____D () C:\Program Files (x86)\NuGet
2015-03-06 09:29 - 2015-03-06 09:29 - 00000000 ____D () C:\Program Files (x86)\IIS Express
2015-03-06 09:28 - 2015-03-06 09:28 - 00000000 ____D () C:\Program Files\IIS
2015-03-06 09:28 - 2015-03-06 09:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft WCF Data Services
2015-03-06 09:28 - 2015-03-06 09:28 - 00000000 ____D () C:\Program Files (x86)\IIS
2015-03-06 09:26 - 2015-03-06 09:26 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2015-03-06 09:20 - 2015-03-06 09:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
2015-03-06 09:20 - 2015-03-06 09:20 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop
2015-03-06 09:12 - 2015-03-06 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
2015-03-06 09:12 - 2015-03-06 09:12 - 00000000 ____D () C:\Windows\symbols
2015-03-06 09:12 - 2015-03-06 09:12 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 11.0
2015-03-05 16:59 - 2015-03-05 16:59 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Elex-tech
2015-03-05 16:59 - 2015-03-05 16:59 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2015-03-05 16:59 - 2015-03-03 17:41 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2015-03-05 16:59 - 2015-02-15 15:37 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2015-03-05 08:50 - 2015-03-04 14:06 - 00048840 _____ (StdLib) C:\Windows\system32\Drivers\{fedcd8ab-e575-437f-b8ab-0f7bb23dd158}w64.sys
2015-03-03 11:58 - 2015-03-03 11:58 - 00000000 ____D () C:\Users\admin\AppData\Roaming\WinRAR
2015-03-02 12:57 - 2015-03-01 21:07 - 00048840 _____ (StdLib) C:\Windows\system32\Drivers\{e189778b-c832-454e-b504-3be6620f674d}w64.sys
2015-02-28 21:59 - 2015-02-28 21:53 - 15071148 _____ () C:\Users\admin\Documents\Capture_20150228.mp4
2015-02-27 08:39 - 2015-02-26 15:06 - 00048840 _____ (StdLib) C:\Windows\system32\Drivers\{a60ec2d2-55d8-408b-9b84-24e0bd56daf6}w64.sys
2015-02-24 14:09 - 2015-02-23 22:08 - 00048840 _____ (StdLib) C:\Windows\system32\Drivers\{0b3befeb-e7d9-4648-a054-011aee951126}w64.sys
2015-02-21 10:01 - 2015-02-20 16:29 - 00048840 _____ (StdLib) C:\Windows\system32\Drivers\{95e63078-c8de-4514-94f6-859d098ae58c}w64.sys
2015-02-19 20:02 - 2015-02-19 20:02 - 00000000 ____D () C:\Users\admin\AppData\Roaming\xim
2015-02-19 14:02 - 2015-03-05 16:18 - 00000000 ____D () C:\Users\admin\AppData\Roaming\WinZipper
2015-02-18 17:50 - 2015-03-08 18:19 - 00000000 ____D () C:\Users\admin\AppData\Roaming\VNG
2015-02-18 01:42 - 2015-02-17 10:34 - 00048840 _____ (StdLib) C:\Windows\system32\Drivers\{702bbd8f-e6dd-42a8-a995-6b431927d55e}w64.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 10:33 - 2014-04-02 18:57 - 00000364 _____ () C:\Windows\Tasks\updater.job
2015-03-19 10:32 - 2012-11-07 08:44 - 01443257 _____ () C:\Windows\WindowsUpdate.log
2015-03-19 10:28 - 2015-01-30 07:23 - 00001002 _____ () C:\Windows\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000UA.job
2015-03-19 10:26 - 2009-07-14 11:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-19 10:26 - 2009-07-14 11:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-19 10:19 - 2012-12-03 01:35 - 00000984 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-19 10:11 - 2015-02-04 19:17 - 00000000 ____D () C:\Program Files (x86)\Dolphin Deals
2015-03-19 10:10 - 2014-01-01 15:17 - 00000292 _____ () C:\Windows\Tasks\MySearchDial.job
2015-03-19 09:58 - 2013-08-11 20:56 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps
2015-03-19 09:55 - 2014-09-17 23:22 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Backup
2015-03-19 09:40 - 2012-11-09 17:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-19 09:38 - 2015-02-06 22:41 - 00003278 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task
2015-03-19 09:19 - 2012-12-03 01:35 - 00000980 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-19 09:11 - 2012-11-07 11:46 - 00000000 ____D () C:\Users\admin\AppData\Roaming\GarenaPlus
2015-03-19 09:11 - 2012-11-07 11:46 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2015-03-19 09:11 - 2009-07-14 09:34 - 00000580 _____ () C:\Windows\win.ini
2015-03-19 09:09 - 2012-11-08 10:22 - 00003484 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-03-19 09:08 - 2014-12-08 17:57 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2015-03-19 09:06 - 2014-12-06 21:07 - 00003508 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_admin
2015-03-19 09:05 - 2013-10-03 07:46 - 00000364 _____ () C:\Windows\Tasks\AmiUpdXp.job
2015-03-19 09:05 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-18 22:38 - 2014-08-17 22:38 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2015-03-18 18:41 - 2009-07-14 12:13 - 00908038 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-16 20:31 - 2013-07-14 21:43 - 00000000 ____D () C:\Users\admin\Documents\Youcam
2015-03-16 18:46 - 2013-08-07 22:25 - 00000014 _____ () C:\Windows\popcinfo.dat
2015-03-16 17:02 - 2012-11-07 08:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-14 21:39 - 2014-01-25 08:20 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-14 21:13 - 2013-02-09 11:55 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-03-14 21:10 - 2009-07-14 12:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-12 10:18 - 2012-11-07 08:39 - 00000000 ____D () C:\Users\admin
2015-03-12 10:17 - 2013-07-18 16:44 - 00000000 ____D () C:\Users\admin\Documents\My Games
2015-03-10 23:23 - 2014-01-30 21:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-10 18:29 - 2013-06-25 20:52 - 00002384 _____ () C:\Users\admin\Desktop\Cốc Cốc.lnk
2015-03-06 10:07 - 2012-11-07 08:41 - 00142704 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-06 10:05 - 2009-07-14 11:45 - 00538440 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-06 09:36 - 2014-10-08 09:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2015-03-06 09:34 - 2012-11-07 08:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-03-06 09:32 - 2009-07-14 12:32 - 00000000 ____D () C:\Program Files\MSBuild
2015-03-06 09:23 - 2014-10-08 08:13 - 00000000 ____D () C:\Windows\SysWOW64\1033
2015-03-06 09:20 - 2009-07-14 12:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-03-06 09:15 - 2009-07-14 10:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-06 09:12 - 2014-10-08 08:13 - 00000000 ____D () C:\Windows\system32\1033
2015-03-06 09:12 - 2013-03-23 10:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-23 00:15 - 2014-11-08 16:10 - 00000000 ____D () C:\Users\admin\AppData\Local\Skyrim
2015-02-18 07:28 - 2015-01-30 07:23 - 00000950 _____ () C:\Windows\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000Core.job

==================== Files in the root of some directories =======

2014-10-16 18:40 - 2013-09-24 01:43 - 0098222 ___SH () C:\Users\admin\AppData\Roaming\COOL.vbs
2012-11-27 00:24 - 2014-01-31 10:30 - 0014336 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-10 14:34 - 2014-02-10 14:34 - 0064116 _____ () C:\Users\admin\AppData\Local\rational_state.log
2014-04-18 10:41 - 2014-04-18 10:41 - 0002556 _____ () C:\Users\admin\AppData\Local\recently-used.xbel
2014-01-25 07:41 - 2014-01-25 07:41 - 0000017 _____ () C:\Users\admin\AppData\Local\resmon.resmoncfg
2013-09-05 17:51 - 2013-09-05 17:51 - 0048402 ___SH () C:\Users\admin\AppData\Local\ws_updater.exe
2012-11-07 11:45 - 2012-11-07 11:45 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-11 11:07

==================== End Of Log ============================

 

[Troubling]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by admin at 2015-03-19 10:35:32
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{C05A4975-B08D-26FA-C153-D6BBFF579705}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
BkavHome Free Edition (HKLM-x32\...\BkavHome) (Version: - )
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION
Canon LBP3000 (HKLM\...\Canon LBP3000) (Version: - )
Castlevania: Lords of Shadow 2 (HKLM-x32\...\Q2FzdGxldmFuaWFMb3Jkc29mU2hhZG93Mg==_is1) (Version: 1 - )
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
ccTalk (HKLM-x32\...\{F768F6BA-F164-4599-BC26-DCCFC2F71983}_is1) (Version: 4.0.2 - ccTalk)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
C-Free 4 Professional (HKLM-x32\...\C-Free 4_is1) (Version: - Program Arts)
Cốc Cốc (HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\CocCocBrowser) (Version: 40.0.2214.121 - Đơn vị chủ quản Cốc Cốc)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.)
Dolphin Deals (HKLM\...\Dolphin Deals) (Version: 2015.02.04.092429 - Dolphin Deals) <==== ATTENTION
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Dynomite Deluxe (HKLM-x32\...\Dynomite Deluxe) (Version: - )
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
Eusing Free Registry Cleaner (HKLM-x32\...\Eusing Free Registry Cleaner) (Version: - Eusing Software)
Fighter Factory Classic (HKLM-x32\...\VirtuallTek Fighter Factory Classic_is1) (Version: 1.2.0.2010 - VirtuallTek Systems)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
GC (HKLM-x32\...\GC) (Version: - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.26.7 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
hosts (HKLM-x32\...\hosts) (Version: 1.28.153.3 - Irismedia) <==== ATTENTION
IBM Rational Rose Enterprise Edition (HKLM-x32\...\{22D66ACE-E0A1-482E-B797-0A6A377D3E91}) (Version: 7.0.0.0 - Rational Software)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{54EB8041-1115-4406-AA4B-44D236E84B3B}) (Version: 15.01.1000.0927 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 4 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170040}) (Version: 1.7.0.40 - Oracle)
Java(TM) 6 Update 16 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 7 Update 4 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417004FF}) (Version: 7.0.40 - Oracle)
Java(TM) SE Development Kit 6 Update 16 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160160}) (Version: 1.6.0.160 - Sun Microsystems, Inc.)
JavaFX 2.1.0 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-210648764D10}) (Version: 2.1.0 - Oracle Corporation)
JavaFX 2.1.0 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-210648764D10}) (Version: 2.1.0 - Oracle Corporation)
K-Lite Codec Pack 8.1.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.1.0 - )
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden
Media Buzz (HKLM-x32\...\MediaBuzzV1mode5557) (Version: 1.1 - Media Buzz) <==== ATTENTION
Media Player (HKLM-x32\...\MediaPlayerV1alpha335) (Version: 1.1 - Media Player) <==== ATTENTION
Media View (HKLM-x32\...\MediaViewV1alpha3170) (Version: 1.1 - Media View) <==== ATTENTION
Media View (HKLM-x32\...\MediaViewV1alpha45) (Version: 1.1 - Media View) <==== ATTENTION
Media Viewer (HKLM-x32\...\MediaViewerV1alpha680) (Version: 1.1 - Media Viewer) <==== ATTENTION
Media Watch (HKLM-x32\...\MediaWatchV1home412) (Version: 1.1 - Media Watch) <==== ATTENTION
Metal Gear Rising: Revengeance (HKLM-x32\...\Metal Gear Rising: Revengeance_is1) (Version: - )
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31125 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{ae17ae9b-af38-40d2-a194-6102c56ed502}) (Version: 11.0.50727.26 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Mozilla Firefox 25.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0 (x86 en-US)) (Version: 25.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0 - Mozilla)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst_is1) (Version: - Namco Bandai Games)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Paint XP version 1.2 (HKLM-x32\...\{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1) (Version: 1.2 - MSPAINTXP.COM)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
PhotoZoom Professional 1.2.8 (HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\PhotoZoom Professional) (Version: 1.2.8 - BenVista Ltd)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30118 - Realtek Semiconductor Corp.)
RESIDENT EVIL 5 (HKLM-x32\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
Resident Evil 6 version 5.1 (HKLM-x32\...\{0BC95CC8-CFE7-4C60-9DBF-258443C3C6C6}_is1) (Version: 5.1 - Black_Box)
Resident Evil Revelations (HKLM-x32\...\Resident Evil Revelations_is1) (Version: - Capcom)
Rich Media View (HKLM-x32\...\RichMediaViewV1release4398) (Version: 1.1 - Rich Media View) <==== ATTENTION
Rich Media View (HKLM-x32\...\RichMediaViewV1release961) (Version: 1.1 - Rich Media View) <==== ATTENTION
SafeSaver 1.74 (HKLM-x32\...\SP_f5d3e0aa) (Version: - ) <==== ATTENTION
saveenshhaire (HKLM-x32\...\{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}) (Version: 4.0.0.1253 - saaveNashare) <==== ATTENTION
SaveShare 1.74 (HKLM-x32\...\SP_703c874a) (Version: - )
Search Assistant WebSearch 1.74 (HKLM-x32\...\SP_4e24eecb) (Version: - ) <==== ATTENTION
SearchNewTab (HKLM-x32\...\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}) (Version: 3.0.0.1547 - SearchNewTab) <==== ATTENTION
Skype Toolbars (HKLM-x32\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4126 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) <==== ATTENTION
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Star Wars Jedi Knight Jedi Academy (HKLM-x32\...\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}) (Version: - )
Star Wars Republic Commando (HKLM-x32\...\Star Wars Republic Commando_is1) (Version: - )
Street Fighter X Tekken (x32 Version: 1.0.0004.130 - CAPCOM U.S.A., INC) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.9.0 - Synaptics Incorporated)
Teenage Mutant Ninja Turtles: Out of the Shadows (HKLM-x32\...\Teenage Mutant Ninja Turtles: Out of the Shadows_is1) (Version: 1.0 - Activision)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.5.0.77 - KMP Media co., Ltd)
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\The Witcher 2 - Assassins of Kings Enhanced Edition_is1) (Version: - GOG.com)
TreeSize Free V3.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3 - JAM Software)
Trust Media Viewer (HKLM-x32\...\TrustMediaViewerV1alpha2724) (Version: 1.1 - Trust Media Viewer) <==== ATTENTION
UltraISO Premium V9.33 (HKLM-x32\...\UltraISO_is1) (Version: - )
Unity Web Player (HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Video Player (HKLM-x32\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version: - webssearches) <==== ATTENTION
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WindowsMangerProtect20.0.0.1277 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1277 - WindowsProtect LIMITED) <==== ATTENTION
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZipper (HKLM-x32\...\WinZipper) (Version: 1.5.90 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XSplit Broadcaster (HKLM-x32\...\{3678DA80-4221-457A-A7AB-F94264807883}) (Version: 1.3.1310.1103 - SplitMediaLabs)
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
真・三國無双６ with 猛将伝 (HKLM-x32\...\InstallShield_{A804968F-4F32-4E02-98B2-5864EEB42903}) (Version: 1.00.0000 - TecmoKoei)
真・三國無双６ with 猛将伝 (x32 Version: 1.00.0000 - TecmoKoei) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000_Classes\CLSID\{5F63E8CB-8F57-490A-97FE-62BC2F2A5EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> No File Path

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2015-01-14 22:40 - 00000865 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 .psf
0.0.0.0 psf


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02125155-7DC8-4E26-9111-2B8936FDAE90} - System32\Tasks\{F749A93F-D823-4F5E-B664-7F9CB7C6799A} => D:\GAMES\***\Assassin's Creed IV Black Flag\AC4BFSP.exe
Task: {1177659E-4A61-4FA1-8FE1-50DD2A0F8AB8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-09] (Adobe Systems Incorporated)
Task: {128C0034-721C-4284-AA8F-6A9095D873F0} - System32\Tasks\UP_Scheduler => %LOCALAPPDATA%\GC\updater.exe <==== ATTENTION
Task: {1906FB2B-28E1-47E1-9E19-8034A1D6C581} - System32\Tasks\Escolade => C:\Users\admin\AppData\Roaming\iPumper\Updater.exe <==== ATTENTION
Task: {1B99842E-C275-4AE2-94F0-A81E2ACA5886} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2015-02-15] (Jelbrus) <==== ATTENTION
Task: {21073F1B-8B5E-4498-9837-45288B58B39C} - System32\Tasks\{947472E8-A5D0-4F35-93FF-E7BD403CCB40} => pcalua.exe -a E:\Huy\Originals\Uninstall.exe
Task: {34E1F3E8-2744-42E2-9F8D-F06EAC27A6AC} - System32\Tasks\{CA9F35EC-2E48-4ABC-AEC1-11B29843986A} => pcalua.exe -a "E:\Huy\Originals\PhotoZoom Professional Setup.exe" -d E:\Huy\Originals
Task: {37C445E6-35FA-4842-AD15-8DBCE118EE6D} - System32\Tasks\{E0FBBA98-E6F5-46B3-B365-F16C237A6636} => Chrome.exe http://ui.skype.com/ui/0/6.1.0.129.272/vi/abandoninstall?page=tsProgressBar
Task: {388A179F-8E20-48DB-846F-B0ED40B41749} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {395A3A50-DF1A-491A-9590-76B3591210A3} - System32\Tasks\{6578B33F-BE5C-40E3-8EB4-F017B59D7DCF} => pcalua.exe -a "D:\GAMES\SWCMR\Star Wars Republic Commando [CHK88]\Republic Commando [CHK88]\[PC-Full]-SW-Republic.Commando.exe" -d "D:\GAMES\SWCMR\Star Wars Republic Commando [CHK88]\Republic Commando [CHK88]"
Task: {4617E916-92E8-473D-8720-2A35DF2439F5} - System32\Tasks\{67659D67-741B-43E0-9D5B-E630A49031FF} => pcalua.exe -a D:\GAMES\SWJK\JediAcademy.exe -d D:\GAMES\SWJK
Task: {4714EB89-347E-4D10-8063-A7344FD3C2C9} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GC\Runner.exe <==== ATTENTION
Task: {4CB57C85-CB3A-4327-AC9F-DD029510D476} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-08-16] () <==== ATTENTION
Task: {4FB0E6AE-831A-4E3B-A068-3DAAD92E6D6B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-14] (Google Inc.)
Task: {630370E6-1242-4BC1-85B9-585132029F6D} - System32\Tasks\Updater35382.exe => C:\Users\admin\AppData\Local\Updater35382\Updater35382.exe [2013-10-02] (Irismedia) <==== ATTENTION
Task: {64175F55-9699-4C99-80F6-2DE28494B856} - System32\Tasks\AmiUpdXp => C:\Users\admin\AppData\Local\23474\Updater.exe <==== ATTENTION
Task: {6C3FCA5B-37AE-4E46-942E-A31E8B9416B1} - System32\Tasks\updater => Rundll32.exe "C:\Users\admin\AppData\Roaming\Updater\updater_task.dll",schedule_task
Task: {6DC301DC-5106-46EF-831F-6B5460D92D2F} - System32\Tasks\MySearchDial => C:\Users\admin\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {76DBC42B-88A3-4D89-B3AE-C9CBA33FC6BD} - System32\Tasks\DoctorPC_Popup => C:\Program Files (x86)\Doctor PC\Splash.exe
Task: {8041E7FA-BBC6-43F8-9E56-4F7ABCBE678D} - System32\Tasks\{9A49B636-3FD2-41DA-8332-19A9F882F665} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {8728697D-A8B8-4B94-BB3B-548DCA65ECE3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8B5BCFCB-DE58-47B0-ACA9-AD518FD2C21B} - System32\Tasks\{0D66A9C9-3137-43D8-9A9D-E4D394146DE5} => pcalua.exe -a "D:\DUY\GAMES\Zing speed\2S-setup-110.exe" -d "D:\DUY\GAMES\Zing speed"
Task: {903FC5DF-58C0-44DC-8928-FD9B62911EBA} - System32\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000UA => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [2015-01-30] (Itim Technologies Co., Ltd.)
Task: {9CEABCC5-8B28-4E71-9F03-DF6BA349099F} - System32\Tasks\mcleaner => C:\Users\admin\AppData\Roaming\2145.tmp.exe <==== ATTENTION
Task: {A198B052-E6ED-45FE-88CA-CB4F1B3949E2} - System32\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000Core => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [2015-01-30] (Itim Technologies Co., Ltd.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {B8820E18-028F-46AD-A13E-4CD572070045} - System32\Tasks\{87CAB124-17DE-4292-9BC4-7777ADEBDFCC} => Firefox.exe http://ui.skype.com/ui/0/6.0.0.126/vi/abandoninstall?page=tsProgressBar
Task: {BD004E3C-CAC0-4D2F-BBD1-52C839B243AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-14] (Google Inc.)
Task: {DA255089-7810-409D-95B3-4ADAA0422A80} - System32\Tasks\{75323A41-E23B-480A-8EF4-9F8E63FB6719} => pcalua.exe -a "E:\Huy\Rational Rose\IBM.Rational.Rose.Enterprise.v7.0_Blog.HanhTrinhTuoiTre.Com\setup.exe" -d "E:\Huy\Rational Rose\IBM.Rational.Rose.Enterprise.v7.0_Blog.HanhTrinhTuoiTre.Com"
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {ED6D91B2-734A-47F3-B38C-3FB321EF299C} - System32\Tasks\gg_uac_daemon_admin => D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe [2015-01-20] ()
Task: {EF2397D0-6706-4C2D-A48B-626A88F0FC7E} - System32\Tasks\{503E338D-E662-45EC-8A2F-AD3C2880012F} => pcalua.exe -a D:\GAMES\SWJK\autorun.exe -d D:\GAMES\SWJK
Task: {F155C81B-6271-49A4-9B23-6C62609C9CED} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-11-08] ()
Task: {F2C596F2-F9E7-4E1C-BD63-7CB3F81A4071} - System32\Tasks\DoctorPC_Start => C:\Program Files (x86)\Doctor PC\DoctorPC.exe
Task: {F7975478-5CCD-4EA6-821F-5215613B4445} - System32\Tasks\{34BF06CC-4E30-4900-BD2E-832C2B1159D3} => pcalua.exe -a G:\OriginInstaller.exe -d G:\
Task: {FDD88101-8283-4EDB-AD70-3D2A03F6521E} - System32\Tasks\{3D6FE28C-B230-42D9-962E-44564AC9A66F} => pcalua.exe -a C:\Users\admin\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=irs <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\admin\AppData\Local\23474\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000Core.job => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe
Task: C:\Windows\Tasks\CocCocUpdateTaskUserS-1-5-21-3818046159-3689817371-2580797029-1000UA.job => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\admin\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\updater.job => C:\Windows\SysWOW64\rundll32.exeHC:\Users\admin\AppData\Roaming\Updater\updater_task.dll

 

[Troubling]

==================== Loaded Modules (whitelisted) ==============

2012-11-07 10:27 - 2009-11-02 01:13 - 00296960 _____ () C:\UniKey 4.0 RC2 Win64\UKHook40.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-07-12 19:13 - 2015-01-20 19:20 - 00055896 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe
2012-11-07 09:55 - 2012-03-19 15:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-07 10:27 - 2009-11-02 01:13 - 00316928 _____ () C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe
2013-06-29 11:53 - 2015-01-20 19:20 - 09981528 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe
2014-12-12 22:40 - 2014-12-24 22:40 - 00725518 _____ () C:\Users\admin\AppData\Roaming\SpeedTray\speedtray.exe
2014-06-10 21:56 - 2014-06-10 21:56 - 00443904 _____ () C:\Users\admin\AppData\Local\GC\Runner.exe
2012-03-05 04:43 - 2012-03-05 04:43 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-12-13 16:10 - 2011-12-13 16:10 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-02-04 19:26 - 2015-03-19 09:11 - 00417064 _____ () C:\Program Files (x86)\Dolphin Deals\bin\utilDolphinDeals.exe
2015-02-04 19:35 - 2015-03-19 04:53 - 00105768 _____ () C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BrowserAdapter.exe
2015-02-04 19:35 - 2015-03-19 04:53 - 00123176 _____ () C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BrowserAdapter64.exe
2015-02-05 09:12 - 2015-03-17 22:06 - 01649960 _____ () C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BOASHelper.exe
2015-02-04 19:28 - 2015-03-18 13:01 - 00101672 _____ () C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.expext.exe
2015-03-09 14:09 - 2015-03-18 19:00 - 00353576 _____ () C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.PurBrowse64.exe
2015-02-04 16:25 - 2015-03-19 09:15 - 00417064 _____ () C:\Program Files (x86)\Dolphin Deals\updateDolphinDeals.exe
2015-02-05 09:12 - 2015-03-17 22:06 - 01786664 _____ () C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BOASPRT.exe
2015-03-05 16:59 - 2015-03-03 17:37 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2015-03-05 16:59 - 2013-12-02 09:52 - 00176976 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll
2015-03-05 16:59 - 2013-12-11 20:12 - 00087744 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll
2014-12-08 17:57 - 2014-11-26 10:42 - 00612528 _____ () C:\Program Files (x86)\WinZipper\sqlite3.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00560216 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ggspawn.dll
2015-03-05 16:59 - 2015-03-03 17:37 - 00185672 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00111192 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\CommonLib.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00040024 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\DibModule.dll
2013-06-29 11:53 - 2015-03-09 10:35 - 00034752 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\VersionModule.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00057944 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\FileLoader.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00093784 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\PluginKernel.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00493656 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\CxImage.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00031832 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\PluginModule.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00177240 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\fs\YYFileSystem.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00380504 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\Http.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00191064 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\MP3Module.dll
2013-06-29 11:53 - 2012-02-22 15:52 - 00162304 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lame_enc.DLL
2012-10-31 11:44 - 2015-01-20 19:20 - 00226392 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\TaskManagerLib.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00112728 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\UILayout.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00964696 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\XLL.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00061528 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\XmlUIModule.dll
2013-06-29 11:53 - 2012-02-22 15:52 - 00573100 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\sqlite3.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00231000 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Plugins\StatsPlugin.dll
2012-11-01 12:15 - 2015-01-28 11:04 - 00962136 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Plugins\ggplugin.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00199256 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ImageModule.dll
2013-06-30 10:54 - 2015-01-20 19:20 - 00161880 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\libmpg123.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 02947672 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ggdownloader.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00072280 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\AudioMixerLib.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00023128 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\ClientTcp.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 01551960 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\FileSender.dll
2013-06-29 11:53 - 2013-02-01 12:42 - 00153088 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\libzmq.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00962648 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\GaFileTransfer.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00251480 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\MediaEngine.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00032856 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ServerMemAlloc.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00523352 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\RSALib.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00074840 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\UdtLib.dll
2014-06-10 21:55 - 2014-06-10 21:55 - 00341504 _____ () C:\Users\admin\AppData\Local\GC\Modules\WbSes.dll
2012-08-08 21:55 - 2012-08-08 21:55 - 00184320 _____ () C:\ProgramData\SearchNewTab\Pt.dll
2014-02-26 23:06 - 2014-02-26 23:06 - 00087040 _____ () C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha45\ie\MediaViewV1alpha45.dll
2013-06-29 17:58 - 2013-06-29 18:01 - 00118784 _____ () C:\ProgramData\SearchNewTab\51cebe6cefb8f.dll
2013-06-29 17:58 - 2013-06-29 18:00 - 00118784 _____ () C:\ProgramData\soaofEE saave\51cebe6178ebd.dll
2014-06-26 02:57 - 2014-06-26 02:57 - 00087552 _____ () C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2724\ie\TrustMediaViewerV1alpha2724.dll
2013-11-13 00:34 - 2013-11-13 00:34 - 00086016 _____ () C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll
2013-11-25 16:15 - 2013-11-25 16:15 - 00086016 _____ () C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll
2014-01-08 04:40 - 2014-01-08 04:40 - 00087040 _____ () C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta640\ie\VideoPlayerV3beta640.dll
2014-05-13 19:09 - 2014-05-13 19:09 - 00087552 _____ () C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release961\ie\RichMediaViewV1release961.dll
2013-04-05 21:13 - 2013-04-05 21:12 - 00118272 _____ () C:\ProgramData\BryOOwsee2ssavoe\515edbe4c903b.dll
2014-02-27 06:09 - 2014-02-27 06:09 - 00087040 _____ () C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3170\ie\MediaViewV1alpha3170.dll
2013-06-29 17:59 - 2013-06-29 18:49 - 00118784 _____ () C:\ProgramData\SearchNewTab\51cec9d0d6a16.dll
2014-01-28 22:57 - 2014-01-28 22:57 - 00087040 _____ () C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha335\ie\MediaPlayerV1alpha335.dll
2014-04-24 11:05 - 2014-04-24 11:05 - 00087040 _____ () C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5557\ie\MediaBuzzV1mode5557.dll
2014-05-14 03:14 - 2014-05-14 03:14 - 00087552 _____ () C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release4398\ie\RichMediaViewV1release4398.dll
2013-06-29 17:55 - 2013-06-29 17:58 - 00118784 _____ () C:\ProgramData\soaofEE saave\51cebdc3b8850.dll
2014-03-20 20:50 - 2014-03-20 20:50 - 00087040 _____ () C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home412\ie\MediaWatchV1home412.dll
2013-08-08 21:52 - 2013-08-08 21:52 - 00184320 _____ () C:\ProgramData\saveenshhaire\rti6l.dll
2013-06-29 17:57 - 2013-06-29 18:00 - 00118784 _____ () C:\ProgramData\SearchNewTab\51cebe3424822.dll
2014-02-23 18:10 - 2014-02-23 18:10 - 00087040 _____ () C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha680\ie\MediaViewerV1alpha680.dll
2015-02-04 19:28 - 2015-03-18 13:01 - 00081704 _____ () C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.expextdll.dll
2013-03-08 12:17 - 2013-03-08 12:17 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\avcodec-54.dll
2013-03-08 12:17 - 2013-03-08 12:17 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\avutil-52.dll
2013-03-08 12:17 - 2013-03-08 12:17 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\avformat-54.dll
2013-03-08 12:17 - 2013-03-08 12:17 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\swscale-2.dll
2013-03-08 12:17 - 2013-03-08 12:17 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\swresample-0.dll
2015-03-10 18:29 - 2015-03-08 12:10 - 01116824 _____ () C:\Users\admin\AppData\Local\CocCoc\Browser\Application\40.0.2214.121\libglesv2.dll
2015-03-10 18:29 - 2015-03-08 12:10 - 00210584 _____ () C:\Users\admin\AppData\Local\CocCoc\Browser\Application\40.0.2214.121\libegl.dll
2015-03-10 18:29 - 2015-03-08 12:10 - 09171096 _____ () C:\Users\admin\AppData\Local\CocCoc\Browser\Application\40.0.2214.121\pdf.dll
2015-03-10 18:29 - 2015-03-08 12:10 - 14965064 _____ () C:\Users\admin\AppData\Local\CocCoc\Browser\Application\40.0.2214.121\PepperFlash\pepflashplayer.dll
2014-03-28 14:12 - 2013-12-04 09:48 - 04055504 _____ () C:\Users\admin\AppData\Local\GC\Chrome-bin\31.0.1650.63\pdf.dll
2014-03-28 14:12 - 2013-12-04 09:48 - 00399312 _____ () C:\Users\admin\AppData\Local\GC\Chrome-bin\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2014-03-28 14:12 - 2013-12-04 09:47 - 01619408 _____ () C:\Users\admin\AppData\Local\GC\Chrome-bin\31.0.1650.63\ffmpegsumo.dll
2013-08-13 19:15 - 2013-08-13 19:15 - 00206336 _____ () C:\Users\admin\AppData\Local\Temp\{A48A1434-77EE-42B3-B238-C0D4E95A7C81}\{D8E2A1BA-D304-46E8-BC55-3C656E324A0C}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
2014-03-28 14:12 - 2013-12-04 09:48 - 13586896 _____ () C:\Users\admin\AppData\Local\GC\Chrome-bin\31.0.1650.63\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2C2F956A
AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMPPALR3 => 2
MSCONFIG\Services: BTHSSecurityMgr => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: PanService => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: ZeroConfigService => 2

==================== Accounts: =============================

admin (S-1-5-21-3818046159-3689817371-2580797029-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3818046159-3689817371-2580797029-500 - Administrator - Disabled)
Guest (S-1-5-21-3818046159-3689817371-2580797029-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3818046159-3689817371-2580797029-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: pfnfd_1_10_0_9
Description: pfnfd_1_10_0_9
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: pfnfd_1_10_0_9
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/19/2015 09:58:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
Faulting module name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
Exception code: 0xc0000005
Fault offset: 0x000131a5
Faulting process id: 0x12e0
Faulting application start time: 0xBkavHome.exe0
Faulting application path: BkavHome.exe1
Faulting module path: BkavHome.exe2
Report Id: BkavHome.exe3

Error: (03/19/2015 09:52:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BkavHome.exe version 1.0.0.6417 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12fc

Start Time: 01d061ef9b1021e5

Termination Time: 12

Application Path: C:\Program Files (x86)\BkavHome\BkavHome.exe

Report Id: f5b2a48e-cde2-11e4-b246-685d43d1a3c5

Error: (03/19/2015 09:21:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
Faulting module name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
Exception code: 0xc0000005
Fault offset: 0x000131a5
Faulting process id: 0x1424
Faulting application start time: 0xBkavHome.exe0
Faulting application path: BkavHome.exe1
Faulting module path: BkavHome.exe2
Report Id: BkavHome.exe3

Error: (03/19/2015 09:07:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/18/2015 06:43:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
Faulting module name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
Exception code: 0xc0000005
Fault offset: 0x000131a5
Faulting process id: 0x11b4
Faulting application start time: 0xBkavHome.exe0
Faulting application path: BkavHome.exe1
Faulting module path: BkavHome.exe2
Report Id: BkavHome.exe3

Error: (03/18/2015 06:39:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mlwps.exe, version: 1.0.8.0, time stamp: 0x54d4afb9
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58
Exception code: 0xc0000374
Fault offset: 0x000ce653
Faulting process id: 0x880
Faulting application start time: 0xmlwps.exe0
Faulting application path: mlwps.exe1
Faulting module path: mlwps.exe2
Report Id: mlwps.exe3

Error: (03/18/2015 06:38:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/18/2015 09:25:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
Faulting module name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
Exception code: 0xc0000005
Fault offset: 0x000131a5
Faulting process id: 0xe50
Faulting application start time: 0xBkavHome.exe0
Faulting application path: BkavHome.exe1
Faulting module path: BkavHome.exe2
Report Id: BkavHome.exe3

Error: (03/18/2015 09:21:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2015 07:16:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
Faulting module name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
Exception code: 0xc0000005
Fault offset: 0x000131a5
Faulting process id: 0x10b0
Faulting application start time: 0xBkavHome.exe0
Faulting application path: BkavHome.exe1
Faulting module path: BkavHome.exe2
Report Id: BkavHome.exe3


System errors:
=============
Error: (03/19/2015 10:34:37 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/19/2015 10:34:37 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/19/2015 10:34:37 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/19/2015 10:34:37 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/19/2015 10:34:37 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/19/2015 10:05:58 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/19/2015 10:05:58 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/19/2015 10:05:58 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/19/2015 10:05:58 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/19/2015 10:05:58 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


Microsoft Office Sessions:
=========================
Error: (03/19/2015 09:58:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BkavHome.exe1.0.0.641754b61b33BkavHome.exe1.0.0.641754b61b33c0000005000131a512e001d061efd268ba7bC:\Program Files (x86)\BkavHome\BkavHome.exeC:\Program Files (x86)\BkavHome\BkavHome.exec6ee3139-cde3-11e4-b246-685d43d1a3c5

Error: (03/19/2015 09:52:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: BkavHome.exe1.0.0.641712fc01d061ef9b1021e512C:\Program Files (x86)\BkavHome\BkavHome.exef5b2a48e-cde2-11e4-b246-685d43d1a3c5

Error: (03/19/2015 09:21:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BkavHome.exe1.0.0.641754b61b33BkavHome.exe1.0.0.641754b61b33c0000005000131a5142401d061eaa54ca582C:\Program Files (x86)\BkavHome\BkavHome.exeC:\Program Files (x86)\BkavHome\BkavHome.exe9999a64c-cdde-11e4-b246-685d43d1a3c5

Error: (03/19/2015 09:07:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/18/2015 06:43:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BkavHome.exe1.0.0.641754b61b33BkavHome.exe1.0.0.641754b61b33c0000005000131a511b401d0616ff926e95eC:\Program Files (x86)\BkavHome\BkavHome.exeC:\Program Files (x86)\BkavHome\BkavHome.exe0c11e32c-cd64-11e4-b51d-685d43d1a3c5

Error: (03/18/2015 06:39:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mlwps.exe1.0.8.054d4afb9ntdll.dll6.1.7601.175144ce7ba58c0000374000ce65388001d0616fcf659244C:\Windows\mlwps.exeC:\Windows\SysWOW64\ntdll.dll79151653-cd63-11e4-b51d-685d43d1a3c5

Error: (03/18/2015 06:38:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/18/2015 09:25:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BkavHome.exe1.0.0.641754b61b33BkavHome.exe1.0.0.641754b61b33c0000005000131a5e5001d061220d34b14eC:\Program Files (x86)\BkavHome\BkavHome.exeC:\Program Files (x86)\BkavHome\BkavHome.exe0e67bbe1-cd16-11e4-b6d3-685d43d1a3c5

Error: (03/18/2015 09:21:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2015 07:16:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BkavHome.exe1.0.0.641754b61b33BkavHome.exe1.0.0.641754b61b33c0000005000131a510b001d060ab524a022dC:\Program Files (x86)\BkavHome\BkavHome.exeC:\Program Files (x86)\BkavHome\BkavHome.exe76850020-cc9f-11e4-9fd0-685d43d1a3c5


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 62%
Total physical RAM: 3998.36 MB
Available physical RAM: 1515.95 MB
Total Pagefile: 7994.91 MB
Available Pagefile: 4885.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:12.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (CHUONG TRINH) (Fixed) (Total:205.08 GB) (Free:84.49 GB) NTFS
Drive e: (LUU TRU) (Fixed) (Total:211.85 GB) (Free:105.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FAC058BE)
Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=205.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=211.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

[Troubling]

This is my first time here so if I do something wrong please tell me

 

[Troubling]

That and some stupid popad just coming up constantly on some site which doesn't seem to happen before , and also sometime the page just change its destination to some website .

 

[Troubling]

And now its suddenly stop for some reason , like everything went away . But still I couldn't be too careful about this .

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

Your computer is very seriously infected.

Uninstall following unwanted programs (take your time and make sure you don't miss any since there is a lot to uninstall:

Buzzdock
Dolphin Deals
GC
hosts
Media Buzz
Media Player
Media View (TWO instances)
Media Viewer
Media Watch
Rich Media View
SafeSaver
saveenshhaire
SaveShare
Search Assistant WebSearch
SearchNewTab
Software Version
Trust Media Viewer
Video Player
webssearches uninstall
WindowsMangerProtect20.0.0.1277
WinZipper
YAC

Let me know if any of the above won't uninstall and then proceed with next steps....

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[Troubling]

Where is the clipboard exactly ? I can't copy it if I can't find it

 

[Troubling]

Hm why does the jrt.exe does nothing for me . I only have firewall and Bkavhome ( just a scan and delete which didn't do anything like protection ) so why doesn't it run . Anyway I'm going to post the log if all the question have been answer but now I have to go to school .

 

[Troubling]

Well here is all the logs I have

RogueKiller V10.5.5.0 [Mar 16 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : admin [Administrator]
Started from : C:\Users\admin\Desktop\RogueKiller.exe
Mode : Delete -- Date : 03/20/2015 09:57:01

¤¤¤ Processes : 10 ¤¤¤
[Suspicious.Path] PluginService.exe(1680) -- C:\ProgramData\IePluginServices\PluginService.exe[-] -> Killed [TermProc]
[Suspicious.Path] mlwps.exe(1448) -- C:\Windows\mlwps.exe[-] -> Killed [TermProc]
[Suspicious.Path] CocCocCrashHandler.exe(4716) -- C:\Users\admin\AppData\Local\CocCoc\Update\1.3.39.13\CocCocCrashHandler.exe[7] -> Killed [TermProc]
[Suspicious.Path] speedtray.exe(4732) -- C:\Users\admin\AppData\Roaming\SpeedTray\speedtray.exe[-] -> Killed [TermProc]
[Suspicious.Path] browser.exe(3096) -- C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe[7] -> Killed [TermProc]
[Suspicious.Path] browser.exe(4600) -- C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe[7] -> Killed [TermThr]
[Suspicious.Path] browser.exe(3268) -- C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe[7] -> Killed [TermThr]
[Suspicious.Path] browser.exe(4440) -- C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe[7] -> Killed [TermThr]
[Suspicious.Path] browser.exe(5104) -- C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe[7] -> Killed [TermThr]
[Suspicious.Path] browser.exe(5556) -- C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe[7] -> Killed [TermThr]

¤¤¤ Registry : 39 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844} (%LOCALAPPDATA%\Pokki\ocdeskband_0.dll) -> Not selected
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} (C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} (C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll) -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E3C6B04-08FE-43BC-8E50-F90285024DEA} -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | mobilegeni daemon : C:\Program Files (x86)\Mobogenie\DaemonProcess.exe -> Not selected
[PUP] (X64) HKEY_USERS\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Windows\CurrentVersion\Run | NextLive : C:\Windows\SysWOW64\rundll32.exe "C:\Users\admin\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Not selected
[PUP] (X86) HKEY_USERS\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Windows\CurrentVersion\Run | NextLive : C:\Windows\SysWOW64\rundll32.exe "C:\Users\admin\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IePluginServices (C:\ProgramData\IePluginServices\PluginService.exe -service) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Live Malware Protection (C:\Windows\mlwps.exe) -> Not selected
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MBAMScheduler ("E:\Huy\Malwarebytes Anti-Malware\mbamscheduler.exe") -> Not selected
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MBAMService ("E:\Huy\Malwarebytes Anti-Malware\mbamservice.exe") -> Not selected
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MBAMSwissArmy (\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys) -> Not selected
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MBAMWebAccessControl (\??\C:\Windows\system32\drivers\mwac.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IePluginServices (C:\ProgramData\IePluginServices\PluginService.exe -service) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Live Malware Protection (C:\Windows\mlwps.exe) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IePluginServices (C:\ProgramData\IePluginServices\PluginService.exe -service) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeKrnl (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeKrnlBoot (system32\DRIVERS\iSafeKrnlBoot.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeKrnlKit (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeKrnlR3 (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeNetFilter (system32\DRIVERS\iSafeNetFilter.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iSafeService (C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Live Malware Protection (C:\Windows\mlwps.exe) -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:8118 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:8118 -> Not selected
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://istart.webssearches.com/?type=hp&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD -> Not selected
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms} -> Not selected
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] 99f95ab09a9451390866e9a36792bb44
[BSP] 922cade1be87a028dea69f1dee342bc2 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_03202015_094706.log - RKreport_DEL_03202015_094733.log - RKreport_SCN_03202015_095656.log

Adware

# AdwCleaner v4.112 - Logfile created 20/03/2015 at 10:38:43
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : admin - ADMIN-PC
# Running from : C:\Users\admin\Desktop\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : iSafeKrnlMon
Service Deleted : Live Malware Protection

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\Browosse2save
Folder Deleted : C:\ProgramData\BryOOwsee2ssavoe
Folder Deleted : C:\ProgramData\saffe saoVe
Folder Deleted : C:\ProgramData\saveenshhaire
Folder Deleted : C:\ProgramData\soaofEE saave
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BryOOwsee2ssavoe
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\soaofEE saave
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MediaBuzzV1
Folder Deleted : C:\Program Files (x86)\MediaPlayerV1
Folder Deleted : C:\Program Files (x86)\MediaViewerV1
Folder Deleted : C:\Program Files (x86)\MediaViewV1
Folder Deleted : C:\Program Files (x86)\MediaWatchV1
Folder Deleted : C:\Program Files (x86)\RichMediaViewV1
Folder Deleted : C:\Program Files (x86)\VideoPlayerV3
Folder Deleted : C:\Program Files (x86)\WinZipper
Folder Deleted : C:\Program Files (x86)\STab
Folder Deleted : C:\Users\admin\AppData\Local\globalUpdate
Folder Deleted : C:\Users\admin\AppData\Local\Doctor_PC
Folder Deleted : C:\Users\admin\AppData\LocalLow\Browosse2save
Folder Deleted : C:\Users\admin\AppData\LocalLow\BryOOwsee2ssavoe
Folder Deleted : C:\Users\admin\AppData\LocalLow\saffe saoVe
Folder Deleted : C:\Users\admin\AppData\LocalLow\saveenshhaire
Folder Deleted : C:\Users\admin\AppData\LocalLow\soaofEE saave
Folder Deleted : C:\Users\admin\AppData\Roaming\Babylon
Folder Deleted : C:\Users\admin\AppData\Roaming\WinZipper
Folder Deleted : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\admin\daemonprocess.txt
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.sqeedolphindeals.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKCU\Software\9e8cd0bd3ee946
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99E29823-2F67-41C3-8AA5-6425097A771F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Escolade
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\V9
Key Deleted : HKCU\Software\DownLite
Key Deleted : HKCU\Software\SpeedTray
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\V9
Key Deleted : HKLM\SOFTWARE\winzipersvc
Key Deleted : HKLM\SOFTWARE\Better-Surf
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Google Chrome v41.0.2272.89

[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.easylifeapp.com/?q={searchTerms}&pid=625&src=ch2&r=2013/04/07&hid=4113113638&lg=EN&cc=VN
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B8B9685D43D1A3C2&affID=121631&tsp=4949
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.searchesplace.info/?l=1&q={searchTerms}&pid=799&r=2013/08/08&hid=4113113638&lg=EN&cc=VN&unqvl=30
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzyyEzy0D0AyD0EzytByDyBtN0D0Tzu0SyBtAtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1042115618&ir=
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzyyEzy0D0AyD0EzytByDyBtN0D0Tzu0SyBtAtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1042115618&ir=
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}

*************************

AdwCleaner[R0].txt - [10385 bytes] - [20/03/2015 10:37:24]
AdwCleaner[S0].txt - [11159 bytes] - [20/03/2015 10:38:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11219 bytes] ##########

 

[Troubling]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20/03/2015
Scan Time: 9:57:55 SA
Logfile: Savelog.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.19.10
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 455789
Time Elapsed: 24 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe, 2596, Delete-on-Reboot, [6ef8182f8307b680841c6d33ad566898]

Modules: 8
PUP.Optional.MultiPlug.A, C:\ProgramData\soaofEE saave\51cebe6178ebd.dll, Delete-on-Reboot, [d09660e7b2d872c4e3e11919ff02aa56],
Adware.BetterSurf, C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll, Delete-on-Reboot, [86e04dfab2d816203cf945272cd57987],
Adware.BetterSurf, C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll, Delete-on-Reboot, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
PUP.Optional.MultiPlug.A, C:\ProgramData\BryOOwsee2ssavoe\515edbe4c903b.dll, Delete-on-Reboot, [6df9e56285055ed8d6ee3101b1506898],
PUP.Optional.MultiPlug.A, C:\ProgramData\soaofEE saave\51cebdc3b8850.dll, Delete-on-Reboot, [baac0f38dbaff83ee3e11b1758a96e92],
PUP.Optional.BetterSurf.A, C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll, Delete-on-Reboot, [92d4cc7bccbeac8a0877ac785ca727d9],
PUP.Optional.BetterSurf.A, C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll, Delete-on-Reboot, [73f37ec9662439fd57f78c9c0df6e31d],
PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll, Delete-on-Reboot, [05613c0b6e1c84b280667ea2c83b05fb],

Registry Keys: 243
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5BA25F6F-43EA-885B-D7E1-7AF775B28E35}, Quarantined, [d09660e7b2d872c4e3e11919ff02aa56],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5BA25F6F-43EA-885B-D7E1-7AF775B28E35}, Quarantined, [d09660e7b2d872c4e3e11919ff02aa56],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5BA25F6F-43EA-885B-D7E1-7AF775B28E35}, Quarantined, [d09660e7b2d872c4e3e11919ff02aa56],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5BA25F6F-43EA-885B-D7E1-7AF775B28E35}, Quarantined, [d09660e7b2d872c4e3e11919ff02aa56],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5BA25F6F-43EA-885B-D7E1-7AF775B28E35}, Quarantined, [d09660e7b2d872c4e3e11919ff02aa56],
Adware.BetterSurf, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Quarantined, [86e04dfab2d816203cf945272cd57987],
Adware.BetterSurf, HKLM\SOFTWARE\CLASSES\TYPELIB\{0113A098-06EA-4776-A011-D75590778F1E}, Quarantined, [86e04dfab2d816203cf945272cd57987],
Adware.BetterSurf, HKLM\SOFTWARE\CLASSES\INTERFACE\{462862BE-9A5C-49A5-9CBD-A649EAC63645}, Quarantined, [86e04dfab2d816203cf945272cd57987],
Adware.BetterSurf, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{462862BE-9A5C-49A5-9CBD-A649EAC63645}, Quarantined, [86e04dfab2d816203cf945272cd57987],
Adware.BetterSurf, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{462862BE-9A5C-49A5-9CBD-A649EAC63645}, Quarantined, [86e04dfab2d816203cf945272cd57987],
Adware.BetterSurf, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{0113A098-06EA-4776-A011-D75590778F1E}, Quarantined, [86e04dfab2d816203cf945272cd57987],
Adware.BetterSurf, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{0113A098-06EA-4776-A011-D75590778F1E}, Quarantined, [86e04dfab2d816203cf945272cd57987],
Adware.BetterSurf, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Quarantined, [86e04dfab2d816203cf945272cd57987],
Adware.BetterSurf, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Quarantined, [86e04dfab2d816203cf945272cd57987],
Adware.BetterSurf, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Quarantined, [86e04dfab2d816203cf945272cd57987],
Adware.BetterSurf, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Quarantined, [86e04dfab2d816203cf945272cd57987],
Adware.BetterSurf, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
Adware.BetterSurf, HKLM\SOFTWARE\CLASSES\TYPELIB\{BEAA0C04-ED15-4C17-800B-28716025A4E4}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
Adware.BetterSurf, HKLM\SOFTWARE\CLASSES\INTERFACE\{65B07D06-95A1-409D-93FF-8CB14E1EC86A}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
Adware.BetterSurf, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{65B07D06-95A1-409D-93FF-8CB14E1EC86A}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
Adware.BetterSurf, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{65B07D06-95A1-409D-93FF-8CB14E1EC86A}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
Adware.BetterSurf, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{BEAA0C04-ED15-4C17-800B-28716025A4E4}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
Adware.BetterSurf, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{BEAA0C04-ED15-4C17-800B-28716025A4E4}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
Adware.BetterSurf, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
Adware.BetterSurf, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
Adware.BetterSurf, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
Adware.BetterSurf, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, Quarantined, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{901CD782-0464-2CCD-80DE-74253A767314}, Quarantined, [6df9e56285055ed8d6ee3101b1506898],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{901CD782-0464-2CCD-80DE-74253A767314}, Quarantined, [6df9e56285055ed8d6ee3101b1506898],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{901CD782-0464-2CCD-80DE-74253A767314}, Quarantined, [6df9e56285055ed8d6ee3101b1506898],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{901CD782-0464-2CCD-80DE-74253A767314}, Quarantined, [6df9e56285055ed8d6ee3101b1506898],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{901CD782-0464-2CCD-80DE-74253A767314}, Quarantined, [6df9e56285055ed8d6ee3101b1506898],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C764A995-9013-3BFD-B070-846E6F0BC454}, Quarantined, [baac0f38dbaff83ee3e11b1758a96e92],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C764A995-9013-3BFD-B070-846E6F0BC454}, Quarantined, [baac0f38dbaff83ee3e11b1758a96e92],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C764A995-9013-3BFD-B070-846E6F0BC454}, Quarantined, [baac0f38dbaff83ee3e11b1758a96e92],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C764A995-9013-3BFD-B070-846E6F0BC454}, Quarantined, [baac0f38dbaff83ee3e11b1758a96e92],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C764A995-9013-3BFD-B070-846E6F0BC454}, Quarantined, [baac0f38dbaff83ee3e11b1758a96e92],
PUP.Optional.ELEX, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, Quarantined, [e77fbf8842481224bd3c6962c73a2ad6],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [44223b0c5b2fc67038492736966db848],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [44223b0c5b2fc67038492736966db848],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [44223b0c5b2fc67038492736966db848],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, Quarantined, [620499ae6c1e5bdb810b5508dc2744bc],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, Quarantined, [620499ae6c1e5bdb810b5508dc2744bc],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, Quarantined, [620499ae6c1e5bdb810b5508dc2744bc],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialdskBnd.1, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialdskBnd, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialdskBnd, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\mysearchdial.mysearchdialdskBnd, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialdskBnd.1, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\mysearchdial.mysearchdialdskBnd.1, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{0113A098-06EA-4776-A011-D75590778F1E}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{462862BE-9A5C-49A5-9CBD-A649EAC63645}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{462862BE-9A5C-49A5-9CBD-A649EAC63645}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{462862BE-9A5C-49A5-9CBD-A649EAC63645}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{0113A098-06EA-4776-A011-D75590778F1E}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{0113A098-06EA-4776-A011-D75590778F1E}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
PUP.Optional.BetterSurf.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
PUP.Optional.BetterSurf.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Quarantined, [92d4cc7bccbeac8a0877ac785ca727d9],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{BEAA0C04-ED15-4C17-800B-28716025A4E4}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{65B07D06-95A1-409D-93FF-8CB14E1EC86A}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{65B07D06-95A1-409D-93FF-8CB14E1EC86A}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{65B07D06-95A1-409D-93FF-8CB14E1EC86A}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{BEAA0C04-ED15-4C17-800B-28716025A4E4}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{BEAA0C04-ED15-4C17-800B-28716025A4E4}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
PUP.Optional.BetterSurf.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
PUP.Optional.BetterSurf.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, Quarantined, [73f37ec9662439fd57f78c9c0df6e31d],
PUP.Optional.SecureWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
PUP.Optional.SecureWeb.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
PUP.Optional.SecureWeb.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{2F137995-4D26-44AD-9C4E-91055090A817}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
PUP.Optional.SecureWeb.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A1E7709A-3AFB-49B8-8719-CCBF3F73CCB1}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
PUP.Optional.SecureWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1E7709A-3AFB-49B8-8719-CCBF3F73CCB1}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
PUP.Optional.SecureWeb.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A1E7709A-3AFB-49B8-8719-CCBF3F73CCB1}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
PUP.Optional.SecureWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2F137995-4D26-44AD-9C4E-91055090A817}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
PUP.Optional.SecureWeb.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{2F137995-4D26-44AD-9C4E-91055090A817}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
PUP.Optional.SecureWeb.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D3C24E2B-C820-4492-9B69-11BF7163F998}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
PUP.Optional.SecureWeb.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D3C24E2B-C820-4492-9B69-11BF7163F998}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
PUP.Optional.SecureWeb.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D3C24E2B-C820-4492-9B69-11BF7163F998}, Quarantined, [05613c0b6e1c84b280667ea2c83b05fb],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, Quarantined, [6006c681157560d64746b8a5b64dab55],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [6006c681157560d64746b8a5b64dab55],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [6006c681157560d64746b8a5b64dab55],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [6006c681157560d64746b8a5b64dab55],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [6006c681157560d64746b8a5b64dab55],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [6006c681157560d64746b8a5b64dab55],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [6006c681157560d64746b8a5b64dab55],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\esrv.mysearchdialESrvc, Quarantined, [6006c681157560d64746b8a5b64dab55],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [6006c681157560d64746b8a5b64dab55],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\esrv.mysearchdialESrvc.1, Quarantined, [6006c681157560d64746b8a5b64dab55],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, Quarantined, [6006c681157560d64746b8a5b64dab55],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialHlpr.1, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialHlpr, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialHlpr, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\mysearchdial.mysearchdialHlpr, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialHlpr.1, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\mysearchdial.mysearchdialHlpr.1, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [5c0ac384464456e0f24fb8a54ab9c23e],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarantined, [4620e0675f2b77bf1dd5a2bb58ab9070],
PUP.Optional.EasyLife.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}, Quarantined, [ce98a6a1a0eacc6a9cb407560ef57e82],
PUP.Optional.EasyLife.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}, Quarantined, [ce98a6a1a0eacc6a9cb407560ef57e82],
PUP.Optional.Babylon.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [62044304bdcd6cca0a0d3aea7a8959a7],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [98ce60e7088224127cca78ac04ff956b],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [98ce60e7088224127cca78ac04ff956b],
PUP.Optional.DolphinDeals.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{15A4CE1E-D288-4D04-85BF-907170010A7A}, Quarantined, [1d4999ae85051e188ccf6cb544bf33cd],
PUP.Optional.DolphinDeals.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{15A4CE1E-D288-4D04-85BF-907170010A7A}, Quarantined, [1d4999ae85051e188ccf6cb544bf33cd],
PUP.Optional.BetterSurf.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1824FF90-C98E-48A6-838F-E3B6572B0C77}, Quarantined, [4422ee594e3cc274f18d30f443c06799],
PUP.Optional.BetterSurf.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1824FF90-C98E-48A6-838F-E3B6572B0C77}, Quarantined, [4422ee594e3cc274f18d30f443c06799],
PUP.Optional.LemurLeap.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{415419C3-DAD0-4DF1-AC37-22C72AD81878}, Quarantined, [ca9cc4832d5dd165c5fb042661a2bd43],
PUP.Optional.LemurLeap.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{415419C3-DAD0-4DF1-AC37-22C72AD81878}, Quarantined, [ca9cc4832d5dd165c5fb042661a2bd43],
PUP.Optional.Delta.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, Quarantined, [93d371d6642684b2aad7d3891fe410f0],
PUP.Optional.Delta.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, Quarantined, [93d371d6642684b2aad7d3891fe410f0],
PUP.Optional.Delta.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, Quarantined, [bda991b681092a0cf58bcb9112f13cc4],
PUP.Optional.Delta.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, Quarantined, [bda991b681092a0cf58bcb9112f13cc4],
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FE063412-BEA4-4D76-8ED3-183BE6220D17}, Quarantined, [84e2c97e0882122411245b04cd36fe02],
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FE063412-BEA4-4D76-8ED3-183BE6220D17}, Quarantined, [84e2c97e0882122411245b04cd36fe02],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}, Quarantined, [36302e193357b086dc6793ca62a15fa1],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, Quarantined, [94d25becfa906fc72f0b99974bb8ee12],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1, Quarantined, [a5c18abdf595bb7bbd7d092706fde818],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Updater.AmiUpd.1, Quarantined, [a5c18abdf595bb7bbd7d092706fde818],
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, Quarantined, [442243045c2e9a9cc91c85ccee138e72],
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, Quarantined, [442243045c2e9a9cc91c85ccee138e72],
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, Quarantined, [442243045c2e9a9cc91c85ccee138e72],
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, Quarantined, [442243045c2e9a9cc91c85ccee138e72],
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, Quarantined, [442243045c2e9a9cc91c85ccee138e72],
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, Quarantined, [442243045c2e9a9cc91c85ccee138e72],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{2be54678-5f85-4937-975c-484112311e65}Gw64, Quarantined, [9acc1a2df09ae74f83634f8822e13bc5],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{3c3ae2b4-4a36-40c4-a356-ffc1820b7ece}Gw64, Quarantined, [12545fe8e5a5c47252945e7928db7c84],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{0b3befeb-e7d9-4648-a054-011aee951126}w64, Quarantined, [15511b2cc7c333038e7862d452b3768a],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{17d7b7ef-d2d8-45f1-a2f2-2dea72852c07}w64, Quarantined, [8cda9fa82268c96de2249a9ced18c23e],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{1bcac693-c506-4a13-8921-e885a8cb1d13}w64, Quarantined, [d88eae991278a492bd494de930d521df],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{3f837d36-3981-45f1-9497-67565ae84508}w64, Quarantined, [531377d07d0d5dd96d99fd3916eff709],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{702bbd8f-e6dd-42a8-a995-6b431927d55e}w64, Quarantined, [1452a89ffd8d59dd25e16dc928dd18e8],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{95e63078-c8de-4514-94f6-859d098ae58c}w64, Quarantined, [a8bea7a0137788aeab5b4fe76c99a060],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{a524bf90-f804-4c41-b422-cc15288e85ca}w64, Quarantined, [75f10a3dcbbff4429274013507fe748c],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{a60ec2d2-55d8-408b-9b84-24e0bd56daf6}w64, Quarantined, [b5b1e4636d1ddc5a7492bc7a8283c838],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{c4a7b09f-59a5-4aec-aa79-4922d6416b82}w64, Quarantined, [0d598eb957333600d53152e4fa0b916f],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{cfcde8f5-41ca-4db2-b65e-84981eec55ca}w64, Quarantined, [d88ecd7a355511253accb482bc49e31d],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{e189778b-c832-454e-b504-3be6620f674d}w64, Quarantined, [9fc784c32367a393ef17ea4c32d3b44c],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{e3ccc45b-550f-41ef-9f66-bf8e591166fe}w64, Quarantined, [7ee866e1880237ff33d37abcf213867a],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{f40be314-6146-47fc-bd32-c76c91cbfb49}w64, Quarantined, [2e381c2b54367db9e6200c2aed18bd43],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{fedcd8ab-e575-437f-b8ab-0f7bb23dd158}w64, Quarantined, [0b5b4502ef9bb58148bec76f26df18e8],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, Quarantined, [2046cd7ae3a7e0569453a928788ba25e],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, Quarantined, [89dd1433f694c76fbb5e4ab943c18d73],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [0a5c4afda3e77bbb3bd9948e59acfa06],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BonanzaDealsLive.exe, Quarantined, [8ed83d0a8ffb35012d5fac727c89ea16],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\BonanzaDealsLive, Quarantined, [c4a262e5fc8e2f07c6c552cc5ca9fc04],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, Quarantined, [e77ffc4b9eecc472402afce811f245bb],
PUP.Optional.KeyFind.A, HKLM\SOFTWARE\WOW6432NODE\key-findSoftware, Quarantined, [1d4992b5d2b8b97d292d9d1729da11ef],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\mysearchdial, Quarantined, [80e6b6914446a19560462510f411ea16],
PUP.Optional.PhraseFinder.A, HKLM\SOFTWARE\WOW6432NODE\PhraseFinder_1.10.0.9, Quarantined, [23438dbac1c92b0b0c4005b3857eec14],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, Quarantined, [1f474cfbacde71c5100a468c8d76c43c],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, Quarantined, [184eab9c4248270f87ef8c680cf7936d],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd, Quarantined, [bfa70b3cd9b159dd64839b3657ac53ad],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dedmngkbaffkenlfdcbganndoghblmap, Quarantined, [98ce52f52268082e9e6bab3fb54ec937],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, Quarantined, [a9bd86c10d7d54e262b747bceb19da26],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\poheodfamflhhhdcmjfeggbgigeefaco, Quarantined, [85e126217812d95dce65d91c2bd80ff1],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\mysearchdial, Quarantined, [0e58291ebbcf56e098514ec75aabbc44],
PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [cb9b32156525989e5b58ee495baa827e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BonanzaDealsLive.exe, Quarantined, [501656f1414978be414bc05e976e8080],
PUP.Optional.PhraseFinder.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pfnfd_1_10_0_9, Quarantined, [d88e47004a4053e35febe5d3f31044bc],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, Quarantined, [d78fbc8bd7b373c30b48f8cff310eb15],
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\BonanzaDealsLive, Quarantined, [fc6a85c2e4a688aec8c1958965a02cd4],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\DataMngr, Quarantined, [88dee562a0ea2d09e187e630976e27d9],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\mysearchdial, Quarantined, [b7afef58a7e35dd9a6e1fd1a7e87cd33],
PUP.Optional.WebSearches.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\SupHpUISoft, Quarantined, [bcaad671b0da0b2bc8fed0038b78a759],
PUP.Optional.TornTV.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\TornTv Downloader, Quarantined, [7fe76add92f82313a643764d7a8948b8],
PUP.Optional.SProtector.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\APPDATALOW\SProtector, Quarantined, [3135c087c9c10135ee12df3aa560738d],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [bbabc681315962d46449b575fa0b2cd4],
PUP.Optional.Babylon.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\BABSOLUTION\Updater, Quarantined, [83e3a7a0f39794a2313a001702038b75],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, Quarantined, [c99d4afd8505ea4cd5438b7835cff40c],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [aeb8cc7bdeac0f27b7f9837dcd3704fc],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\INSTALLCORE\mysearchdial, Quarantined, [0a5c65e224666cca62cf87944fb6ce32],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\INSTALLCORE, Quarantined, [135349fe1179f046701b061015f060a0],
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\SYSTWEAK\RegClean Pro, Quarantined, [4d19eb5ca6e446f08d99ba621beabe42],
PUP.Optional.SecureWeb.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PrivoxyService, Quarantined, [6ef8182f8307b680841c6d33ad566898],
PUP.Optional.SearchNewTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{52277627-029D-B628-0018-88DEBE87176F}, Quarantined, [03635ee94c3e9d994b577f74db2a59a7],
PUP.Optional.SearchNewTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{52277627-029D-B628-0018-88DEBE87176F}, Quarantined, [03635ee94c3e9d994b577f74db2a59a7],
PUP.Optional.SearchNewTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{52277627-029D-B628-0018-88DEBE87176F}, Quarantined, [03635ee94c3e9d994b577f74db2a59a7],
PUP.Optional.SearchNewTab.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{52277627-029D-B628-0018-88DEBE87176F}, Quarantined, [03635ee94c3e9d994b577f74db2a59a7],
PUP.Optional.SearchNewTab.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{52277627-029D-B628-0018-88DEBE87176F}, Quarantined, [03635ee94c3e9d994b577f74db2a59a7],
PUP.Optional.SearchNewTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{973AEBF9-6677-0B1D-805B-461A6610469C}, Quarantined, [b2b426212e5c122421810ae9ff0645bb],
PUP.Optional.SearchNewTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{973AEBF9-6677-0B1D-805B-461A6610469C}, Quarantined, [b2b426212e5c122421810ae9ff0645bb],
PUP.Optional.SearchNewTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{973AEBF9-6677-0B1D-805B-461A6610469C}, Quarantined, [b2b426212e5c122421810ae9ff0645bb],
PUP.Optional.SearchNewTab.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{973AEBF9-6677-0B1D-805B-461A6610469C}, Quarantined, [b2b426212e5c122421810ae9ff0645bb],
PUP.Optional.SearchNewTab.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{973AEBF9-6677-0B1D-805B-461A6610469C}, Quarantined, [b2b426212e5c122421810ae9ff0645bb],
PUP.Optional.SearchNewTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DFBE860F-A916-B5F6-D027-E353DA36659C}, Quarantined, [85e1e26513770630980ab53e12f30ef2],
PUP.Optional.SearchNewTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DFBE860F-A916-B5F6-D027-E353DA36659C}, Quarantined, [85e1e26513770630980ab53e12f30ef2],
PUP.Optional.SearchNewTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{DFBE860F-A916-B5F6-D027-E353DA36659C}, Quarantined, [85e1e26513770630980ab53e12f30ef2],
PUP.Optional.SearchNewTab.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DFBE860F-A916-B5F6-D027-E353DA36659C}, Quarantined, [85e1e26513770630980ab53e12f30ef2],
PUP.Optional.SearchNewTab.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DFBE860F-A916-B5F6-D027-E353DA36659C}, Quarantined, [85e1e26513770630980ab53e12f30ef2],

Registry Values: 8
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{3004627E-F8E9-4E8B-909D-316753CBA923}, mysearchdial Toolbar, Quarantined, [bea8ef585f2bb581bc86b0ade61d49b7]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [baacb097f5950b2be260332ae12245bb],
PUP.Optional.BrowserProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|bProtectTabs, http://www.searchgol.com/?babsrc=HP_ss&mntrId=B8B9685D43D1A3C2&affID=120695&tsp=5023, Quarantined, [7cea5aed761488ae8cc7ba637e87728e]
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|xz123@ya456.com, C:\Program Files (x86)\BetterSurf\ff, Quarantined, [2e38f354e5a594a2e427cb14f11211ef]
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|12x3q@3244516.com, C:\Program Files (x86)\Better-Surf\ff, Quarantined, [c2a45ceb1e6c191dc6ae02356c9930d0]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\INSTALLCORE|tb, 0A2O0R1R1H2Z1S1G0H1F, Quarantined, [135349fe1179f046701b061015f060a0]
PUM.Bad.Proxy, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, Quarantined, [471f1c2b3159989eb4e59aa9ea1ba15f]
PUP.Optional.NextLive.A, HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NextLive, C:\Windows\SysWOW64\rundll32.exe "C:\Users\admin\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l, Quarantined, [aeb848ffed9db87ec37c996857ada759]

 

[Troubling]

Registry Data: 7
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}, Good: (www.google.com), Bad: (http://istart.webssearches.com/web/...),Replaced,[73f374d375155ed8cfc5cf16ab5af60a]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://istart.webssearches.com/?type=hp&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD, Good: (www.google.com), Bad: (http://istart.webssearches.com/?typ...),Replaced,[93d30e398604eb4b9ff4a63f9d68a957]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://istart.webssearches.com/?type=hp&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD, Good: (www.google.com), Bad: (http://istart.webssearches.com/?typ...),Replaced,[0a5c2522c6c4bd79c3d217ce3acbc33d]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}, Good: (www.google.com), Bad: (http://istart.webssearches.com/web/...),Replaced,[075fff48bcce57df2b03af3455b01ee2]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[9fc7bc8b7c0e1a1ce0925f9047be9967]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://start.mysearchdial.com/?f=2&...FtCtAyBzytN1L1CzutCyD1B1P1R&cr=1042115618&ir=, Good: (www.google.com), Bad: (http://start.mysearchdial.com/?f=2&...),Replaced,[4a1c6cdb97f39a9ce1b91dc8bc4957a9]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[bea82d1a32581620f87ace21679e37c9]

Folders: 39
PUP.Optional.SpeedTray.A, C:\Users\admin\AppData\Roaming\SpeedTray, Quarantined, [3333e067eb9fed49a79fd6d8966dfb05],
PUP.Optional.GetPrivateVPN, C:\Program Files (x86)\GetPrivate, Quarantined, [97cfcd7a800aa492ac0bb01aca39ad53],
PUP.Optional.SoftwareUpdater.A, C:\Users\admin\AppData\Local\SwvUpdater, Quarantined, [125481c67713e254534c5c7d8083718f],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config, Quarantined, [0a5c87c0b0da2214e5689941a75c7d83],
PUP.Optional.SearchNewTab, C:\ProgramData\SearchNewTab, Quarantined, [61055fe8e6a450e604983b36d72cbb45],
PUP.Optional.FileScout.A, C:\Users\admin\AppData\Roaming\File Scout, Quarantined, [4125c1867416f93d705d422f9c6702fe],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive, Quarantined, [60060f3807838da9cece7200ed169a66],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update, Quarantined, [60060f3807838da9cece7200ed169a66],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log, Quarantined, [60060f3807838da9cece7200ed169a66],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDealsLive, Quarantined, [2a3c91b64d3d7db94857dd9550b3c838],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDealsLive\CrashReports, Quarantined, [2a3c91b64d3d7db94857dd9550b3c838],
PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf, Delete-on-Reboot, [e97d89be8604bc7a6f913c3728dba55b],
PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ch, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ff, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ff\chrome, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ff\chrome\content, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ie, Delete-on-Reboot, [e97d89be8604bc7a6f913c3728dba55b],
PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf, Delete-on-Reboot, [6ef814334c3e35015ce991e20201946c],
PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ch, Quarantined, [6ef814334c3e35015ce991e20201946c],
PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ff, Quarantined, [6ef814334c3e35015ce991e20201946c],
PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ff\chrome, Quarantined, [6ef814334c3e35015ce991e20201946c],
PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ff\chrome\content, Quarantined, [6ef814334c3e35015ce991e20201946c],
PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ie, Delete-on-Reboot, [6ef814334c3e35015ce991e20201946c],
PUP.Optional.MySearchDial.A, C:\Users\admin\AppData\LocalLow\mysearchdial, Quarantined, [5b0bfa4d0f7b64d20415fc799073a35d],
PUP.Optional.MySearchDial.A, C:\Users\admin\AppData\LocalLow\mysearchdial\mysearchdial, Quarantined, [5b0bfa4d0f7b64d20415fc799073a35d],
PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco, Quarantined, [4f17be890f7b979fac0e99de8b78718f],
PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_0, Quarantined, [4f17be890f7b979fac0e99de8b78718f],
PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_1, Quarantined, [4f17be890f7b979fac0e99de8b78718f],
PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnlomafmkpiclmaaekkhpoecnclldmaa, Quarantined, [b8ae8eb915752c0a8ce9c0b99a69a35d],
PUP.Optional.MySpeedDial.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff, Quarantined, [cc9a51f6eb9f15211e19bac47b88c43c],
PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap, Quarantined, [1c4a37100c7e22143261a8d7b54e5ba5],
PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_0, Quarantined, [1c4a37100c7e22143261a8d7b54e5ba5],
PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_1, Quarantined, [1c4a37100c7e22143261a8d7b54e5ba5],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Quarantined, [1c4a4dfa3f4bd5617d3395f1c83b659b],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Quarantined, [1c4a4dfa3f4bd5617d3395f1c83b659b],
PUP.Optional.TrustMediaViewer.A, C:\Program Files (x86)\TrustMediaViewerV1, Quarantined, [72f43b0c197192a4f302daaec73c1fe1],
PUP.Optional.DSearchLink.A, C:\ProgramData\DSearchLink, Quarantined, [75f1d770c4c6f4421156e3b2b350649c],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals, Quarantined, [f0767ec9c0ca37ffa44c118614ef02fe],
PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web, Delete-on-Reboot, [6ef8182f8307b680841c6d33ad566898],

Files: 123
PUP.Optional.MultiPlug.A, C:\ProgramData\soaofEE saave\51cebe6178ebd.dll, Delete-on-Reboot, [d09660e7b2d872c4e3e11919ff02aa56],
Adware.BetterSurf, C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll, Delete-on-Reboot, [86e04dfab2d816203cf945272cd57987],
Adware.BetterSurf, C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll, Delete-on-Reboot, [7ceaa3a4d0ba50e6581efb70e31e4fb1],
PUP.Optional.MultiPlug.A, C:\ProgramData\BryOOwsee2ssavoe\515edbe4c903b.dll, Delete-on-Reboot, [6df9e56285055ed8d6ee3101b1506898],
PUP.Optional.MultiPlug.A, C:\ProgramData\soaofEE saave\51cebdc3b8850.dll, Delete-on-Reboot, [baac0f38dbaff83ee3e11b1758a96e92],
PUP.Optional.ELEX, C:\ProgramData\IePluginServices\PluginService.exe, Quarantined, [e77fbf8842481224bd3c6962c73a2ad6],
PUP.Optional.BetterSurf.A, C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll, Delete-on-Reboot, [92d4cc7bccbeac8a0877ac785ca727d9],
PUP.Optional.BetterSurf.A, C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll, Delete-on-Reboot, [73f37ec9662439fd57f78c9c0df6e31d],
PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll, Delete-on-Reboot, [05613c0b6e1c84b280667ea2c83b05fb],
PUP.Optional.MultiPlug.A, C:\ProgramData\Browosse2save\5160d8a4989f7.dll, Quarantined, [6501be89b8d24fe77d47a88a7b869868],
PUP.Optional.SilentInstall.A, C:\ProgramData\BryOOwsee2ssavoe\uninstall.exe, Quarantined, [5b0b61e6d8b21e184b9f112354ad3ac6],
PUP.Optional.Delta.A, C:\ProgramData\DSearchLink\DSearchLink.exe, Quarantined, [ed791a2d424826102ac9513bfd089967],
PUP.Optional.MultiPlug.A, C:\ProgramData\saffe saoVe\51cec9c438ffb.dll, Quarantined, [baac4cfb9bef2511aa1a042e887947b9],
PUP.Optional.SilentInstall.A, C:\ProgramData\soaofEE saave\uninstall.exe, Quarantined, [24422e197218979f30ba4ce83ec3b34d],
Adware.Agent, C:\ProgramData\InstallMate\{BA9827F6-F1CE-466D-A486-B9EC617B0500}\Custom.dll, Quarantined, [a1c5fa4da2e8cf67d5121862bc45df21],
Trojan.Downloader.YAC, C:\Users\admin\AppData\Roaming\WinZipper\update\zip_update_v1.5.90.exe, Quarantined, [bda9ac9ba5e5e0569d480a12b053df21],
PUP.Optional.FileScout.A, C:\Users\admin\AppData\Roaming\File Scout\filescout.exe, Quarantined, [6df96addacde53e3a446af8418e901ff],
FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E197.tmp, Quarantined, [3630b98edcae6bcb9aad33ff7b879d63],
FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E198.tmp, Quarantined, [d3939cab1e6c082eb5924be7010160a0],
FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E199.tmp, Quarantined, [145230176129f14564e3ff33eb1741bf],
FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E19A.tmp, Quarantined, [80e6311699f183b35fe86bc7c042db25],
FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E19B.tmp, Quarantined, [79ed2b1c890152e4ea5d69c9d52d8080],
FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E19C.tmp, Quarantined, [d3934502ec9e4fe710371121c63c936d],
FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E19D.tmp, Quarantined, [e97d56f1bad0eb4b3314c56d20e26f91],
FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E1BD.tmp, Quarantined, [d3932b1cb2d8d165b98e8ba79171b848],
FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E1BE.tmp, Quarantined, [14524106d5b53402ba8d270bb54d47b9],
FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E1BF.tmp, Quarantined, [ce98a89f5436e254de69b2809e6404fc],
FraudTool.YAC, C:\Users\admin\AppData\Local\Temp\_@E1D6.tmp, Quarantined, [baacb790ccbe86b00a3d3cf613ef8d73],
Trojan.Agent, C:\Users\Temp\tuyen_tap_hai_2008.exe, Quarantined, [3a2cc0873f4b122490d0bf10d72942be],
PUP.Optional.Amonetize, C:\Users\admin\AppData\Local\SwvUpdater\Updater.exe, Quarantined, [442243045c2e9a9cc91c85ccee138e72],
Trojan.Agent, C:\Windows\system\lsass.exe, Quarantined, [c2a456f1adddae88006017b852ae639d],
PUP.Optional.SpeedTray.A, C:\Users\admin\AppData\Roaming\SpeedTray\speedtray.exe, Quarantined, [3333e067eb9fed49a79fd6d8966dfb05],
PUP.Optional.SpeedTray.A, C:\Users\admin\AppData\Roaming\SpeedTray\speedtray.exe.16545, Quarantined, [3333e067eb9fed49a79fd6d8966dfb05],
PUP.Optional.WebsSearches.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal, Quarantined, [81e567e01674f93d7fcebefc020123dd],
PUP.Optional.WebsSearches.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.webssearches.com_0.localstorage-journal, Quarantined, [f37383c4abdfb18528250eacbd46936d],
PUP.Optional.SecureWeb.A, C:\Windows\System32\Tasks\Jelbrus Secure Web Task, Quarantined, [3e28380f24663cfa839fccf545bee41c],
PUP.Optional.GetPrivateVPN, C:\Program Files (x86)\GetPrivate\tasks.dll, Quarantined, [97cfcd7a800aa492ac0bb01aca39ad53],
PUP.Optional.GetPrivateVPN, C:\Program Files (x86)\GetPrivate\gpup.exe, Quarantined, [97cfcd7a800aa492ac0bb01aca39ad53],
PUP.Optional.GetPrivateVPN, C:\Windows\System32\Tasks\GPUP, Quarantined, [f86e093ebcce162051678842946f1ce4],
PUP.Optional.InstallD.A, C:\Windows\SysWOW64\installd.exe, Quarantined, [86e0d770e5a5f3437bda4790bb485ca4],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{2be54678-5f85-4937-975c-484112311e65}Gw64.sys, Quarantined, [9acc1a2df09ae74f83634f8822e13bc5],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{3c3ae2b4-4a36-40c4-a356-ffc1820b7ece}Gw64.sys, Quarantined, [12545fe8e5a5c47252945e7928db7c84],
PUP.Optional.SoftwareUpdater.A, C:\Users\admin\AppData\Local\SwvUpdater\Updater.xml, Quarantined, [125481c67713e254534c5c7d8083718f],
PUP.Optional.SoftwareUpdater.A, C:\Users\admin\AppData\Local\SwvUpdater\status.cfg, Quarantined, [125481c67713e254534c5c7d8083718f],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\ver.xml, Quarantined, [0a5c87c0b0da2214e5689941a75c7d83],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\uninstinethnfd.exe, Quarantined, [0a5c87c0b0da2214e5689941a75c7d83],
PUP.Optional.BProtector.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data, Quarantined, [35311c2b474368ce2a85cb4e91745ca4],
PUP.Optional.BProtector.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences, Quarantined, [70f6a4a3deacf244545c9b7eba4bd52b],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{0b3befeb-e7d9-4648-a054-011aee951126}w64.sys, Quarantined, [15511b2cc7c333038e7862d452b3768a],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{17d7b7ef-d2d8-45f1-a2f2-2dea72852c07}w64.sys, Quarantined, [8cda9fa82268c96de2249a9ced18c23e],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{1bcac693-c506-4a13-8921-e885a8cb1d13}w64.sys, Quarantined, [d88eae991278a492bd494de930d521df],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{3f837d36-3981-45f1-9497-67565ae84508}w64.sys, Quarantined, [531377d07d0d5dd96d99fd3916eff709],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{702bbd8f-e6dd-42a8-a995-6b431927d55e}w64.sys, Quarantined, [1452a89ffd8d59dd25e16dc928dd18e8],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{95e63078-c8de-4514-94f6-859d098ae58c}w64.sys, Quarantined, [a8bea7a0137788aeab5b4fe76c99a060],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{a524bf90-f804-4c41-b422-cc15288e85ca}w64.sys, Quarantined, [75f10a3dcbbff4429274013507fe748c],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{a60ec2d2-55d8-408b-9b84-24e0bd56daf6}w64.sys, Quarantined, [b5b1e4636d1ddc5a7492bc7a8283c838],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{c4a7b09f-59a5-4aec-aa79-4922d6416b82}w64.sys, Quarantined, [0d598eb957333600d53152e4fa0b916f],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{cfcde8f5-41ca-4db2-b65e-84981eec55ca}w64.sys, Quarantined, [d88ecd7a355511253accb482bc49e31d],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{e189778b-c832-454e-b504-3be6620f674d}w64.sys, Quarantined, [9fc784c32367a393ef17ea4c32d3b44c],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{e3ccc45b-550f-41ef-9f66-bf8e591166fe}w64.sys, Quarantined, [7ee866e1880237ff33d37abcf213867a],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{f40be314-6146-47fc-bd32-c76c91cbfb49}w64.sys, Quarantined, [2e381c2b54367db9e6200c2aed18bd43],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{fedcd8ab-e575-437f-b8ab-0f7bb23dd158}w64.sys, Quarantined, [0b5b4502ef9bb58148bec76f26df18e8],
PUP.Optional.FileScout.A, C:\Users\admin\AppData\Roaming\File Scout\uninst.exe, Quarantined, [4125c1867416f93d705d422f9c6702fe],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log, Quarantined, [60060f3807838da9cece7200ed169a66],
PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ch\Chrome.crx, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ff\BetterSurf.xpi, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ff\build.cmd, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ff\chrome.manifest, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ff\install.rdf, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ff\chrome\content\firefox.js, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ff\chrome\content\inject.js, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
PUP.Optional.BetterSurf, C:\Program Files (x86)\BetterSurf\ff\chrome\content\overlay.xul, Quarantined, [e97d89be8604bc7a6f913c3728dba55b],
PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ch\Chrome.crx, Quarantined, [6ef814334c3e35015ce991e20201946c],
PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ff\Better-Surf.xpi, Quarantined, [6ef814334c3e35015ce991e20201946c],
PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ff\build.cmd, Quarantined, [6ef814334c3e35015ce991e20201946c],
PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ff\chrome.manifest, Quarantined, [6ef814334c3e35015ce991e20201946c],
PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ff\install.rdf, Quarantined, [6ef814334c3e35015ce991e20201946c],
PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ff\chrome\content\better-surf.js, Quarantined, [6ef814334c3e35015ce991e20201946c],
PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ff\chrome\content\firefox.js, Quarantined, [6ef814334c3e35015ce991e20201946c],
PUP.Optional.BetterSurf, C:\Program Files (x86)\Better-Surf\ff\chrome\content\overlay.xul, Quarantined, [6ef814334c3e35015ce991e20201946c],
PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_0\BetterSrf.js, Quarantined, [4f17be890f7b979fac0e99de8b78718f],
PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_0\icon.ico, Quarantined, [4f17be890f7b979fac0e99de8b78718f],
PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_0\manifest.json, Quarantined, [4f17be890f7b979fac0e99de8b78718f],
PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_1\BetterSrf.js, Quarantined, [4f17be890f7b979fac0e99de8b78718f],
PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_1\icon.ico, Quarantined, [4f17be890f7b979fac0e99de8b78718f],
PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_1\manifest.json, Quarantined, [4f17be890f7b979fac0e99de8b78718f],
PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnlomafmkpiclmaaekkhpoecnclldmaa\000506.ldb, Quarantined, [b8ae8eb915752c0a8ce9c0b99a69a35d],
PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnlomafmkpiclmaaekkhpoecnclldmaa\000517.ldb, Quarantined, [b8ae8eb915752c0a8ce9c0b99a69a35d],
PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnlomafmkpiclmaaekkhpoecnclldmaa\000527.ldb, Quarantined, [b8ae8eb915752c0a8ce9c0b99a69a35d],
PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnlomafmkpiclmaaekkhpoecnclldmaa\000528.log, Quarantined, [b8ae8eb915752c0a8ce9c0b99a69a35d],
PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnlomafmkpiclmaaekkhpoecnclldmaa\CURRENT, Quarantined, [b8ae8eb915752c0a8ce9c0b99a69a35d],
PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnlomafmkpiclmaaekkhpoecnclldmaa\LOCK, Quarantined, [b8ae8eb915752c0a8ce9c0b99a69a35d],
PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnlomafmkpiclmaaekkhpoecnclldmaa\LOG, Quarantined, [b8ae8eb915752c0a8ce9c0b99a69a35d],
PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnlomafmkpiclmaaekkhpoecnclldmaa\LOG.old, Quarantined, [b8ae8eb915752c0a8ce9c0b99a69a35d],
PUP.Optional.CrossRider.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnlomafmkpiclmaaekkhpoecnclldmaa\MANIFEST-000526, Quarantined, [b8ae8eb915752c0a8ce9c0b99a69a35d],
PUP.Optional.MySpeedDial.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000030.log, Quarantined, [cc9a51f6eb9f15211e19bac47b88c43c],
PUP.Optional.MySpeedDial.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000031.ldb, Quarantined, [cc9a51f6eb9f15211e19bac47b88c43c],
PUP.Optional.MySpeedDial.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\CURRENT, Quarantined, [cc9a51f6eb9f15211e19bac47b88c43c],
PUP.Optional.MySpeedDial.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOCK, Quarantined, [cc9a51f6eb9f15211e19bac47b88c43c],
PUP.Optional.MySpeedDial.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOG, Quarantined, [cc9a51f6eb9f15211e19bac47b88c43c],
PUP.Optional.MySpeedDial.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOG.old, Quarantined, [cc9a51f6eb9f15211e19bac47b88c43c],
PUP.Optional.MySpeedDial.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\MANIFEST-000028, Quarantined, [cc9a51f6eb9f15211e19bac47b88c43c],
PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_0\icon.ico, Quarantined, [1c4a37100c7e22143261a8d7b54e5ba5],
PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_0\inject.js, Quarantined, [1c4a37100c7e22143261a8d7b54e5ba5],
PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_0\manifest.json, Quarantined, [1c4a37100c7e22143261a8d7b54e5ba5],
PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_1\icon.ico, Quarantined, [1c4a37100c7e22143261a8d7b54e5ba5],
PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_1\inject.js, Quarantined, [1c4a37100c7e22143261a8d7b54e5ba5],
PUP.Optional.BetterSurf.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_1\manifest.json, Quarantined, [1c4a37100c7e22143261a8d7b54e5ba5],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, Quarantined, [1c4a4dfa3f4bd5617d3395f1c83b659b],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals\uninst.exe, Quarantined, [f0767ec9c0ca37ffa44c118614ef02fe],
PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\config.txt, Quarantined, [6ef8182f8307b680841c6d33ad566898],
PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\default.action, Quarantined, [6ef8182f8307b680841c6d33ad566898],
PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\default.filter, Quarantined, [6ef8182f8307b680841c6d33ad566898],
PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\jswchromium.exe, Quarantined, [6ef8182f8307b680841c6d33ad566898],
PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\jswchromium64.exe, Quarantined, [6ef8182f8307b680841c6d33ad566898],
PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\jsweb.dll, Quarantined, [6ef8182f8307b680841c6d33ad566898],
PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\jsweb64.dll, Quarantined, [6ef8182f8307b680841c6d33ad566898],
PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\jswff.exe, Quarantined, [6ef8182f8307b680841c6d33ad566898],
PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe, Quarantined, [6ef8182f8307b680841c6d33ad566898],
PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\mgwz.dll, Quarantined, [6ef8182f8307b680841c6d33ad566898],
PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe, Delete-on-Reboot, [6ef8182f8307b680841c6d33ad566898],
PUP.Optional.SecureWeb.A, C:\Program Files (x86)\Jelbrus Secure Web\privoxy.log, Delete-on-Reboot, [6ef8182f8307b680841c6d33ad566898],
PUP.Optional.Delta.A, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences, Good: (), Bad: ( "homepage": "http://www1.delta-search.com/?babsrc=HP_ss&mntrId=B8B9685D43D1A3C2&affID=121631&tsp=4949",), Replaced,[e87eaa9d0486211512cfe845e224f30d]

Physical Sectors: 0
(No malicious items detected)


(end)

 

[Troubling]

I am currently have virus on my computer at the same time , troubling . Some game aren't running , the library rld.dll was not found cause the antivirus software is false detecting the file or something .

 

[Troubling]

Oh I excluded the folder so the game runs now , thanks . I have some strange folder that name recycle bin that appear on so many disk drive thats look like a hidden folder , is that the virus doing or your software ?

 

[Broni]

We'll see...

You didn't say how you did with step 1 from my previous reply (uninstalling bunch of malicious programs.

 

[Troubling]

I did uninstall all of them , but they were there most of the time and really did nothing on my computer . Now the virus slow all of my program like some other thread in the forum . Should I install avast protection to clear this ? Doing it right now anyway

 

[Troubling]

So I run avast and even though it took so long to boot everything is running normally now . No more random sound too .

 

[Broni]

Good news

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Troubling]

Although my computer look fine but it took quite a while to run something or to fully boot up . Is there anything I can do with that ? It's wasn't like that before so I think its virus or something but not so sure .

 

[Troubling]

I already run combofix but can't find the txt ?

 

[Troubling]

I uninstall malware byte and avast and everything run fast again

ComboFix 15-03-23.01 - admin 23/03/2015 19:49:44.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1258.84.1033.18.3998.2297 [GMT 7:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\SearchNewTab.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\Uninstall.lnk
c:\programdata\Roaming
c:\users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Dolphin Deals_iels
c:\users\admin\AppData\Local\ws_updater.exe
c:\users\admin\AppData\Roaming\Microsoft\Windows\Recent\[Alo8] Box Pokémon Game.url
c:\users\admin\Media
c:\users\admin\Media\videos\AMD_Logo_movie.wmv
c:\users\admin\Media\videos\Darksiders_Intro_CG_1280x720.wmv
c:\windows\apppatch\AppLoc.exe
c:\windows\SysWow64\drivers\SysLib5.sys
c:\windows\SysWow64\drivers\SysLib6.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
-------\Service_BkavAuto
-------\Service_SysLib
.
.
((((((((((((((((((((((((( Files Created from 2015-02-23 to 2015-03-23 )))))))))))))))))))))))))))))))
.
.
2015-03-23 13:07 . 2015-03-23 13:07 -------- d-----w- c:\users\MSSQL$HUY\AppData\Local\temp
2015-03-23 13:07 . 2015-03-23 13:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-22 05:44 . 2015-03-22 06:25 -------- d-----w- c:\users\admin\AppData\Roaming\Dropbox
2015-03-22 05:30 . 2015-03-22 05:30 -------- d-----w- c:\users\admin\AppData\Roaming\AVAST Software
2015-03-22 05:24 . 2015-03-22 05:37 -------- d-----w- c:\windows\SysWow64\vbox
2015-03-22 05:24 . 2015-03-22 05:37 -------- d-----w- c:\windows\system32\vbox
2015-03-22 05:22 . 2015-03-22 05:22 268640 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-03-22 05:22 . 2015-03-22 05:22 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-03-22 05:22 . 2015-03-22 05:22 441728 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-03-22 05:22 . 2015-03-22 05:22 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-03-22 05:22 . 2015-03-22 05:22 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-03-22 05:22 . 2015-03-22 05:21 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-03-22 05:22 . 2015-03-22 05:21 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-03-22 05:22 . 2015-03-22 05:21 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-03-22 05:22 . 2015-03-22 05:21 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-03-22 05:21 . 2015-03-22 05:21 43112 ----a-w- c:\windows\avastSS.scr
2015-03-22 05:20 . 2015-03-22 05:20 -------- d-----w- c:\program files\AVAST Software
2015-03-22 05:16 . 2015-03-22 05:16 -------- d-----w- c:\programdata\AVAST Software
2015-03-22 05:16 . 2015-03-22 05:16 441728 ----a-w- c:\windows\system32\drivers\wqjbnkgz.sys
2015-03-20 14:52 . 2015-03-20 15:38 -------- d-----w- c:\users\admin\AppData\Roaming\BitTorrent
2015-03-20 03:36 . 2015-03-20 03:38 -------- d-----w- C:\AdwCleaner
2015-03-20 02:55 . 2015-03-23 12:47 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-20 02:54 . 2015-03-20 02:54 -------- d-----w- c:\programdata\Malwarebytes
2015-03-20 02:54 . 2015-03-16 23:15 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-20 02:54 . 2015-03-16 23:15 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-20 02:54 . 2015-03-16 23:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-20 02:41 . 2015-03-20 02:41 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-20 02:41 . 2015-03-20 02:57 -------- d-----w- c:\programdata\RogueKiller
2015-03-20 02:20 . 2015-03-20 02:20 0 ----a-w- c:\windows\SysWow64\link.sys
2015-03-20 02:11 . 2015-03-20 02:11 -------- d-----w- c:\users\admin\AppData\Roaming\Bkav2009
2015-03-20 02:08 . 2015-03-20 03:25 -------- d-----w- c:\users\Temp
2015-03-19 03:33 . 2015-03-19 03:35 -------- d-----w- C:\FRST
2015-03-16 10:01 . 2015-03-16 10:01 -------- d-----w- c:\program files (x86)\Realtek
2015-03-16 10:01 . 2010-05-07 02:42 245280 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2015-03-16 10:01 . 2015-03-16 10:01 -------- d-----w- C:\DRIVERS
2015-03-13 12:07 . 2014-11-14 14:15 23752 ----a-w- c:\windows\SysWow64\drivers\efimon.sys
2015-03-13 12:05 . 2015-03-13 12:05 -------- d-sh--w- c:\programdata\360Quarant
2015-03-12 11:00 . 2015-03-14 14:11 -------- d-----w- c:\programdata\PopCap Games
2015-03-12 10:56 . 2015-03-14 14:10 -------- d-----w- c:\program files (x86)\Opera
2015-03-12 10:56 . 2015-03-13 15:51 -------- d-----w- c:\program files (x86)\360
2015-03-12 02:42 . 2015-03-12 02:42 -------- d-----w- c:\users\admin\AppData\Roaming\JAM Software
2015-03-08 11:16 . 2015-03-08 11:16 -------- d-----w- c:\users\admin\AppData\Roaming\Tencent
2015-03-06 03:17 . 2015-03-06 03:17 -------- d-----w- c:\programdata\Microsoft Visual Studio
2015-03-06 02:41 . 2015-03-06 02:41 2562208 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2015-03-06 02:36 . 2015-03-06 02:36 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-03-06 02:34 . 2015-03-06 02:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2015-03-06 02:34 . 2015-03-06 02:34 -------- d-----w- c:\program files\Application Verifier
2015-03-06 02:34 . 2015-03-06 02:34 -------- d-----w- c:\program files (x86)\Application Verifier
2015-03-06 02:34 . 2015-03-06 02:34 -------- d-----w- c:\programdata\Windows App Certification Kit
2015-03-06 02:33 . 2015-03-06 02:33 -------- d-----w- c:\program files (x86)\Common Files\Microsoft
2015-03-06 02:32 . 2015-03-06 02:32 -------- d-----w- c:\programdata\PreEmptive Solutions
2015-03-06 02:30 . 2015-03-06 02:31 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2015-03-06 02:30 . 2015-03-06 02:30 -------- d-----w- c:\program files (x86)\Microsoft Web Tools
2015-03-06 02:30 . 2015-03-06 02:30 -------- d-----w- c:\program files\Microsoft
2015-03-06 02:29 . 2015-03-06 02:29 -------- d-----w- c:\program files\IIS Express
2015-03-06 02:29 . 2015-03-06 02:29 -------- d-----w- c:\program files (x86)\IIS Express
2015-03-06 02:29 . 2015-03-06 02:29 -------- d-----w- c:\program files (x86)\NuGet
2015-03-06 02:28 . 2015-03-06 02:28 -------- d-----w- c:\program files (x86)\Microsoft WCF Data Services
2015-03-06 02:28 . 2015-03-06 02:28 -------- d-----w- c:\program files\IIS
2015-03-06 02:28 . 2015-03-06 02:28 -------- d-----w- c:\program files (x86)\IIS
2015-03-06 02:26 . 2015-03-06 02:26 -------- d-----w- c:\program files (x86)\Windows Kits
2015-03-06 02:20 . 2015-03-06 02:20 -------- d-----w- c:\program files (x86)\HTML Help Workshop
2015-03-06 02:20 . 2015-03-06 02:20 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer
2015-03-06 02:12 . 2015-03-06 02:12 -------- d-----w- c:\windows\symbols
2015-03-06 02:12 . 2015-03-06 02:12 -------- d-----w- c:\program files\Microsoft Visual Studio 11.0
2015-03-06 02:08 . 2015-03-06 02:08 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-19 15:38 . 2014-08-17 15:38 70144 ----a-w- c:\windows\SysWow64\tasks.dll
2015-03-06 02:37 . 2014-10-08 02:26 84448 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2015-02-15 15:40 . 2015-02-06 15:42 239104 ----a-w- c:\windows\mlwps.exe
2015-02-02 12:15 . 2009-08-18 05:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2015-02-02 12:13 . 2009-08-18 04:24 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-11-07 01:41 2169856 --sha-w- c:\windows\System32\hale.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2012-11-07 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-11-07 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UniKey"="c:\unikey 4.0 rc2 win64\UniKeyNT.exe" [2009-11-01 316928]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-24 6595928]
"GarenaPlus"="d:\games\LienMinhHuyenThoai\GameData\GarenaMessenger.exe" [2015-01-20 9981528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Service"="d:\duy\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe" [2011-09-09 247016]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-10-16 291648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-04 343168]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"BkavHome"="c:\program files (x86)\BkavHome\BkavHome.exe" [2015-01-14 2435584]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-22 5511352]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-3-29 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP3000 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB3LAD.EXE [2014-11-30 60384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV64.sys;c:\windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x]
R1 SysLib0;SysLib0;c:\windows\System32\Drivers\SysLib0.sys;c:\windows\SYSNATIVE\Drivers\SysLib0.sys [x]
R1 SysLib1;SysLib1;c:\windows\System32\Drivers\SysLib1.sys;c:\windows\SYSNATIVE\Drivers\SysLib1.sys [x]
R1 SysLib2;SysLib2;c:\windows\System32\Drivers\SysLib2.sys;c:\windows\SYSNATIVE\Drivers\SysLib2.sys [x]
R1 SysLib3;SysLib3;c:\windows\System32\Drivers\SysLib3.sys;c:\windows\SYSNATIVE\Drivers\SysLib3.sys [x]
R1 SysLib4;SysLib4;c:\windows\System32\Drivers\SysLib4.sys;c:\windows\SYSNATIVE\Drivers\SysLib4.sys [x]
R1 SysLib5;SysLib5;c:\windows\System32\Drivers\SysLib5.sys;c:\windows\SYSNATIVE\Drivers\SysLib5.sys [x]
R1 SysLib6;SysLib6;c:\windows\System32\Drivers\SysLib6.sys;c:\windows\SYSNATIVE\Drivers\SysLib6.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service; [x]
R2 MBAMScheduler;MBAMScheduler;e:\huy\Malwarebytes Anti-Malware\mbamscheduler.exe;e:\huy\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;e:\huy\Malwarebytes Anti-Malware\mbamservice.exe;e:\huy\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 MSSQL$HUY;SQL Server (HUY);e:\huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\sqlservr.exe;e:\huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\sqlservr.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 cxasbt;cxasbt;d:\duy\GAMES\AvatarStarVN\avital\cxbtf64.sys;d:\duy\GAMES\AvatarStarVN\avital\cxbtf64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;d:\games\LienMinhHuyenThoai\GameData\Room\safedrv.sys;d:\games\LienMinhHuyenThoai\GameData\Room\safedrv.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Ndisrd;WinpkFilter Service;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R4 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0200.sys [x]
R4 SQLAgent$HUY;SQL Server Agent (HUY);e:\huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\SQLAGENT.EXE;e:\huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\SQLAGENT.EXE [x]
R4 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R4 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BkavHomeUpdateService;BkavHomeUpdateService;c:\program files (x86)\BkavHome\BkavHomeUpdateService.exe;c:\program files (x86)\BkavHome\BkavHomeUpdateService.exe [x]
S2 BkavService;BkavService;c:\windows\system32\BkavService.exe;c:\windows\SYSNATIVE\BkavService.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-20 09:19 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.

 

[Troubling]

Contents of the 'Scheduled Tasks' folder
.
2015-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-09 10:48]
.
2015-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-14 02:13]
.
2015-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-14 02:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-03-04 22:27 185824 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-03-04 22:27 185824 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-03-04 22:27 185824 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-03-04 22:27 185824 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-03-04 22:27 185824 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-03-04 22:27 185824 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-03-04 22:27 185824 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-03-04 22:27 185824 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-03-22 05:21 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 07:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 07:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 07:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 07:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 07:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Chew7Hale"="c:\windows\System32\hale.exe" [2012-11-07 2169856]
.
------- Supplementary Scan -------
.
uStart Page = 00
mDefault_Search_URL = 00
mDefault_Page_URL = 00
mStart Page = 00
mSearch Page = 00
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D0ED8A5C-3945-4A08-9E15-4394A60F2552}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{D0ED8A5C-3945-4A08-9E15-4394A60F2552}\155716E67602849656E6: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{D0ED8A5C-3945-4A08-9E15-4394A60F2552}\175716E676869656E613: NameServer = 208.67.222.222,208.67.220.220
Handler: bksa - {AFBCA127-FD48-4FF5-B523-0E0DB4B8C295} - c:\program files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Eusing Free Registry Cleaner - e:\huy\Ze\EUSING~1\UNWISE.EXE
AddRemove-Guitar Pro 5_is1 - d:\duy\UNG DUNG\Guitar Pro 5\unins000.exe
AddRemove-Mozilla Firefox 25.0 (x86 en-US) - c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
AddRemove-Teenage Mutant Ninja Turtles: Out of the Shadows_is1 - d:\games\Teenage_Mutant_Ninja_Turtles_Out_of_the_Shadows-FLT\TMNT-OotS\unins000.exe
AddRemove-The Witcher 2 - Assassins of Kings Enhanced Edition_is1 - d:\games\New folder\The Witcher 2 Enhanced Edition\unins000.exe
AddRemove-VirtuallTek Fighter Factory Classic_is1 - e:\huy\Mugen\FF\Fighter Factory Classic\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\BkavService.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
d:\games\LienMinhHuyenThoai\GameData\ggdllhost.exe
.
**************************************************************************
.
Completion time: 2015-03-23 20:34:18 - machine was rebooted
ComboFix-quarantined-files.txt 2015-03-23 13:34
.
Pre-Run: 10.078.175.232 bytes free
Post-Run: 13.018.177.536 bytes free
.
- - End Of File - - 6D1CAB53C12802B339FE4EF6D104D2A5
A36C5E4F47E84449FF07ED3517B43A31

 

[Broni]

Your computer is still infected.

I uninstall malware byte and avast and everything run fast again

Re-read my rules I posted in my first reply, especially:
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
You can't be running computer without any AV program. Reinstall Avast.

Next....

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\drivers\wqjbnkgz.sys
c:\windows\SysWow64\tasks.dll
c:\windows\System32\hale.exe

Folder::

Driver::
wqjbnkgz

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chew7Hale"=-

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[Troubling]

Well I don't know about your computer but my run extremely slow when avast is there . Basically I took more than 10 min to type just this much if it were there and that definitely not helping me . I'll reinstall and test it again to see if its still slow me down but if its does there's nothing I can do about it , its my computer spec that cause its and not the virus .