Solved Sound coming out of nowhere

Command switches used :: c:\users\admin\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\drivers\wqjbnkgz.sys"
"c:\windows\System32\hale.exe"
"c:\windows\SysWow64\tasks.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
c:\programdata\ntuser.pol
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\Fonts\Vn.Fon
c:\windows\system32\drivers\wqjbnkgz.sys
c:\windows\System32\hale.exe
c:\windows\SysWow64\drivers\BkavAuto.sys
c:\windows\SysWow64\drivers\SysLib.sys
c:\windows\SysWow64\tasks.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WQJBNKGZ
-------\Service_BkavAuto
-------\Service_SysLib
.
.
((((((((((((((((((((((((( Files Created from 2015-02-26 to 2015-03-26 )))))))))))))))))))))))))))))))
.
.
2015-03-26 07:59 . 2015-03-26 07:59 -------- d-----w- c:\users\MSSQL$HUY\AppData\Local\temp
2015-03-26 07:59 . 2015-03-26 07:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-23 14:16 . 2015-03-23 14:16 -------- d-s---w- c:\windows\SysWow64\Microsoft
2015-03-22 05:44 . 2015-03-22 06:25 -------- d-----w- c:\users\admin\AppData\Roaming\Dropbox
2015-03-22 05:24 . 2015-03-22 05:37 -------- d-----w- c:\windows\SysWow64\vbox
2015-03-22 05:24 . 2015-03-22 05:37 -------- d-----w- c:\windows\system32\vbox
2015-03-22 05:16 . 2015-03-23 14:42 -------- d-----w- c:\programdata\AVAST Software
2015-03-20 14:52 . 2015-03-23 14:21 -------- d-----w- c:\users\admin\AppData\Roaming\BitTorrent
2015-03-20 03:36 . 2015-03-20 03:38 -------- d-----w- C:\AdwCleaner
2015-03-20 02:54 . 2015-03-20 02:54 -------- d-----w- c:\programdata\Malwarebytes
2015-03-20 02:41 . 2015-03-20 02:41 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-20 02:41 . 2015-03-20 02:57 -------- d-----w- c:\programdata\RogueKiller
2015-03-20 02:20 . 2015-03-20 02:20 0 ----a-w- c:\windows\SysWow64\link.sys
2015-03-20 02:11 . 2015-03-20 02:11 -------- d-----w- c:\users\admin\AppData\Roaming\Bkav2009
2015-03-20 02:08 . 2015-03-23 13:34 -------- d-----w- c:\users\Temp
2015-03-19 03:33 . 2015-03-19 03:35 -------- d-----w- C:\FRST
2015-03-16 10:01 . 2015-03-16 10:01 -------- d-----w- c:\program files (x86)\Realtek
2015-03-16 10:01 . 2010-05-07 02:42 245280 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2015-03-16 10:01 . 2015-03-16 10:01 -------- d-----w- C:\DRIVERS
2015-03-13 12:07 . 2014-11-14 14:15 23752 ----a-w- c:\windows\SysWow64\drivers\efimon.sys
2015-03-13 12:05 . 2015-03-13 12:05 -------- d-sh--w- c:\programdata\360Quarant
2015-03-12 11:00 . 2015-03-14 14:11 -------- d-----w- c:\programdata\PopCap Games
2015-03-12 10:56 . 2015-03-14 14:10 -------- d-----w- c:\program files (x86)\Opera
2015-03-12 10:56 . 2015-03-13 15:51 -------- d-----w- c:\program files (x86)\360
2015-03-12 02:42 . 2015-03-12 02:42 -------- d-----w- c:\users\admin\AppData\Roaming\JAM Software
2015-03-08 11:16 . 2015-03-08 11:16 -------- d-----w- c:\users\admin\AppData\Roaming\Tencent
2015-03-06 03:17 . 2015-03-06 03:17 -------- d-----w- c:\programdata\Microsoft Visual Studio
2015-03-06 02:41 . 2015-03-06 02:41 2562208 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2015-03-06 02:36 . 2015-03-06 02:36 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-03-06 02:34 . 2015-03-06 02:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2015-03-06 02:34 . 2015-03-06 02:34 -------- d-----w- c:\program files\Application Verifier
2015-03-06 02:34 . 2015-03-06 02:34 -------- d-----w- c:\program files (x86)\Application Verifier
2015-03-06 02:34 . 2015-03-06 02:34 -------- d-----w- c:\programdata\Windows App Certification Kit
2015-03-06 02:33 . 2015-03-06 02:33 -------- d-----w- c:\program files (x86)\Common Files\Microsoft
2015-03-06 02:32 . 2015-03-06 02:32 -------- d-----w- c:\programdata\PreEmptive Solutions
2015-03-06 02:30 . 2015-03-06 02:31 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2015-03-06 02:30 . 2015-03-06 02:30 -------- d-----w- c:\program files (x86)\Microsoft Web Tools
2015-03-06 02:30 . 2015-03-06 02:30 -------- d-----w- c:\program files\Microsoft
2015-03-06 02:29 . 2015-03-06 02:29 -------- d-----w- c:\program files\IIS Express
2015-03-06 02:29 . 2015-03-06 02:29 -------- d-----w- c:\program files (x86)\IIS Express
2015-03-06 02:29 . 2015-03-06 02:29 -------- d-----w- c:\program files (x86)\NuGet
2015-03-06 02:28 . 2015-03-06 02:28 -------- d-----w- c:\program files (x86)\Microsoft WCF Data Services
2015-03-06 02:28 . 2015-03-06 02:28 -------- d-----w- c:\program files\IIS
2015-03-06 02:28 . 2015-03-06 02:28 -------- d-----w- c:\program files (x86)\IIS
2015-03-06 02:26 . 2015-03-06 02:26 -------- d-----w- c:\program files (x86)\Windows Kits
2015-03-06 02:20 . 2015-03-06 02:20 -------- d-----w- c:\program files (x86)\HTML Help Workshop
2015-03-06 02:20 . 2015-03-06 02:20 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer
2015-03-06 02:12 . 2015-03-06 02:12 -------- d-----w- c:\windows\symbols
2015-03-06 02:12 . 2015-03-06 02:12 -------- d-----w- c:\program files\Microsoft Visual Studio 11.0
2015-03-06 02:08 . 2015-03-06 02:08 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-06 02:37 . 2014-10-08 02:26 84448 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2015-02-15 15:40 . 2015-02-06 15:42 239104 ----a-w- c:\windows\mlwps.exe
2015-02-02 12:15 . 2009-08-18 05:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2015-02-02 12:13 . 2009-08-18 04:24 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2012-11-07 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-11-07 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UniKey"="c:\unikey 4.0 rc2 win64\UniKeyNT.exe" [2009-11-01 316928]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-24 6595928]
"GarenaPlus"="d:\games\LienMinhHuyenThoai\GameData\GarenaMessenger.exe" [2015-01-20 9981528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Service"="d:\duy\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe" [2011-09-09 247016]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-10-16 291648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-04 343168]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"BkavHome"="c:\program files (x86)\BkavHome\BkavHome.exe" [2015-01-14 2435584]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-3-29 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP3000 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB3LAD.EXE [2014-11-30 60384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV64.sys;c:\windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x]
R1 SysLib0;SysLib0;c:\windows\System32\Drivers\SysLib0.sys;c:\windows\SYSNATIVE\Drivers\SysLib0.sys [x]
R1 SysLib1;SysLib1;c:\windows\System32\Drivers\SysLib1.sys;c:\windows\SYSNATIVE\Drivers\SysLib1.sys [x]
R1 SysLib2;SysLib2;c:\windows\System32\Drivers\SysLib2.sys;c:\windows\SYSNATIVE\Drivers\SysLib2.sys [x]
R1 SysLib3;SysLib3;c:\windows\System32\Drivers\SysLib3.sys;c:\windows\SYSNATIVE\Drivers\SysLib3.sys [x]
R1 SysLib4;SysLib4;c:\windows\System32\Drivers\SysLib4.sys;c:\windows\SYSNATIVE\Drivers\SysLib4.sys [x]
R1 SysLib5;SysLib5;c:\windows\System32\Drivers\SysLib5.sys;c:\windows\SYSNATIVE\Drivers\SysLib5.sys [x]
R1 SysLib6;SysLib6;c:\windows\System32\Drivers\SysLib6.sys;c:\windows\SYSNATIVE\Drivers\SysLib6.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service; [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 cxasbt;cxasbt;d:\duy\GAMES\AvatarStarVN\avital\cxbtf64.sys;d:\duy\GAMES\AvatarStarVN\avital\cxbtf64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;d:\games\LienMinhHuyenThoai\GameData\Room\safedrv.sys;d:\games\LienMinhHuyenThoai\GameData\Room\safedrv.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 Ndisrd;WinpkFilter Service;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R4 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0200.sys [x]
R4 SQLAgent$HUY;SQL Server Agent (HUY);e:\huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\SQLAGENT.EXE;e:\huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\SQLAGENT.EXE [x]
R4 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R4 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 BkavHomeUpdateService;BkavHomeUpdateService;c:\program files (x86)\BkavHome\BkavHomeUpdateService.exe;c:\program files (x86)\BkavHome\BkavHomeUpdateService.exe [x]
S2 BkavService;BkavService;c:\windows\system32\BkavService.exe;c:\windows\SYSNATIVE\BkavService.exe [x]
S2 MSSQL$HUY;SQL Server (HUY);e:\huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\sqlservr.exe;e:\huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\sqlservr.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-20 09:19 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-09 10:48]
.
2015-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-14 02:13]
.
2015-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-14 02:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 07:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 07:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 07:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 07:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 07:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
.
------- Supplementary Scan -------
.
uStart Page = 00
mDefault_Search_URL = 00
mDefault_Page_URL = 00
mStart Page = 00
mSearch Page = 00
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D0ED8A5C-3945-4A08-9E15-4394A60F2552}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{D0ED8A5C-3945-4A08-9E15-4394A60F2552}\155716E67602849656E6: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{D0ED8A5C-3945-4A08-9E15-4394A60F2552}\175716E676869656E613: NameServer = 208.67.222.222,208.67.220.220
Handler: bksa - {AFBCA127-FD48-4FF5-B523-0E0DB4B8C295} - c:\program files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Eusing Free Registry Cleaner - e:\huy\Ze\EUSING~1\UNWISE.EXE
AddRemove-Guitar Pro 5_is1 - d:\duy\UNG DUNG\Guitar Pro 5\unins000.exe
AddRemove-Mozilla Firefox 25.0 (x86 en-US) - c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
AddRemove-Teenage Mutant Ninja Turtles: Out of the Shadows_is1 - d:\games\Teenage_Mutant_Ninja_Turtles_Out_of_the_Shadows-FLT\TMNT-OotS\unins000.exe
AddRemove-The Witcher 2 - Assassins of Kings Enhanced Edition_is1 - d:\games\New folder\The Witcher 2 Enhanced Edition\unins000.exe
AddRemove-VirtuallTek Fighter Factory Classic_is1 - e:\huy\Mugen\FF\Fighter Factory Classic\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\BkavService.exe
d:\games\LienMinhHuyenThoai\GameData\ggdllhost.exe
.
**************************************************************************
.
Completion time: 2015-03-26 15:11:16 - machine was rebooted
ComboFix-quarantined-files.txt 2015-03-26 08:11
ComboFix2.txt 2015-03-23 13:34
.
Pre-Run: 12.348.334.080 bytes free
Post-Run: 13.574.279.168 bytes free
.
- - End Of File - - 0171D9D32E743BC4054E84FD4871FAB2
A36C5E4F47E84449FF07ED3517B43A31
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Before continue I would like to say that I can tolerate infection to some degree as long as it doesn't make me feel too uncomfortable , there's no such thing as a completely clean computer as its will get infected again here and there after this so you don't need to try so hard to wipe everything .

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by admin (administrator) on ADMIN-PC on 27-03-2015 08:53:11
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available profiles: admin & MSSQL$HUY)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bkav Corporation) C:\Program Files (x86)\BkavHome\BkavHomeUpdateService.exe
(Bkav Corporation) C:\Windows\SysWOW64\BkavService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe
(CANON INC.) C:\Windows\System32\CNAB3RPD.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe
() D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe
(CyberLink Corp.) D:\DUY\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Foxit Corporation) C:\Users\admin\AppData\Local\Temp\Foxit Reader Updater.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2057000 2010-02-18] (Synaptics Incorporated)
HKLM-x32\...\Run: [YouCam Service] => D:\DUY\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-10-16] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BkavHome] => C:\Program Files (x86)\BkavHome\BkavHome.exe [2435584 2015-01-14] (Bkav Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [UniKey] => C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe [316928 2009-11-02] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [GarenaPlus] => D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe [9981528 2015-01-20] ()
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP3000 Status Window.lnk
ShortcutTarget: Canon LBP3000 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB3LAD.EXE (CANON INC.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 0x00
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-04-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-04-04] (Oracle Corporation)
BHO-x32: BkavSiteAdvisorEngine Class -> {2876549C-1023-4AA0-82FF-8ED7112D5269} -> C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll [2014-04-03] (Bkav Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> E:\Huy\Window\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-16] (Oracle Corporation)
Handler-x32: bksa - {AFBCA127-FD48-4FF5-B523-0E0DB4B8C295} - C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll [2014-04-03] (Bkav Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D0ED8A5C-3945-4A08-9E15-4394A60F2552}: [NameServer] 208.67.222.222,208.67.220.220

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll [2012-11-09] ()
FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\Windows\system32\npDeployJava1.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll [2012-11-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> D:\DUY\GAMES\HaG\Heroes & Generals\live\npretoxlive.dll No File
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-11-04] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @t.garena.com/garenatalk -> D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-21] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: xyzgl-plugin@xyz-soft.com -> C:\Program Files (x86)\Fairy Tail 3D\npxyzgl.dll No File
FF HKLM-x32\...\Firefox\Extensions: [bkavsiteadvisor@bkav.com.vn] - C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox
FF Extension: Bkav SiteAdvisor - C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox [2014-09-17]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-16]
CHR Extension: (NAVER Vietnam Toolbar for Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfgmhilhjkklfkcopoogicgkbpnocdoe [2015-03-20]
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (Bkav SiteAdvisor) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcnancbdijenfaameanloddnkbjhfaal [2015-03-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-09-27]
CHR HKLM-x32\...\Chrome\Extension: [mfgmhilhjkklfkcopoogicgkbpnocdoe] - C:\Program Files (x86)\Naver\NaverChromeToolbar\naver_chrome_toolbar_vn_win.crx [2012-09-05]
CHR HKLM-x32\...\Chrome\Extension: [pcnancbdijenfaameanloddnkbjhfaal] - C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavChrSiteAdvisor.crx [2014-09-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BkavHomeUpdateService; C:\Program Files (x86)\BkavHome\BkavHomeUpdateService.exe [1593344 2014-07-01] (Bkav Corporation) [File not signed]
R2 BkavService; C:\Windows\SysWOW64\BkavService.exe [291616 2014-07-01] (Bkav Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-21] (Intel Corporation)
S2 MSSQL$HUY; E:\Huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2012-11-07] (Microsoft Corporation) [File not signed]
S4 SQLAgent$HUY; E:\Huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
S2 HiPatchService; No ImagePath
 
==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R1 ISODrive; D:\DUY\UNG DUNG\UltraISO\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-10-25] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-20] ()
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-10-11] (Oracle Corporation)
S3 VSPerfDrv110; E:\Huy\Window\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S0 BkavAuto; \SystemRoot\System32\Drivers\BkavAuto.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cxasbt; \??\D:\DUY\GAMES\AvatarStarVN\avital\cxbtf64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\D:\GAMES\LienMinhHuyenThoai\GameData\Room\safedrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 RSUSBVSTOR; System32\Drivers\RtsUVStor.sys [X]
S1 SysLib; \SystemRoot\System32\Drivers\SysLib.sys [X]
S1 SysLib0; \SystemRoot\System32\Drivers\SysLib0.sys [X]
S1 SysLib1; \SystemRoot\System32\Drivers\SysLib1.sys [X]
S1 SysLib2; \SystemRoot\System32\Drivers\SysLib2.sys [X]
S1 SysLib3; \SystemRoot\System32\Drivers\SysLib3.sys [X]
S1 SysLib4; \SystemRoot\System32\Drivers\SysLib4.sys [X]
S1 SysLib5; \SystemRoot\System32\Drivers\SysLib5.sys [X]
S1 SysLib6; \SystemRoot\System32\Drivers\SysLib6.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-27 08:53 - 2015-03-27 08:53 - 00018624 _____ () C:\Users\admin\Desktop\FRST.txt
2015-03-27 08:52 - 2015-03-27 08:50 - 02095616 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2015-03-27 07:43 - 2015-03-27 07:43 - 00000000 _____ () C:\Users\admin\AppData\Local\{D70E9710-E4B3-48F2-91B0-296BE07FCA2F}
2015-03-26 15:11 - 2015-03-26 15:11 - 00025563 _____ () C:\ComboFix.txt
2015-03-23 20:26 - 2015-03-27 08:11 - 00003508 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_admin
2015-03-23 19:47 - 2015-03-26 15:11 - 00000000 ____D () C:\Qoobox
2015-03-23 19:47 - 2015-03-26 14:59 - 00000000 ____D () C:\Windows\erdnt
2015-03-23 19:47 - 2011-06-26 13:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-23 19:47 - 2010-11-08 00:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-23 19:47 - 2009-04-20 11:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-23 19:47 - 2000-08-31 07:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-23 19:47 - 2000-08-31 07:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-23 19:47 - 2000-08-31 07:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-23 19:47 - 2000-08-31 07:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-23 19:47 - 2000-08-31 07:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-23 19:44 - 2015-03-23 19:38 - 05616289 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2015-03-22 17:45 - 2015-03-22 17:45 - 00073822 _____ () C:\Windows\SysWOW64\replay_pid1512.log
2015-03-22 17:45 - 2015-03-22 17:45 - 00013900 _____ () C:\Windows\SysWOW64\hs_err_pid1512.log
2015-03-22 17:41 - 2015-03-22 17:41 - 00073783 _____ () C:\Windows\SysWOW64\replay_pid1900.log
2015-03-22 17:41 - 2015-03-22 17:41 - 00013909 _____ () C:\Windows\SysWOW64\hs_err_pid1900.log
2015-03-22 17:34 - 2015-03-22 17:34 - 00018672 _____ () C:\Windows\SysWOW64\hs_err_pid2348.log
2015-03-22 12:44 - 2015-03-22 13:25 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Dropbox
2015-03-22 12:24 - 2015-03-22 12:37 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-03-22 12:24 - 2015-03-22 12:37 - 00000000 ____D () C:\Windows\system32\vbox
2015-03-22 12:16 - 2015-03-27 08:10 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-20 21:52 - 2015-03-23 21:21 - 00000000 ____D () C:\Users\admin\AppData\Roaming\BitTorrent
2015-03-20 20:01 - 2015-03-23 20:19 - 442985434 _____ () C:\Windows\MEMORY.DMP
2015-03-20 10:36 - 2015-03-20 10:38 - 00000000 ____D () C:\AdwCleaner
2015-03-20 09:54 - 2015-03-20 09:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-20 09:41 - 2015-03-20 09:57 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-20 09:41 - 2015-03-20 09:41 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-20 09:31 - 2015-03-27 08:10 - 00858360 _____ () C:\Windows\PFRO.log
2015-03-20 09:20 - 2015-03-20 09:20 - 00000000 _____ () C:\Windows\SysWOW64\link.sys
2015-03-20 09:11 - 2015-03-20 09:11 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Bkav2009
2015-03-20 09:08 - 2015-03-23 20:34 - 00000000 ____D () C:\Users\Temp
2015-03-20 09:07 - 2015-03-20 09:07 - 00003082 _____ () C:\Windows\System32\Tasks\{D5177AAC-BCE9-4AC3-9CEE-C90751DA6BF6}
2015-03-19 10:33 - 2015-03-27 08:53 - 00000000 ____D () C:\FRST
2015-03-19 09:05 - 2015-03-27 08:10 - 00001736 _____ () C:\Windows\setupact.log
2015-03-19 09:05 - 2015-03-19 09:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-16 17:01 - 2015-03-16 17:01 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-03-16 17:01 - 2010-05-07 09:42 - 00245280 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys
2015-03-14 21:13 - 2015-03-14 21:13 - 00000769 _____ () C:\Users\admin\Desktop\Dynomite!™ Deluxe.lnk
2015-03-13 19:07 - 2014-11-14 21:15 - 00023752 _____ (360安全中心) C:\Windows\SysWOW64\Drivers\efimon.sys
2015-03-13 19:05 - 2015-03-13 19:05 - 00000000 __SHD () C:\ProgramData\360Quarant
2015-03-12 18:00 - 2015-03-14 21:11 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-03-12 17:56 - 2015-03-14 21:10 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-12 17:56 - 2015-03-13 22:51 - 00000000 ____D () C:\Program Files (x86)\360
2015-03-12 17:55 - 2015-03-12 18:00 - 03874920 _____ () C:\Users\admin\Downloads\DynomiteSetup-en [1].exe
2015-03-12 10:00 - 2015-03-12 10:00 - 00003054 _____ () C:\Windows\System32\Tasks\{947472E8-A5D0-4F35-93FF-E7BD403CCB40}
2015-03-12 09:42 - 2015-03-12 09:42 - 00000000 ____D () C:\Users\admin\AppData\Roaming\JAM Software
2015-03-08 18:16 - 2015-03-08 18:16 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Tencent
2015-03-06 10:17 - 2015-03-06 10:17 - 00000000 ____D () C:\ProgramData\Microsoft Visual Studio
2015-03-06 09:39 - 2015-03-26 11:20 - 00000000 ____D () C:\Users\admin\Documents\Visual Studio 2012
2015-03-06 09:36 - 2015-03-06 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-06 09:36 - 2015-03-06 09:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-06 09:35 - 2015-03-06 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
2015-03-06 09:35 - 2015-03-06 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
2015-03-06 09:34 - 2015-03-06 09:34 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
2015-03-06 09:34 - 2015-03-06 09:34 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2015-03-06 09:34 - 2015-03-06 09:34 - 00000000 ____D () C:\Program Files\Application Verifier
2015-03-06 09:34 - 2015-03-06 09:34 - 00000000 ____D () C:\Program Files (x86)\Application Verifier
2015-03-06 09:33 - 2015-03-06 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-03-06 09:32 - 2015-03-06 09:32 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions
2015-03-06 09:30 - 2015-03-06 09:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-03-06 09:30 - 2015-03-06 09:30 - 00002059 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
2015-03-06 09:30 - 2015-03-06 09:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools
2015-03-06 09:29 - 2015-03-06 09:29 - 00000000 ____D () C:\Program Files\IIS Express
2015-03-06 09:29 - 2015-03-06 09:29 - 00000000 ____D () C:\Program Files (x86)\NuGet
2015-03-06 09:29 - 2015-03-06 09:29 - 00000000 ____D () C:\Program Files (x86)\IIS Express
2015-03-06 09:28 - 2015-03-06 09:28 - 00000000 ____D () C:\Program Files\IIS
2015-03-06 09:28 - 2015-03-06 09:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft WCF Data Services
2015-03-06 09:28 - 2015-03-06 09:28 - 00000000 ____D () C:\Program Files (x86)\IIS
2015-03-06 09:26 - 2015-03-06 09:26 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2015-03-06 09:20 - 2015-03-06 09:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
2015-03-06 09:20 - 2015-03-06 09:20 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop
2015-03-06 09:12 - 2015-03-06 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
2015-03-06 09:12 - 2015-03-06 09:12 - 00000000 ____D () C:\Windows\symbols
2015-03-06 09:12 - 2015-03-06 09:12 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 11.0
2015-03-03 11:58 - 2015-03-03 11:58 - 00000000 ____D () C:\Users\admin\AppData\Roaming\WinRAR
2015-02-28 21:59 - 2015-02-28 21:53 - 15071148 _____ () C:\Users\admin\Documents\Capture_20150228.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-27 08:47 - 2009-07-14 12:13 - 00908038 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-27 08:40 - 2012-11-09 17:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-27 08:30 - 2012-11-07 08:44 - 01538753 _____ () C:\Windows\WindowsUpdate.log
2015-03-27 08:19 - 2012-12-03 01:35 - 00000984 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-27 08:16 - 2012-11-07 11:46 - 00000000 ____D () C:\Users\admin\AppData\Roaming\GarenaPlus
2015-03-27 08:16 - 2012-11-07 11:46 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2015-03-27 08:13 - 2012-11-08 10:22 - 00003484 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-03-27 08:11 - 2012-12-03 01:35 - 00000980 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-27 08:10 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-27 08:09 - 2009-07-14 11:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-27 08:09 - 2009-07-14 11:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-27 08:08 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-27 07:53 - 2013-08-11 20:56 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps
2015-03-27 07:40 - 2014-10-08 08:18 - 00000000 ____D () C:\Users\MSSQL$HUY
2015-03-26 15:06 - 2009-07-14 09:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-23 20:34 - 2009-07-14 10:20 - 00000000 __RHD () C:\Users\Default
2015-03-23 20:19 - 2013-03-17 22:30 - 00000000 ____D () C:\Windows\Minidump
2015-03-23 20:06 - 2012-11-07 08:39 - 00000000 ____D () C:\Users\admin
2015-03-23 10:40 - 2009-07-14 12:08 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-22 17:54 - 2013-08-07 22:25 - 00000014 _____ () C:\Windows\popcinfo.dat
2015-03-20 21:44 - 2014-01-01 15:04 - 00001515 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2015-03-20 16:22 - 2014-01-25 08:20 - 00002299 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-20 10:38 - 2015-01-16 22:40 - 00000000 ____D () C:\Windows\system32\log
2015-03-20 10:38 - 2014-08-16 22:39 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-03-20 10:38 - 2014-01-01 15:04 - 00001338 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2015-03-20 10:38 - 2014-01-01 15:04 - 00000966 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-20 10:38 - 2012-11-07 10:04 - 00000948 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-20 10:38 - 2012-11-07 08:40 - 00001204 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-20 10:38 - 2012-11-07 08:40 - 00000989 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-03-20 10:26 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\registration
2015-03-20 10:25 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system
2015-03-20 09:34 - 2014-09-17 23:22 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Backup
2015-03-20 09:06 - 2009-07-14 09:34 - 00000580 _____ () C:\Windows\win.ini
2015-03-16 20:31 - 2013-07-14 21:43 - 00000000 ____D () C:\Users\admin\Documents\Youcam
2015-03-16 17:02 - 2012-11-07 08:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-14 21:13 - 2013-02-09 11:55 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-03-14 21:10 - 2009-07-14 12:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-12 10:17 - 2013-07-18 16:44 - 00000000 ____D () C:\Users\admin\Documents\My Games
2015-03-10 23:23 - 2014-01-30 21:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-10 18:29 - 2013-06-25 20:52 - 00002384 _____ () C:\Users\admin\Desktop\Cốc Cốc.lnk
2015-03-08 18:19 - 2015-02-18 17:50 - 00000000 ____D () C:\Users\admin\AppData\Roaming\VNG
2015-03-06 10:07 - 2012-11-07 08:41 - 00142704 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-06 10:05 - 2009-07-14 11:45 - 00538440 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-06 09:36 - 2014-10-08 09:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2015-03-06 09:34 - 2012-11-07 08:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-03-06 09:32 - 2009-07-14 12:32 - 00000000 ____D () C:\Program Files\MSBuild
2015-03-06 09:23 - 2014-10-08 08:13 - 00000000 ____D () C:\Windows\SysWOW64\1033
2015-03-06 09:20 - 2009-07-14 12:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-03-06 09:15 - 2009-07-14 10:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-06 09:12 - 2014-10-08 08:13 - 00000000 ____D () C:\Windows\system32\1033
2015-03-06 09:12 - 2013-03-23 10:35 - 00000000 ____D () C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2012-11-27 00:24 - 2014-01-31 10:30 - 0014336 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-10 14:34 - 2014-02-10 14:34 - 0064116 _____ () C:\Users\admin\AppData\Local\rational_state.log
2014-04-18 10:41 - 2014-04-18 10:41 - 0002556 _____ () C:\Users\admin\AppData\Local\recently-used.xbel
2014-01-25 07:41 - 2014-01-25 07:41 - 0000017 _____ () C:\Users\admin\AppData\Local\resmon.resmoncfg
2015-03-27 07:43 - 2015-03-27 07:43 - 0000000 _____ () C:\Users\admin\AppData\Local\{D70E9710-E4B3-48F2-91B0-296BE07FCA2F}
2012-11-07 11:45 - 2012-11-07 11:45 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\Checkupdate.exe
C:\Users\admin\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\admin\AppData\Local\Temp\gcapi_dll.dll
C:\Users\admin\AppData\Local\Temp\gtapi_signed.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-26 17:59

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by admin at 2015-03-27 08:53:49
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{C05A4975-B08D-26FA-C153-D6BBFF579705}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
BkavHome Free Edition (HKLM-x32\...\BkavHome) (Version: - )
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Canon LBP3000 (HKLM\...\Canon LBP3000) (Version: - )
Castlevania: Lords of Shadow 2 (HKLM-x32\...\Q2FzdGxldmFuaWFMb3Jkc29mU2hhZG93Mg==_is1) (Version: 1 - )
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
ccTalk (HKLM-x32\...\{F768F6BA-F164-4599-BC26-DCCFC2F71983}_is1) (Version: 4.0.2 - ccTalk)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
C-Free 4 Professional (HKLM-x32\...\C-Free 4_is1) (Version: - Program Arts)
Cốc Cốc (HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\CocCocBrowser) (Version: 40.0.2214.121 - Đơn vị chủ quản Cốc Cốc)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Dynomite Deluxe (HKLM-x32\...\Dynomite Deluxe) (Version: - )
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
Eusing Free Registry Cleaner (HKLM-x32\...\Eusing Free Registry Cleaner) (Version: - Eusing Software)
Fighter Factory Classic (HKLM-x32\...\VirtuallTek Fighter Factory Classic_is1) (Version: 1.2.0.2010 - VirtuallTek Systems)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.26.7 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IBM Rational Rose Enterprise Edition (HKLM-x32\...\{22D66ACE-E0A1-482E-B797-0A6A377D3E91}) (Version: 7.0.0.0 - Rational Software)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{54EB8041-1115-4406-AA4B-44D236E84B3B}) (Version: 15.01.1000.0927 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 4 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170040}) (Version: 1.7.0.40 - Oracle)
Java(TM) 6 Update 16 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 7 Update 4 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417004FF}) (Version: 7.0.40 - Oracle)
Java(TM) SE Development Kit 6 Update 16 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160160}) (Version: 1.6.0.160 - Sun Microsystems, Inc.)
JavaFX 2.1.0 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-210648764D10}) (Version: 2.1.0 - Oracle Corporation)
JavaFX 2.1.0 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-210648764D10}) (Version: 2.1.0 - Oracle Corporation)
K-Lite Codec Pack 8.1.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.1.0 - )
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden
Metal Gear Rising: Revengeance (HKLM-x32\...\Metal Gear Rising: Revengeance_is1) (Version: - )
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31125 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{ae17ae9b-af38-40d2-a194-6102c56ed502}) (Version: 11.0.50727.26 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Mozilla Firefox 25.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0 (x86 en-US)) (Version: 25.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0 - Mozilla)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst_is1) (Version: - Namco Bandai Games)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Paint XP version 1.2 (HKLM-x32\...\{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1) (Version: 1.2 - MSPAINTXP.COM)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
PhotoZoom Professional 1.2.8 (HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\PhotoZoom Professional) (Version: 1.2.8 - BenVista Ltd)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30118 - Realtek Semiconductor Corp.)
RESIDENT EVIL 5 (HKLM-x32\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
Resident Evil 6 version 5.1 (HKLM-x32\...\{0BC95CC8-CFE7-4C60-9DBF-258443C3C6C6}_is1) (Version: 5.1 - Black_Box)
Resident Evil Revelations (HKLM-x32\...\Resident Evil Revelations_is1) (Version: - Capcom)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Star Wars Jedi Knight Jedi Academy (HKLM-x32\...\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}) (Version: - )
Star Wars Republic Commando (HKLM-x32\...\Star Wars Republic Commando_is1) (Version: - )
Street Fighter X Tekken (x32 Version: 1.0.0004.130 - CAPCOM U.S.A., INC) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.9.0 - Synaptics Incorporated)
Teenage Mutant Ninja Turtles: Out of the Shadows (HKLM-x32\...\Teenage Mutant Ninja Turtles: Out of the Shadows_is1) (Version: 1.0 - Activision)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.5.0.77 - KMP Media co., Ltd)
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\The Witcher 2 - Assassins of Kings Enhanced Edition_is1) (Version: - GOG.com)
TreeSize Free V3.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3 - JAM Software)
UltraISO Premium V9.33 (HKLM-x32\...\UltraISO_is1) (Version: - )
Unity Web Player (HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XSplit Broadcaster (HKLM-x32\...\{3678DA80-4221-457A-A7AB-F94264807883}) (Version: 1.3.1310.1103 - SplitMediaLabs)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
真・三國無双6 with 猛将伝 (HKLM-x32\...\InstallShield_{A804968F-4F32-4E02-98B2-5864EEB42903}) (Version: 1.00.0000 - TecmoKoei)
真・三國無双6 with 猛将伝 (x32 Version: 1.00.0000 - TecmoKoei) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000_Classes\CLSID\{5F63E8CB-8F57-490A-97FE-62BC2F2A5EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> No File Path

==================== Restore Points =========================

27-03-2015 08:08:42 avast! antivirus system restore point
27-03-2015 08:29:34 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-03-23 20:07 - 2015-03-26 15:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02125155-7DC8-4E26-9111-2B8936FDAE90} - System32\Tasks\{F749A93F-D823-4F5E-B664-7F9CB7C6799A} => D:\GAMES\***\Assassin's Creed IV Black Flag\AC4BFSP.exe
Task: {1177659E-4A61-4FA1-8FE1-50DD2A0F8AB8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-09] (Adobe Systems Incorporated)
Task: {1906FB2B-28E1-47E1-9E19-8034A1D6C581} - System32\Tasks\Escolade => C:\Users\admin\AppData\Roaming\iPumper\Updater.exe <==== ATTENTION
Task: {1BD6351D-5A36-4097-92F8-8164C1BEBD08} - System32\Tasks\{D5177AAC-BCE9-4AC3-9CEE-C90751DA6BF6} => pcalua.exe -a D:\C\Windows\BT\bai01.exe -d D:\C\Windows\BT
Task: {21073F1B-8B5E-4498-9837-45288B58B39C} - System32\Tasks\{947472E8-A5D0-4F35-93FF-E7BD403CCB40} => pcalua.exe -a E:\Huy\Originals\Uninstall.exe
Task: {34E1F3E8-2744-42E2-9F8D-F06EAC27A6AC} - System32\Tasks\{CA9F35EC-2E48-4ABC-AEC1-11B29843986A} => pcalua.exe -a "E:\Huy\Originals\PhotoZoom Professional Setup.exe" -d E:\Huy\Originals
Task: {37C445E6-35FA-4842-AD15-8DBCE118EE6D} - System32\Tasks\{E0FBBA98-E6F5-46B3-B365-F16C237A6636} => Chrome.exe http://ui.skype.com/ui/0/6.1.0.129.272/vi/abandoninstall?page=tsProgressBar
Task: {388A179F-8E20-48DB-846F-B0ED40B41749} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {395A3A50-DF1A-491A-9590-76B3591210A3} - System32\Tasks\{6578B33F-BE5C-40E3-8EB4-F017B59D7DCF} => pcalua.exe -a "D:\GAMES\SWCMR\Star Wars Republic Commando [CHK88]\Republic Commando [CHK88]\[PC-Full]-SW-Republic.Commando.exe" -d "D:\GAMES\SWCMR\Star Wars Republic Commando [CHK88]\Republic Commando [CHK88]"
Task: {3E812A51-75CE-467D-B2F4-01AFFAA1B629} - \Jelbrus Secure Web Task No Task File <==== ATTENTION
Task: {4617E916-92E8-473D-8720-2A35DF2439F5} - System32\Tasks\{67659D67-741B-43E0-9D5B-E630A49031FF} => pcalua.exe -a D:\GAMES\SWJK\JediAcademy.exe -d D:\GAMES\SWJK
Task: {4CB57C85-CB3A-4327-AC9F-DD029510D476} - \GPUP No Task File <==== ATTENTION
Task: {4FB0E6AE-831A-4E3B-A068-3DAAD92E6D6B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-14] (Google Inc.)
Task: {76DBC42B-88A3-4D89-B3AE-C9CBA33FC6BD} - System32\Tasks\DoctorPC_Popup => C:\Program Files (x86)\Doctor PC\Splash.exe
Task: {8041E7FA-BBC6-43F8-9E56-4F7ABCBE678D} - System32\Tasks\{9A49B636-3FD2-41DA-8332-19A9F882F665} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {8728697D-A8B8-4B94-BB3B-548DCA65ECE3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8B5BCFCB-DE58-47B0-ACA9-AD518FD2C21B} - System32\Tasks\{0D66A9C9-3137-43D8-9A9D-E4D394146DE5} => pcalua.exe -a "D:\DUY\GAMES\Zing speed\2S-setup-110.exe" -d "D:\DUY\GAMES\Zing speed"
Task: {B8820E18-028F-46AD-A13E-4CD572070045} - System32\Tasks\{87CAB124-17DE-4292-9BC4-7777ADEBDFCC} => Firefox.exe http://ui.skype.com/ui/0/6.0.0.126/vi/abandoninstall?page=tsProgressBar
Task: {BD004E3C-CAC0-4D2F-BBD1-52C839B243AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-14] (Google Inc.)
Task: {BE7770FC-4BD4-4DC7-889C-C882D59CEF81} - System32\Tasks\gg_uac_daemon_admin => D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe [2015-01-20] ()
Task: {DA255089-7810-409D-95B3-4ADAA0422A80} - System32\Tasks\{75323A41-E23B-480A-8EF4-9F8E63FB6719} => pcalua.exe -a "E:\Huy\Rational Rose\IBM.Rational.Rose.Enterprise.v7.0_Blog.HanhTrinhTuoiTre.Com\setup.exe" -d "E:\Huy\Rational Rose\IBM.Rational.Rose.Enterprise.v7.0_Blog.HanhTrinhTuoiTre.Com"
Task: {EF2397D0-6706-4C2D-A48B-626A88F0FC7E} - System32\Tasks\{503E338D-E662-45EC-8A2F-AD3C2880012F} => pcalua.exe -a D:\GAMES\SWJK\autorun.exe -d D:\GAMES\SWJK
Task: {F155C81B-6271-49A4-9B23-6C62609C9CED} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-11-08] ()
Task: {F2C596F2-F9E7-4E1C-BD63-7CB3F81A4071} - System32\Tasks\DoctorPC_Start => C:\Program Files (x86)\Doctor PC\DoctorPC.exe
Task: {F7975478-5CCD-4EA6-821F-5215613B4445} - System32\Tasks\{34BF06CC-4E30-4900-BD2E-832C2B1159D3} => pcalua.exe -a G:\OriginInstaller.exe -d G:\
Task: {FDD88101-8283-4EDB-AD70-3D2A03F6521E} - System32\Tasks\{3D6FE28C-B230-42D9-962E-44564AC9A66F} => pcalua.exe -a C:\Users\admin\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=irs <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============

2013-07-12 19:13 - 2015-01-20 19:20 - 00055896 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe
2012-11-07 10:27 - 2009-11-02 01:13 - 00296960 _____ () C:\UniKey 4.0 RC2 Win64\UKHook40.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-11-07 09:55 - 2012-03-19 15:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-07 10:27 - 2009-11-02 01:13 - 00316928 _____ () C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe
2013-06-29 11:53 - 2015-01-20 19:20 - 09981528 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe
2012-03-05 04:43 - 2012-03-05 04:43 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-12-13 16:10 - 2011-12-13 16:10 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00560216 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ggspawn.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00111192 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\CommonLib.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00040024 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\DibModule.dll
2013-06-29 11:53 - 2015-03-19 15:48 - 00034752 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\VersionModule.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00057944 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\FileLoader.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00093784 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\PluginKernel.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00493656 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\CxImage.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00031832 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\PluginModule.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00177240 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\fs\YYFileSystem.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00380504 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\Http.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00191064 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\MP3Module.dll
2013-06-29 11:53 - 2012-02-22 15:52 - 00162304 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lame_enc.DLL
2012-10-31 11:44 - 2015-01-20 19:20 - 00226392 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\TaskManagerLib.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00112728 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\UILayout.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00964696 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\XLL.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00061528 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\XmlUIModule.dll
2013-06-29 11:53 - 2012-02-22 15:52 - 00573100 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\sqlite3.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00231000 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Plugins\StatsPlugin.dll
2012-11-01 12:15 - 2015-01-28 11:04 - 00962136 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\Plugins\ggplugin.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00199256 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ImageModule.dll
2013-06-30 10:54 - 2015-01-20 19:20 - 00161880 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\libmpg123.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 02947672 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ggdownloader.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00072280 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\AudioMixerLib.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00023128 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\ClientTcp.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 01551960 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\FileSender.dll
2013-06-29 11:53 - 2013-02-01 12:42 - 00153088 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\libzmq.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00962648 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\GaFileTransfer.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00251480 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\MediaEngine.dll
2013-06-29 11:53 - 2015-01-20 19:20 - 00032856 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\ServerMemAlloc.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00523352 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\RSALib.dll
2012-10-31 11:44 - 2015-01-20 19:20 - 00074840 _____ () D:\GAMES\LienMinhHuyenThoai\GameData\lib\delay_load\UdtLib.dll
2013-03-08 12:17 - 2013-03-08 12:17 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\avcodec-54.dll
2013-03-08 12:17 - 2013-03-08 12:17 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\avutil-52.dll
2013-03-08 12:17 - 2013-03-08 12:17 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\avformat-54.dll
2013-03-08 12:17 - 2013-03-08 12:17 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\swscale-2.dll
2013-03-08 12:17 - 2013-03-08 12:17 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\swresample-0.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-10 18:29 - 2015-03-08 12:10 - 01116824 _____ () C:\Users\admin\AppData\Local\CocCoc\Browser\Application\40.0.2214.121\libglesv2.dll
2015-03-10 18:29 - 2015-03-08 12:10 - 00210584 _____ () C:\Users\admin\AppData\Local\CocCoc\Browser\Application\40.0.2214.121\libegl.dll
2015-03-10 18:29 - 2015-03-08 12:10 - 09171096 _____ () C:\Users\admin\AppData\Local\CocCoc\Browser\Application\40.0.2214.121\pdf.dll
2015-03-10 18:29 - 2015-03-08 12:10 - 14965064 _____ () C:\Users\admin\AppData\Local\CocCoc\Browser\Application\40.0.2214.121\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2C2F956A
AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMPPALR3 => 2
MSCONFIG\Services: BTHSSecurityMgr => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: PanService => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: ZeroConfigService => 2

==================== Accounts: =============================

admin (S-1-5-21-3818046159-3689817371-2580797029-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3818046159-3689817371-2580797029-500 - Administrator - Disabled)
Guest (S-1-5-21-3818046159-3689817371-2580797029-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3818046159-3689817371-2580797029-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/27/2015 08:12:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/27/2015 08:06:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/27/2015 08:05:37 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\AgRobust.db for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\Prefetch\AgRobust.db

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (03/27/2015 08:05:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
Exception code: 0xc0000006
Fault offset: 0x000000000001d143
Faulting process id: 0x20c
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (03/27/2015 07:54:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/27/2015 07:54:07 AM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error: (03/27/2015 07:53:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x800706b5, The interface is unknown.
.


Operation:
Subscribing Writer

Context:
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {56e5a45d-d649-419b-8f6e-d44801715ef2}

Error: (03/27/2015 07:53:39 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x800706b5, The interface is unknown.
]


Operation:
Subscribing Writer

Context:
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {56e5a45d-d649-419b-8f6e-d44801715ef2}

Error: (03/27/2015 07:53:16 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Bkav Home because of this error.

Program: Bkav Home
File: C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (03/27/2015 07:53:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BkavHome.exe, version: 1.0.0.6417, time stamp: 0x54b61b33
Faulting module name: COMCTL32.dll, version: 6.10.7601.17514, time stamp: 0x4ce7b71c
Exception code: 0xc0000006
Fault offset: 0x000906aa
Faulting process id: 0xe40
Faulting application start time: 0xBkavHome.exe0
Faulting application path: BkavHome.exe1
Faulting module path: BkavHome.exe2
Report Id: BkavHome.exe3


System errors:
=============
Error: (03/27/2015 08:11:42 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BkavAuto
SysLib
SysLib0
SysLib1
SysLib2
SysLib3
SysLib4
SysLib5
SysLib6

Error: (03/27/2015 08:11:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server (HUY) service failed to start due to the following error:
%%1053

Error: (03/27/2015 08:11:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SQL Server (HUY) service to connect.

Error: (03/27/2015 08:07:09 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error:
%%1056

Error: (03/27/2015 08:06:32 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Connections service, but this action failed with the following error:
%%1056

Error: (03/27/2015 08:06:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (03/27/2015 08:06:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (03/27/2015 08:06:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (03/27/2015 08:06:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (03/27/2015 08:06:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (03/27/2015 08:12:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/27/2015 08:06:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/27/2015 08:05:37 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\Prefetch\AgRobust.dbHost Process for Windows ServicesC00001853

Error: (03/27/2015 08:05:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000006000000000001d14320c01d068291143509aC:\Windows\System32\svchost.exec:\windows\system32\sysmain.dll60164ddd-d41d-11e4-98a5-685d43d1a3c5

Error: (03/27/2015 07:54:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/27/2015 07:54:07 AM) (Source: SecurityCenter) (EventID: 3) (User: )
Description:

Error: (03/27/2015 07:53:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x800706b5, The interface is unknown.


Operation:
Subscribing Writer

Context:
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {56e5a45d-d649-419b-8f6e-d44801715ef2}

Error: (03/27/2015 07:53:39 AM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x800706b5, The interface is unknown.


Operation:
Subscribing Writer

Context:
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {56e5a45d-d649-419b-8f6e-d44801715ef2}

Error: (03/27/2015 07:53:16 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dllBkav HomeC00001853

Error: (03/27/2015 07:53:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BkavHome.exe1.0.0.641754b61b33COMCTL32.dll6.10.7601.175144ce7b71cc0000006000906aae4001d06828032d112cC:\Program Files (x86)\BkavHome\BkavHome.exeC:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dlla69c5ae7-d41b-11e4-9033-685d43d1a3c5


CodeIntegrity Errors:
===================================
Date: 2015-03-26 14:58:42.409
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-26 14:58:21.554
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-26 14:58:00.709
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-26 14:57:39.611
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-23 20:06:13.659
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-23 20:05:52.637
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-13 06:36:49.059
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\nethfdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-13 06:36:25.956
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\nethfdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-13 06:29:32.137
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\nethfdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-13 06:29:11.389
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\nethfdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 60%
Total physical RAM: 3998.36 MB
Available physical RAM: 1571.51 MB
Total Pagefile: 7994.91 MB
Available Pagefile: 5315.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:11.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (CHUONG TRINH) (Fixed) (Total:205.08 GB) (Free:84.37 GB) NTFS
Drive e: (LUU TRU) (Fixed) (Total:211.85 GB) (Free:105.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FAC058BE)
Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=205.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=211.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Before continue I would like to say that I can tolerate infection to some degree as long as it doesn't make me feel too uncomfortable , there's no such thing as a completely clean computer as its will get infected again here and there after this so you don't need to try so hard to wipe everything .
Click to expand...
That's not how I operate.
My goal is to make your computer totally clean :)

redtarget.gif
I don't see any AV program running.
Install ONE of these:

- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
You can keep it or you have to disable it before installing another AV program. How to...

- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

redtarget.gif

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    3.9 KB · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by admin at 2015-03-30 14:15:52 Run:1
Running from C:\Users\admin\Desktop
Loaded Profiles: admin & MSSQL$HUY (Available profiles: admin & MSSQL$HUY)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> D:\DUY\GAMES\HaG\Heroes & Generals\live\npretoxlive.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: xyzgl-plugin@xyz-soft.com -> C:\Program Files (x86)\Fairy Tail 3D\npxyzgl.dll No File
S2 HiPatchService; No ImagePath
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S0 BkavAuto; \SystemRoot\System32\Drivers\BkavAuto.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cxasbt; \??\D:\DUY\GAMES\AvatarStarVN\avital\cxbtf64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\D:\GAMES\LienMinhHuyenThoai\GameData\Room\safedrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 RSUSBVSTOR; System32\Drivers\RtsUVStor.sys [X]
S1 SysLib; \SystemRoot\System32\Drivers\SysLib.sys [X]
S1 SysLib0; \SystemRoot\System32\Drivers\SysLib0.sys [X]
S1 SysLib1; \SystemRoot\System32\Drivers\SysLib1.sys [X]
S1 SysLib2; \SystemRoot\System32\Drivers\SysLib2.sys [X]
S1 SysLib3; \SystemRoot\System32\Drivers\SysLib3.sys [X]
S1 SysLib4; \SystemRoot\System32\Drivers\SysLib4.sys [X]
S1 SysLib5; \SystemRoot\System32\Drivers\SysLib5.sys [X]
S1 SysLib6; \SystemRoot\System32\Drivers\SysLib6.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2012-11-27 00:24 - 2014-01-31 10:30 - 0014336 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-10 14:34 - 2014-02-10 14:34 - 0064116 _____ () C:\Users\admin\AppData\Local\rational_state.log
2014-04-18 10:41 - 2014-04-18 10:41 - 0002556 _____ () C:\Users\admin\AppData\Local\recently-used.xbel
2014-01-25 07:41 - 2014-01-25 07:41 - 0000017 _____ () C:\Users\admin\AppData\Local\resmon.resmoncfg
2015-03-27 07:43 - 2015-03-27 07:43 - 0000000 _____ () C:\Users\admin\AppData\Local\{D70E9710-E4B3-48F2-91B0-296BE07FCA2F}
2012-11-07 11:45 - 2012-11-07 11:45 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
C:\Users\admin\AppData\Local\Temp\Checkupdate.exe
C:\Users\admin\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\admin\AppData\Local\Temp\gcapi_dll.dll
C:\Users\admin\AppData\Local\Temp\gtapi_signed.dll
CustomCLSID: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000_Classes\CLSID\{5F63E8CB-8F57-490A-97FE-62BC2F2A5EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> No File Path
Task: {1906FB2B-28E1-47E1-9E19-8034A1D6C581} - System32\Tasks\Escolade => C:\Users\admin\AppData\Roaming\iPumper\Updater.exe <==== ATTENTION
C:\Users\admin\AppData\Roaming\iPumper
Task: {3E812A51-75CE-467D-B2F4-01AFFAA1B629} - \Jelbrus Secure Web Task No Task File <==== ATTENTION
Task: {4CB57C85-CB3A-4327-AC9F-DD029510D476} - \GPUP No Task File <==== ATTENTION
Task: {FDD88101-8283-4EDB-AD70-3D2A03F6521E} - System32\Tasks\{3D6FE28C-B230-42D9-962E-44564AC9A66F} => pcalua.exe -a C:\Users\admin\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=irs <==== ATTENTION
C:\Users\admin\AppData\Roaming\webssearches
AlternateDataStreams: C:\ProgramData\TEMP:2C2F956A
AlternateDataStreams: C:\ProgramData\TEMP:373E1720

*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@live.heroesandgenerals.com/npretox" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
"HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\MozillaPlugins\xyzgl-plugin@xyz-soft.com" => Key deleted successfully.
C:\Program Files (x86)\Fairy Tail 3D\npxyzgl.dll not found.
HiPatchService => Service deleted successfully.
BAPIDRV => Service deleted successfully.
BkavAuto => Service deleted successfully.
catchme => Service deleted successfully.
cxasbt => Service deleted successfully.
EagleX64 => Service deleted successfully.
GGSAFERDriver => Service deleted successfully.
MBAMSwissArmy => Service deleted successfully.
RSUSBVSTOR => Service deleted successfully.
SysLib => Service deleted successfully.
SysLib0 => Service deleted successfully.
SysLib1 => Service deleted successfully.
SysLib2 => Service deleted successfully.
SysLib3 => Service deleted successfully.
SysLib4 => Service deleted successfully.
SysLib5 => Service deleted successfully.
SysLib6 => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Users\admin\AppData\Local\rational_state.log => Moved successfully.
C:\Users\admin\AppData\Local\recently-used.xbel => Moved successfully.
C:\Users\admin\AppData\Local\resmon.resmoncfg => Moved successfully.
C:\Users\admin\AppData\Local\{D70E9710-E4B3-48F2-91B0-296BE07FCA2F} => Moved successfully.
C:\ProgramData\ezsidmv.dat => Moved successfully.
C:\Users\admin\AppData\Local\Temp\Checkupdate.exe => Moved successfully.
C:\Users\admin\AppData\Local\Temp\Foxit Reader Updater.exe => Moved successfully.
C:\Users\admin\AppData\Local\Temp\gcapi_dll.dll => Moved successfully.
C:\Users\admin\AppData\Local\Temp\gtapi_signed.dll => Moved successfully.
"HKU\S-1-5-21-3818046159-3689817371-2580797029-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => Key deleted successfully.
"HKU\S-1-5-21-3818046159-3689817371-2580797029-1000_Classes\CLSID\{5F63E8CB-8F57-490A-97FE-62BC2F2A5EA4}" => Key deleted successfully.
"HKU\S-1-5-21-3818046159-3689817371-2580797029-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1906FB2B-28E1-47E1-9E19-8034A1D6C581}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1906FB2B-28E1-47E1-9E19-8034A1D6C581}" => Key deleted successfully.
C:\Windows\System32\Tasks\Escolade => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Escolade" => Key deleted successfully.
"C:\Users\admin\AppData\Roaming\iPumper" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E812A51-75CE-467D-B2F4-01AFFAA1B629}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E812A51-75CE-467D-B2F4-01AFFAA1B629}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbrus Secure Web Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CB57C85-CB3A-4327-AC9F-DD029510D476}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CB57C85-CB3A-4327-AC9F-DD029510D476}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUP" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDD88101-8283-4EDB-AD70-3D2A03F6521E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDD88101-8283-4EDB-AD70-3D2A03F6521E}" => Key deleted successfully.
C:\Windows\System32\Tasks\{3D6FE28C-B230-42D9-962E-44564AC9A66F} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3D6FE28C-B230-42D9-962E-44564AC9A66F}" => Key deleted successfully.
"C:\Users\admin\AppData\Roaming\webssearches" => File/Directory not found.
C:\ProgramData\TEMP => ":2C2F956A" ADS removed successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog 14:15:54 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 0.99.99
Windows 7 Service Pack 1 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Eusing Free Registry Cleaner
Java(TM) 6 Update 16
Java 8 Update 25
Java(TM) SE Development Kit 6 Update 16
Visual Studio Extensions for Windows Library for JavaScript
Java version 32-bit out of Date!
Adobe Flash Player 11.5.502.110 Flash Player out of Date!
Mozilla Firefox 25.0 Firefox out of Date!
Google Chrome (41.0.2272.101)
Google Chrome (41.0.2272.89)
Google Chrome (log...)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 27% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 17-01-2015
Ran by admin (administrator) on 31-03-2015 at 09:33:38
Running from "C:\Users\admin\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
2015-03-31 03:03:27.241 Sophos Virus Removal Tool version 2.5.4
2015-03-31 03:03:27.241 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-03-31 03:03:27.241 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-03-31 03:03:27.241 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2015-03-31 03:03:27.242 Checking for updates...
2015-03-31 03:03:30.411 Update progress: proxy server not available
2015-03-31 03:03:35.580 Option all = no
2015-03-31 03:03:35.580 Option recurse = yes
2015-03-31 03:03:35.580 Option archive = no
2015-03-31 03:03:35.580 Option service = yes
2015-03-31 03:03:35.580 Option confirm = yes
2015-03-31 03:03:35.580 Option sxl = yes
2015-03-31 03:03:35.581 Option max-data-age = 35
2015-03-31 03:03:35.581 Option EnableSafeClean = yes
2015-03-31 03:03:37.158 Option vdl-logging = yes
2015-03-31 03:03:37.174 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-03-31 03:03:37.174 Machine ID: c5bcab222b2140c3a9d0e11f63905874
2015-03-31 03:03:37.175 Component SVRTcli.exe version 2.5.4
2015-03-31 03:03:37.175 Component control.dll version 2.5.4
2015-03-31 03:03:37.175 Component SVRTservice.exe version 2.5.4
2015-03-31 03:03:37.175 Component engine\osdp.dll version 1.44.1.2183
2015-03-31 03:03:37.175 Component engine\veex.dll version 3.58.3.2183
2015-03-31 03:03:37.175 Component engine\savi.dll version 8.1.5.2183
2015-03-31 03:03:37.175 Component rkdisk.dll version 1.5.30.0
2015-03-31 03:03:37.175 Version info: Product version 2.5.4
2015-03-31 03:03:37.176 Version info: Detection engine 3.58.3
2015-03-31 03:03:37.176 Version info: Detection data 5.11
2015-03-31 03:03:37.176 Version info: Build date 03/02/2015
2015-03-31 03:03:37.176 Version info: Data files added 497
2015-03-31 03:03:37.176 Version info: Last successful update (not yet updated)
2015-03-31 03:04:06.004 Downloading updates...
2015-03-31 03:04:06.006 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-03-31 03:04:06.006 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-03-31 03:04:06.006 Update progress: [I49502] Found supplement IDE512 LATEST
2015-03-31 03:04:06.006 Update progress: [I49502] Found supplement IDE513 LATEST
2015-03-31 03:04:06.006 Update progress: [I49502] Found supplement IDE514 LATEST
2015-03-31 03:04:06.006 Update progress: [I49502] Found supplement IDE515 LATEST
2015-03-31 03:04:06.006 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-03-31 03:04:06.006 Update progress: [I19463] Syncing product SAVIW32 51
2015-03-31 03:04:14.486 Update progress: [I19463] Syncing product IDE512 166
2015-03-31 03:04:19.465 Installing updates...
2015-03-31 03:04:20.067 Error level 1
2015-03-31 03:04:20.080 Update progress: [I19463] Syncing product IDE513 171
2015-03-31 03:04:20.080 Update progress: [I19463] Syncing product IDE514 161
2015-03-31 03:04:20.080 Update progress: [I19463] Syncing product IDE515 6
2015-03-31 03:04:42.512 Update successful
2015-03-31 03:04:56.498 Option all = no
2015-03-31 03:04:56.498 Option recurse = yes
2015-03-31 03:04:56.498 Option archive = no
2015-03-31 03:04:56.498 Option service = yes
2015-03-31 03:04:56.498 Option confirm = yes
2015-03-31 03:04:56.498 Option sxl = yes
2015-03-31 03:04:56.500 Option max-data-age = 35
2015-03-31 03:04:56.500 Option EnableSafeClean = yes
2015-03-31 03:04:56.559 Option vdl-logging = yes
2015-03-31 03:04:56.567 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-03-31 03:04:56.567 Machine ID: c5bcab222b2140c3a9d0e11f63905874
2015-03-31 03:04:56.568 Component SVRTcli.exe version 2.5.4
2015-03-31 03:04:56.568 Component control.dll version 2.5.4
2015-03-31 03:04:56.568 Component SVRTservice.exe version 2.5.4
2015-03-31 03:04:56.568 Component engine\osdp.dll version 1.44.1.2183
2015-03-31 03:04:56.568 Component engine\veex.dll version 3.58.3.2183
2015-03-31 03:04:56.568 Component engine\savi.dll version 8.1.5.2183
2015-03-31 03:04:56.568 Component rkdisk.dll version 1.5.30.0
2015-03-31 03:04:56.568 Version info: Product version 2.5.4
2015-03-31 03:04:56.569 Version info: Detection engine 3.58.3
2015-03-31 03:04:56.569 Version info: Detection data 5.11G
2015-03-31 03:04:56.569 Version info: Build date 03/02/2015
2015-03-31 03:04:56.569 Version info: Data files added 497
2015-03-31 03:04:56.569 Version info: Last successful update 31/03/2015 10:04:42 SA


2015-03-31 04:44:06.039 Scan cancelled by user.
2015-03-31 04:44:06.039

------------------------------------------------------------

2015-04-02 04:30:50.634 Sophos Virus Removal Tool version 2.5.4
2015-04-02 04:30:50.634 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-04-02 04:30:50.634 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-04-02 04:30:50.634 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2015-04-02 04:30:50.634 Checking for updates...
2015-04-02 04:30:53.567 Update progress: proxy server not available
2015-04-02 04:31:26.578 Option all = no
2015-04-02 04:31:26.578 Option recurse = yes
2015-04-02 04:31:26.578 Option archive = no
2015-04-02 04:31:26.578 Option service = yes
2015-04-02 04:31:26.578 Option confirm = yes
2015-04-02 04:31:26.578 Option sxl = yes
2015-04-02 04:31:26.579 Option max-data-age = 35
2015-04-02 04:31:26.579 Option EnableSafeClean = yes
2015-04-02 04:31:26.696 Option vdl-logging = yes
2015-04-02 04:31:26.701 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-04-02 04:31:26.701 Machine ID: c5bcab222b2140c3a9d0e11f63905874
2015-04-02 04:31:26.773 Component SVRTcli.exe version 2.5.4
2015-04-02 04:31:26.773 Component control.dll version 2.5.4
2015-04-02 04:31:26.773 Component SVRTservice.exe version 2.5.4
2015-04-02 04:31:26.773 Component engine\osdp.dll version 1.44.1.2183
2015-04-02 04:31:26.773 Component engine\veex.dll version 3.58.3.2183
2015-04-02 04:31:26.773 Component engine\savi.dll version 8.1.5.2183
2015-04-02 04:31:27.000 Component rkdisk.dll version 1.5.30.0
2015-04-02 04:31:27.000 Version info: Product version 2.5.4
2015-04-02 04:31:27.001 Version info: Detection engine 3.58.3
2015-04-02 04:31:27.001 Version info: Detection data 5.11G
2015-04-02 04:31:27.001 Version info: Build date 03/02/2015
2015-04-02 04:31:27.001 Version info: Data files added 497
2015-04-02 04:31:27.001 Version info: Last successful update 31/03/2015 10:04:42 SA
2015-04-02 04:31:42.788 Downloading updates...
2015-04-02 04:31:42.789 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-04-02 04:31:42.789 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-04-02 04:31:42.789 Update progress: [I49502] Found supplement IDE512 LATEST
2015-04-02 04:31:42.789 Update progress: [I49502] Found supplement IDE513 LATEST
2015-04-02 04:31:42.789 Update progress: [I49502] Found supplement IDE514 LATEST
2015-04-02 04:31:42.789 Update progress: [I49502] Found supplement IDE515 LATEST
2015-04-02 04:31:42.789 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-04-02 04:31:42.789 Update progress: [I19463] Syncing product SAVIW32 51
2015-04-02 04:31:42.789 Update progress: [I19463] Syncing product IDE512 166
2015-04-02 04:31:49.090 Update progress: [I19463] Syncing product IDE513 171
2015-04-02 04:31:49.090 Update progress: [I19463] Syncing product IDE514 161
2015-04-02 04:31:49.090 Update progress: [I19463] Syncing product IDE515 15
2015-04-02 04:31:49.802 Installing updates...
2015-04-02 04:31:50.403 Error level 1
2015-04-02 04:31:50.747 Update successful
2015-04-02 04:31:58.428 Option all = no
2015-04-02 04:31:58.428 Option recurse = yes
2015-04-02 04:31:58.428 Option archive = no
2015-04-02 04:31:58.428 Option service = yes
2015-04-02 04:31:58.428 Option confirm = yes
2015-04-02 04:31:58.428 Option sxl = yes
2015-04-02 04:31:58.429 Option max-data-age = 35
2015-04-02 04:31:58.429 Option EnableSafeClean = yes
2015-04-02 04:31:58.473 Option vdl-logging = yes
2015-04-02 04:31:58.479 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-04-02 04:31:58.479 Machine ID: c5bcab222b2140c3a9d0e11f63905874
2015-04-02 04:31:58.479 Component SVRTcli.exe version 2.5.4
2015-04-02 04:31:58.479 Component control.dll version 2.5.4
2015-04-02 04:31:58.479 Component SVRTservice.exe version 2.5.4
2015-04-02 04:31:58.479 Component engine\osdp.dll version 1.44.1.2183
2015-04-02 04:31:58.479 Component engine\veex.dll version 3.58.3.2183
2015-04-02 04:31:58.479 Component engine\savi.dll version 8.1.5.2183
2015-04-02 04:31:58.480 Component rkdisk.dll version 1.5.30.0
2015-04-02 04:31:58.480 Version info: Product version 2.5.4
2015-04-02 04:31:58.481 Version info: Detection engine 3.58.3
2015-04-02 04:31:58.481 Version info: Detection data 5.11G
2015-04-02 04:31:58.481 Version info: Build date 03/02/2015
2015-04-02 04:31:58.481 Version info: Data files added 506
2015-04-02 04:31:58.481 Version info: Last successful update 02/04/2015 11:31:50 SA

2015-04-02 07:17:09.232 >>> Virus 'Mal/VB-BL' found in file D:\C\SinhVienIT.Net---C-Free_Pro_v5.0.0.3314\C-Free Pro v5.0.0.3314\CRACK\Loader_CppIDE.exe
2015-04-02 07:36:21.620 >>> Virus 'Troj/Fujif-Gen' found in file E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM.HTM
2015-04-02 07:36:21.952 >>> Virus 'Troj/Fujif-Gen' found in file E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM2.HTM
2015-04-02 07:36:22.188 >>> Virus 'Troj/Fujif-Gen' found in file E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM3.HTM
2015-04-02 07:36:22.453 >>> Virus 'Troj/Fujif-Gen' found in file E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM4.HTM
2015-04-02 07:36:22.697 >>> Virus 'Troj/Fujif-Gen' found in file E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM5.HTM
2015-04-02 07:36:22.908 >>> Virus 'Troj/Fujif-Gen' found in file E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM6.HTM
2015-04-02 07:36:23.151 >>> Virus 'Troj/Fujif-Gen' found in file E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM7.HTM
2015-04-02 07:36:23.382 >>> Virus 'Troj/Fujif-Gen' found in file E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM8.HTM
2015-04-02 07:51:56.500 Could not open C:\Boot\BCD
2015-04-02 07:52:46.698 Could not open C:\hiberfil.sys
2015-04-02 07:52:46.719 Could not open C:\pagefile.sys
2015-04-02 08:01:56.530 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-02 08:02:31.656 Could not open C:\Users\admin\AppData\Local\CocCoc\Browser\User Data\Default\Current Session
2015-04-02 08:02:31.931 Could not check C:\Users\admin\AppData\Local\CocCoc\Browser\User Data\Default\Extension Rules\LOCK (virus scan failed)
2015-04-02 08:02:31.982 Could not check C:\Users\admin\AppData\Local\CocCoc\Browser\User Data\Default\Extension State\LOCK (virus scan failed)
2015-04-02 08:02:34.064 Could not check C:\Users\admin\AppData\Local\CocCoc\Browser\User Data\Default\File System\Origins\LOCK (virus scan failed)
2015-04-02 08:02:34.847 Could not check C:\Users\admin\AppData\Local\CocCoc\Browser\User Data\Default\Local Extension Settings\gfgbmghkdjckppeomloefmbphdfmokgd\LOCK (virus scan failed)
2015-04-02 08:02:34.863 Could not check C:\Users\admin\AppData\Local\CocCoc\Browser\User Data\Default\Local Extension Settings\jdfkmiabjpfjacifcmihfdjhpnjpiick\LOCK (virus scan failed)
2015-04-02 08:02:37.502 Could not check C:\Users\admin\AppData\Local\CocCoc\Browser\User Data\Default\Session Storage\LOCK (virus scan failed)
2015-04-02 08:21:26.394 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-04-02 08:21:26.394 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-04-02 08:21:28.537 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-04-02 08:21:28.548 Could not open C:\Windows\System32\config\RegBack\SAM
2015-04-02 08:21:28.549 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-04-02 08:21:28.562 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-04-02 08:21:28.563 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-04-02 08:25:51.836 Could not open C:\Windows\temp\TMP0000058E10A720BF8B0E4ECF
2015-04-02 08:32:15.579 Could not open D:\C\Java\jdk-7u4-windows-x64.exe
2015-04-02 08:36:53.057 >>> Virus 'Mal/Keygen-K' found in file D:\EN\keygen.exe
2015-04-02 08:36:53.057 >>> Virus 'Mal/Keygen-K' found in file HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-02 08:36:53.057 >>> Virus 'Mal/Keygen-K' found in file HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-02 08:36:53.058 >>> Virus 'Mal/Keygen-K' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-02 08:43:25.537 >>> Virus 'Troj/Agent-ABWY' found in file D:\GAMES\Re6\Resident Evil 6\steam_api.dll
2015-04-02 08:43:25.537 >>> Virus 'Troj/Agent-ABWY' found in file HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-02 08:43:25.537 >>> Virus 'Troj/Agent-ABWY' found in file HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-02 08:43:25.537 >>> Virus 'Troj/Agent-ABWY' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
 
Settings\WarnOnPostRedirect
2015-04-02 08:55:14.903 The following items will be cleaned up:
2015-04-02 08:55:14.903 Mal/Keygen-K
2015-04-02 08:55:14.903 Troj/Agent-ABWY
2015-04-02 08:55:14.903 Mal/VB-BL
2015-04-02 08:55:14.903 Troj/Fujif-Gen
2015-04-02 08:55:14.903 Troj/Fujif-Gen
2015-04-02 08:55:14.903 Troj/Fujif-Gen
2015-04-02 08:55:14.903 Troj/Fujif-Gen
2015-04-02 08:55:14.903 Troj/Fujif-Gen
2015-04-02 08:55:14.903 Troj/Fujif-Gen
2015-04-02 08:55:14.903 Troj/Fujif-Gen
2015-04-02 08:55:14.903 Troj/Fujif-Gen
2015-04-02 08:57:57.828 Threat 'Mal/Keygen-K' has been cleaned up.
2015-04-02 08:57:57.850 File "D:\EN\keygen.exe" belongs to malware 'Mal/Keygen-K'.
2015-04-02 08:57:57.850 File "D:\EN\keygen.exe" has been cleaned up.
2015-04-02 08:57:57.850 Registry value "HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to malware 'Mal/Keygen-K'.
2015-04-02 08:57:57.850 Registry value "HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
2015-04-02 08:57:57.850 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to malware 'Mal/Keygen-K'.
2015-04-02 08:57:57.850 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
2015-04-02 08:57:57.850 Removal successful
2015-04-02 08:58:00.224 Threat 'Troj/Agent-ABWY' has been cleaned up.
2015-04-02 08:58:00.224 File "D:\GAMES\Re6\Resident Evil 6\steam_api.dll" belongs to 'Troj/Agent-ABWY'.
2015-04-02 08:58:00.224 File "D:\GAMES\Re6\Resident Evil 6\steam_api.dll" has been cleaned up.
2015-04-02 08:58:00.224 Removal successful
2015-04-02 08:58:02.005 Installed boot task components.

2015-04-02 08:58:02.028 Contents of SafeClean bin directory:
2015-04-02 08:58:02.048 {
2015-04-02 08:58:02.048 RecordID : "0000000000000001",
2015-04-02 08:58:02.048 ItemType : "1",
2015-04-02 08:58:02.048 Location : "D:\EN\",
2015-04-02 08:58:02.048 FileName : "keygen.exe",
2015-04-02 08:58:02.048 ThreatName : "Mal/Keygen-K",
2015-04-02 08:58:02.048 Checksum : "b80f1511fd9a214a3abd4ef70ace15b68925f1f3539b32d1c1b5f5453bfbb111",
2015-04-02 08:58:02.049 TimeStamp : "Thu Apr 02 15:57:52 2015"
2015-04-02 08:58:02.049 }
2015-04-02 08:58:02.049 {
2015-04-02 08:58:02.049 RecordID : "0000000000000002",
2015-04-02 08:58:02.049 ItemType : "1",
2015-04-02 08:58:02.049 Location : "D:\GAMES\Re6\Resident Evil 6\",
2015-04-02 08:58:02.049 FileName : "steam_api.dll",
2015-04-02 08:58:02.049 ThreatName : "Troj/Agent-ABWY",
2015-04-02 08:58:02.049 Checksum : "ad1e1e8bb81d9b51bb0d63abf493eda530f769d714bcbd29a41478856f91318e",
2015-04-02 08:58:02.049 TimeStamp : "Thu Apr 02 15:57:57 2015"
2015-04-02 08:58:02.049 }
2015-04-02 08:58:02.769 The computer must be restarted in order to complete the cleanup.
2015-04-02 08:58:02.769 Error level 5
2015-04-02 08:58:02.777 Cleanup on restart pending for Mal/VB-BL: RenameFile "\\?\D:\C\SinhVienIT.Net---C-Free_Pro_v5.0.0.3314\C-Free Pro v5.0.0.3314\CRACK\Loader_CppIDE.exe"
2015-04-02 08:58:02.777 Cleanup on restart pending for Mal/VB-BL: DriverDeleteDriverKey "\\?\D:\C\SinhVienIT.Net---C-Free_Pro_v5.0.0.3314\C-Free Pro v5.0.0.3314\CRACK\Loader_CppIDE.exe"
2015-04-02 08:58:02.777 Cleanup on restart pending for Mal/VB-BL: DeleteFile "\\?\D:\C\SinhVienIT.Net---C-Free_Pro_v5.0.0.3314\C-Free Pro v5.0.0.3314\CRACK\Loader_CppIDE.exe.SHS"
2015-04-02 08:58:02.777 Cleanup on restart pending for Mal/VB-BL: DeleteFile "\\?\D:\C\SinhVienIT.Net---C-Free_Pro_v5.0.0.3314\C-Free Pro v5.0.0.3314\CRACK\Loader_CppIDE.exe"
2015-04-02 08:58:02.777 Cleanup on restart pending for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM.HTM"
2015-04-02 08:58:02.777 Cleanup on restart pending for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM.HTM"
2015-04-02 08:58:02.777 Cleanup on restart pending for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM.HTM.SHS"
2015-04-02 08:58:02.777 Cleanup on restart pending for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM.HTM"
2015-04-02 08:58:02.777 Cleanup on restart pending for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM2.HTM"
2015-04-02 08:58:02.777 Cleanup on restart pending for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM2.HTM"
2015-04-02 08:58:02.777 Cleanup on restart pending for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM2.HTM.SHS"
2015-04-02 08:58:02.777 Cleanup on restart pending for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM2.HTM"
2015-04-02 08:58:02.777 Cleanup on restart pending for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM3.HTM"
2015-04-02 08:58:02.777 Cleanup on restart pending for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM3.HTM"
2015-04-02 08:58:02.777 Cleanup on restart pending for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM3.HTM.SHS"
2015-04-02 08:58:02.777 Cleanup on restart pending for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM3.HTM"
2015-04-02 08:58:02.778 Cleanup on restart pending for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM4.HTM"
2015-04-02 08:58:02.778 Cleanup on restart pending for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM4.HTM"
2015-04-02 08:58:02.778 Cleanup on restart pending for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM4.HTM.SHS"
2015-04-02 08:58:02.778 Cleanup on restart pending for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM4.HTM"
2015-04-02 08:58:02.778 Cleanup on restart pending for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM5.HTM"
2015-04-02 08:58:02.778 Cleanup on restart pending for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM5.HTM"
2015-04-02 08:58:02.778 Cleanup on restart pending for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM5.HTM.SHS"
2015-04-02 08:58:02.778 Cleanup on restart pending for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM5.HTM"
2015-04-02 08:58:02.778 Cleanup on restart pending for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM6.HTM"
2015-04-02 08:58:02.778 Cleanup on restart pending for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM6.HTM"
2015-04-02 08:58:02.778 Cleanup on restart pending for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM6.HTM.SHS"
2015-04-02 08:58:02.778 Cleanup on restart pending for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM6.HTM"
2015-04-02 08:58:02.778 Cleanup on restart pending for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM7.HTM"
2015-04-02 08:58:02.778 Cleanup on restart pending for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM7.HTM"
2015-04-02 08:58:02.778 Cleanup on restart pending for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM7.HTM.SHS"
2015-04-02 08:58:02.778 Cleanup on restart pending for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM7.HTM"
2015-04-02 08:58:02.778 Cleanup on restart pending for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM8.HTM"
2015-04-02 08:58:02.778 Cleanup on restart pending for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM8.HTM"
2015-04-02 08:58:02.778 Cleanup on restart pending for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM8.HTM.SHS"
2015-04-02 08:58:02.778 Cleanup on restart pending for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM8.HTM"

2015-04-02 08:58:14.813 Scan completed.
2015-04-02 08:58:14.813

------------------------------------------------------------

2015-04-02 09:00:25.533 Sophos Virus Removal Tool version 2.5.4
2015-04-02 09:00:25.533 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-04-02 09:00:25.533 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-04-02 09:00:25.533 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2015-04-02 09:00:25.534 Checking for updates...
2015-04-02 09:00:28.895 Update progress: proxy server not available
2015-04-02 09:01:30.588 Downloading updates...
2015-04-02 09:01:30.589 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-04-02 09:01:30.589 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-04-02 09:01:30.589 Update progress: [I49502] Found supplement IDE512 LATEST
2015-04-02 09:01:30.589 Update progress: [I49502] Found supplement IDE513 LATEST
2015-04-02 09:01:30.589 Update progress: [I49502] Found supplement IDE514 LATEST
2015-04-02 09:01:30.589 Update progress: [I49502] Found supplement IDE515 LATEST
2015-04-02 09:01:30.589 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-04-02 09:01:30.589 Update progress: [I19463] Syncing product SAVIW32 51
2015-04-02 09:01:30.589 Update progress: [I19463] Syncing product IDE512 166
2015-04-02 09:01:45.018 Update progress: [I19463] Syncing product IDE513 171
2015-04-02 09:01:45.018 Update progress: [I19463] Syncing product IDE514 161
2015-04-02 09:01:45.018 Update progress: [I19463] Syncing product IDE515 17
2015-04-02 09:01:45.347 Installing updates...
2015-04-02 09:02:16.067 Update successful
2015-04-02 09:02:20.069 Error: an instance of this application is already running.
2015-04-02 09:02:21.295 Cleanup on restart completed for Mal/VB-BL: RenameFile "\\?\D:\C\SinhVienIT.Net---C-Free_Pro_v5.0.0.3314\C-Free Pro v5.0.0.3314\CRACK\Loader_CppIDE.exe"
2015-04-02 09:02:21.295 Cleanup on restart completed for Mal/VB-BL: DriverDeleteDriverKey "\\?\D:\C\SinhVienIT.Net---C-Free_Pro_v5.0.0.3314\C-Free Pro v5.0.0.3314\CRACK\Loader_CppIDE.exe"
2015-04-02 09:02:21.295 Cleanup on restart completed for Mal/VB-BL: DeleteFile "\\?\D:\C\SinhVienIT.Net---C-Free_Pro_v5.0.0.3314\C-Free Pro v5.0.0.3314\CRACK\Loader_CppIDE.exe.SHS"
2015-04-02 09:02:21.295 Cleanup on restart completed for Mal/VB-BL: DeleteFile "\\?\D:\C\SinhVienIT.Net---C-Free_Pro_v5.0.0.3314\C-Free Pro v5.0.0.3314\CRACK\Loader_CppIDE.exe"
2015-04-02 09:02:21.295 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM.HTM"
2015-04-02 09:02:21.295 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM.HTM"
2015-04-02 09:02:21.295 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM.HTM.SHS"
2015-04-02 09:02:21.295 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM.HTM"
2015-04-02 09:02:21.295 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM2.HTM"
2015-04-02 09:02:21.296 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM2.HTM"
2015-04-02 09:02:21.296 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM2.HTM.SHS"
2015-04-02 09:02:21.296 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM2.HTM"
2015-04-02 09:02:21.296 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM3.HTM"
2015-04-02 09:02:21.296 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM3.HTM"
2015-04-02 09:02:21.296 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM3.HTM.SHS"
2015-04-02 09:02:21.296 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM3.HTM"
2015-04-02 09:02:21.296 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM4.HTM"
2015-04-02 09:02:21.296 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM4.HTM"
2015-04-02 09:02:21.296 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM4.HTM.SHS"
2015-04-02 09:02:21.296 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM4.HTM"
2015-04-02 09:02:21.297 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM5.HTM"
2015-04-02 09:02:21.297 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM5.HTM"
2015-04-02 09:02:21.297 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM5.HTM.SHS"
2015-04-02 09:02:21.297 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM5.HTM"
2015-04-02 09:02:21.297 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM6.HTM"
2015-04-02 09:02:21.297 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM6.HTM"
2015-04-02 09:02:21.297 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM6.HTM.SHS"
2015-04-02 09:02:21.297 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM6.HTM"
2015-04-02 09:02:21.297 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM7.HTM"
2015-04-02 09:02:21.297 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM7.HTM"
2015-04-02 09:02:21.298 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM7.HTM.SHS"
2015-04-02 09:02:21.298 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM7.HTM"
2015-04-02 09:02:21.298 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM8.HTM"
2015-04-02 09:02:21.298 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM8.HTM"
2015-04-02 09:02:21.298 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM8.HTM.SHS"
2015-04-02 09:02:21.298 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM8.HTM"
2015-04-02 09:02:21.298 All cleanup on restart operations completed successfully.

2015-04-02 09:02:23.326 Option all = no
2015-04-02 09:02:24.327 Option recurse = yes
2015-04-02 09:02:24.327 Option archive = no
2015-04-02 09:02:24.327 Option service = yes
2015-04-02 09:02:24.328 Option confirm = yes
2015-04-02 09:02:24.328 Option sxl = yes
2015-04-02 09:02:24.328 Option max-data-age = 35
2015-04-02 09:02:24.328 Option EnableSafeClean = yes
2015-04-02 09:02:24.328 Option vdl-logging = yes
2015-04-02 09:02:24.328 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-04-02 09:02:24.328 Machine ID: c5bcab222b2140c3a9d0e11f63905874
2015-04-02 09:02:24.328 Component SVRTcli.exe version 2.5.4
2015-04-02 09:02:24.328 Component control.dll version 2.5.4
2015-04-02 09:02:24.328 Component SVRTservice.exe version 2.5.4
2015-04-02 09:02:24.328 Component engine\osdp.dll version 1.44.1.2183
2015-04-02 09:02:24.328 Component engine\veex.dll version 3.58.3.2183
2015-04-02 09:02:24.328 Component engine\savi.dll version 8.1.5.2183
2015-04-02 09:02:24.329 Component rkdisk.dll version 1.5.30.0
2015-04-02 09:02:24.329 Version info: Product version 2.5.4
2015-04-02 09:02:24.329 Version info: Detection engine 3.58.3
2015-04-02 09:02:24.329 Version info: Detection data 5.11G
2015-04-02 09:02:24.329 Version info: Build date 03/02/2015
2015-04-02 09:02:24.329 Version info: Data files added 507
2015-04-02 09:02:24.329 Version info: Last successful update 02/04/2015 4:02:16 CH
2015-04-02 09:02:24.329 Error level 1

2015-04-02 10:23:09.160 Scan failed due to fatal error.
2015-04-02 10:23:09.160

------------------------------------------------------------

2015-04-02 10:23:16.483 Sophos Virus Removal Tool version 2.5.4
2015-04-02 10:23:16.483 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-04-02 10:23:16.483 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-04-02 10:23:16.483 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2015-04-02 10:23:16.483 Checking for updates...
2015-04-02 10:23:19.390 Update progress: proxy server not available
2015-04-02 10:23:20.911 Update not required
2015-04-02 10:23:25.224 Option all = no
2015-04-02 10:23:25.224 Option recurse = yes
2015-04-02 10:23:25.224 Option archive = no
2015-04-02 10:23:25.224 Option service = yes
2015-04-02 10:23:25.224 Option confirm = yes
2015-04-02 10:23:25.224 Option sxl = yes
2015-04-02 10:23:25.226 Option max-data-age = 35
2015-04-02 10:23:25.226 Option EnableSafeClean = yes
2015-04-02 10:23:25.277 Option vdl-logging = yes
2015-04-02 10:23:25.284 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-04-02 10:23:25.284 Machine ID: c5bcab222b2140c3a9d0e11f63905874
2015-04-02 10:23:25.285 Component SVRTcli.exe version 2.5.4
2015-04-02 10:23:25.285 Component control.dll version 2.5.4
2015-04-02 10:23:25.285 Component SVRTservice.exe version 2.5.4
2015-04-02 10:23:25.285 Component engine\osdp.dll version 1.44.1.2183
2015-04-02 10:23:25.285 Component engine\veex.dll version 3.58.3.2183
2015-04-02 10:23:25.285 Component engine\savi.dll version 8.1.5.2183
2015-04-02 10:23:25.285 Component rkdisk.dll version 1.5.30.0
2015-04-02 10:23:25.285 Version info: Product version 2.5.4
2015-04-02 10:23:25.286 Version info: Detection engine 3.58.3
2015-04-02 10:23:25.286 Version info: Detection data 5.11G
2015-04-02 10:23:25.286 Version info: Build date 03/02/2015
2015-04-02 10:23:25.286 Version info: Data files added 508
2015-04-02 10:23:25.286 Version info: Last successful update 02/04/2015 4:02:16 CH
2015-04-02 10:23:27.532 Cleanup on restart completed for Mal/VB-BL: RenameFile "\\?\D:\C\SinhVienIT.Net---C-Free_Pro_v5.0.0.3314\C-Free Pro v5.0.0.3314\CRACK\Loader_CppIDE.exe"
2015-04-02 10:23:27.532 Cleanup on restart completed for Mal/VB-BL: DriverDeleteDriverKey "\\?\D:\C\SinhVienIT.Net---C-Free_Pro_v5.0.0.3314\C-Free Pro v5.0.0.3314\CRACK\Loader_CppIDE.exe"
2015-04-02 10:23:27.532 Cleanup on restart completed for Mal/VB-BL: DeleteFile "\\?\D:\C\SinhVienIT.Net---C-Free_Pro_v5.0.0.3314\C-Free Pro v5.0.0.3314\CRACK\Loader_CppIDE.exe.SHS"
2015-04-02 10:23:27.532 Cleanup on restart completed for Mal/VB-BL: DeleteFile "\\?\D:\C\SinhVienIT.Net---C-Free_Pro_v5.0.0.3314\C-Free Pro v5.0.0.3314\CRACK\Loader_CppIDE.exe"
2015-04-02 10:23:27.532 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM.HTM"
2015-04-02 10:23:27.532 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM.HTM"
2015-04-02 10:23:27.532 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM.HTM.SHS"
2015-04-02 10:23:27.532 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM.HTM"
2015-04-02 10:23:27.533 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM2.HTM"
2015-04-02 10:23:27.533 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM2.HTM"
2015-04-02 10:23:27.533 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM2.HTM.SHS"
2015-04-02 10:23:27.533 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM2.HTM"
2015-04-02 10:23:27.533 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM3.HTM"
2015-04-02 10:23:27.533 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM3.HTM"
2015-04-02 10:23:27.533 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM3.HTM.SHS"
2015-04-02 10:23:27.533 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM3.HTM"
2015-04-02 10:23:27.533 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM4.HTM"
2015-04-02 10:23:27.533 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM4.HTM"
2015-04-02 10:23:27.533 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM4.HTM.SHS"
2015-04-02 10:23:27.533 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM4.HTM"
2015-04-02 10:23:27.534 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM5.HTM"
2015-04-02 10:23:27.534 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM5.HTM"
2015-04-02 10:23:27.534 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM5.HTM.SHS"
2015-04-02 10:23:27.534 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM5.HTM"
2015-04-02 10:23:27.534 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM6.HTM"
2015-04-02 10:23:27.534 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM6.HTM"
2015-04-02 10:23:27.534 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM6.HTM.SHS"
2015-04-02 10:23:27.534 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM6.HTM"
2015-04-02 10:23:27.534 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM7.HTM"
2015-04-02 10:23:27.534 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM7.HTM"
2015-04-02 10:23:27.534 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM7.HTM.SHS"
2015-04-02 10:23:27.534 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM7.HTM"
2015-04-02 10:23:27.534 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM8.HTM"
2015-04-02 10:23:27.535 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM8.HTM"
2015-04-02 10:23:27.535 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM8.HTM.SHS"
2015-04-02 10:23:27.535 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM8.HTM"
2015-04-02 10:23:27.535 All cleanup on restart operations completed successfully.

2015-04-02 10:24:02.576 Error level 1

2015-04-02 10:24:02.578 Scan completed.
2015-04-02 10:24:02.578

------------------------------------------------------------

2015-04-02 10:49:33.373 Sophos Virus Removal Tool version 2.5.4
2015-04-02 10:49:33.373 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-04-02 10:49:33.373 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-04-02 10:49:33.373 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2015-04-02 10:49:33.375 Checking for updates...
2015-04-02 10:49:36.273 Update progress: proxy server not available
2015-04-02 10:49:38.172 Downloading updates...
2015-04-02 10:49:38.174 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-04-02 10:49:38.174 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-04-02 10:49:38.174 Update progress: [I49502] Found supplement IDE512 LATEST
2015-04-02 10:49:38.174 Update progress: [I49502] Found supplement IDE513 LATEST
2015-04-02 10:49:38.174 Update progress: [I49502] Found supplement IDE514 LATEST
2015-04-02 10:49:38.174 Update progress: [I49502] Found supplement IDE515 LATEST
2015-04-02 10:49:38.174 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-04-02 10:49:38.174 Update progress: [I19463] Syncing product SAVIW32 51
2015-04-02 10:49:38.174 Update progress: [I19463] Syncing product IDE512 166
2015-04-02 10:49:38.427 Update progress: [I19463] Syncing product IDE513 171
2015-04-02 10:49:38.427 Update progress: [I19463] Syncing product IDE514 161
2015-04-02 10:49:38.428 Update progress: [I19463] Syncing product IDE515 18
2015-04-02 10:49:38.587 Installing updates...
2015-04-02 10:49:40.837 Option all = no
2015-04-02 10:49:41.437 Option recurse = yes
2015-04-02 10:49:41.437 Option archive = no
2015-04-02 10:49:41.437 Option service = yes
2015-04-02 10:49:41.437 Option confirm = yes
2015-04-02 10:49:41.437 Option sxl = yes
2015-04-02 10:49:41.437 Option max-data-age = 35
2015-04-02 10:49:41.437 Option EnableSafeClean = yes
2015-04-02 10:49:41.437 Option vdl-logging = yes
2015-04-02 10:49:41.437 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-04-02 10:49:41.437 Machine ID: c5bcab222b2140c3a9d0e11f63905874
2015-04-02 10:49:41.437 Component SVRTcli.exe version 2.5.4
2015-04-02 10:49:41.437 Component control.dll version 2.5.4
2015-04-02 10:49:41.437 Component SVRTservice.exe version 2.5.4
2015-04-02 10:49:41.437 Component engine\osdp.dll version 1.44.1.2183
2015-04-02 10:49:41.437 Component engine\veex.dll version 3.58.3.2183
2015-04-02 10:49:41.437 Component engine\savi.dll version 8.1.5.2183
2015-04-02 10:49:41.437 Component rkdisk.dll version 1.5.30.0
2015-04-02 10:49:41.437 Version info: Product version 2.5.4
2015-04-02 10:49:41.438 Version info: Detection engine 3.58.3
2015-04-02 10:49:41.438 Version info: Detection data 5.11G
2015-04-02 10:49:41.438 Version info: Build date 03/02/2015
2015-04-02 10:49:41.438 Version info: Data files added 508
2015-04-02 10:49:41.438 Version info: Last successful update 02/04/2015 4:02:16 CH
2015-04-02 10:49:41.438 Error level 1
2015-04-02 10:49:41.671 Update successful
2015-04-02 10:49:49.268 Option all = no
2015-04-02 10:49:49.268 Option recurse = yes
2015-04-02 10:49:49.268 Option archive = no
2015-04-02 10:49:49.268 Option service = yes
2015-04-02 10:49:49.268 Option confirm = yes
2015-04-02 10:49:49.269 Option sxl = yes
2015-04-02 10:49:49.270 Option max-data-age = 35
2015-04-02 10:49:49.270 Option EnableSafeClean = yes
2015-04-02 10:49:49.309 Option vdl-logging = yes
2015-04-02 10:49:49.317 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-04-02 10:49:49.317 Machine ID: c5bcab222b2140c3a9d0e11f63905874
2015-04-02 10:49:49.317 Component SVRTcli.exe version 2.5.4
2015-04-02 10:49:49.317 Component control.dll version 2.5.4
2015-04-02 10:49:49.318 Component SVRTservice.exe version 2.5.4
2015-04-02 10:49:49.318 Component engine\osdp.dll version 1.44.1.2183
2015-04-02 10:49:49.318 Component engine\veex.dll version 3.58.3.2183
2015-04-02 10:49:49.318 Component engine\savi.dll version 8.1.5.2183
2015-04-02 10:49:49.318 Component rkdisk.dll version 1.5.30.0
2015-04-02 10:49:49.318 Version info: Product version 2.5.4
2015-04-02 10:49:49.318 Version info: Detection engine 3.58.3
2015-04-02 10:49:49.319 Version info: Detection data 5.11G
2015-04-02 10:49:49.319 Version info: Build date 03/02/2015
2015-04-02 10:49:49.319 Version info: Data files added 509
2015-04-02 10:49:49.319 Version info: Last successful update 02/04/2015 5:49:41 CH
2015-04-02 10:49:49.332 Cleanup on restart completed for Mal/VB-BL: RenameFile "\\?\D:\C\SinhVienIT.Net---C-Free_Pro_v5.0.0.3314\C-Free Pro v5.0.0.3314\CRACK\Loader_CppIDE.exe"
2015-04-02 10:49:49.332 Cleanup on restart completed for Mal/VB-BL: DriverDeleteDriverKey "\\?\D:\C\SinhVienIT.Net---C-Free_Pro_v5.0.0.3314\C-Free Pro v5.0.0.3314\CRACK\Loader_CppIDE.exe"
2015-04-02 10:49:49.332 Cleanup on restart completed for Mal/VB-BL: DeleteFile "\\?\D:\C\SinhVienIT.Net---C-Free_Pro_v5.0.0.3314\C-Free Pro v5.0.0.3314\CRACK\Loader_CppIDE.exe.SHS"
2015-04-02 10:49:49.332 Cleanup on restart completed for Mal/VB-BL: DeleteFile "\\?\D:\C\SinhVienIT.Net---C-Free_Pro_v5.0.0.3314\C-Free Pro v5.0.0.3314\CRACK\Loader_CppIDE.exe"
2015-04-02 10:49:49.333 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM.HTM"
2015-04-02 10:49:49.333 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM.HTM"
2015-04-02 10:49:49.333 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM.HTM.SHS"
2015-04-02 10:49:49.333 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM.HTM"
2015-04-02 10:49:49.333 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM2.HTM"
2015-04-02 10:49:49.333 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM2.HTM"
2015-04-02 10:49:49.333 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM2.HTM.SHS"
2015-04-02 10:49:49.333 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM2.HTM"
2015-04-02 10:49:49.333 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM3.HTM"
2015-04-02 10:49:49.333 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM3.HTM"
2015-04-02 10:49:49.333 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM3.HTM.SHS"
2015-04-02 10:49:49.333 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM3.HTM"
2015-04-02 10:49:49.333 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM4.HTM"
2015-04-02 10:49:49.333 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM4.HTM"
2015-04-02 10:49:49.333 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM4.HTM.SHS"
2015-04-02 10:49:49.333 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM4.HTM"
2015-04-02 10:49:49.333 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM5.HTM"
2015-04-02 10:49:49.333 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM5.HTM"
2015-04-02 10:49:49.333 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM5.HTM.SHS"
2015-04-02 10:49:49.334 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM5.HTM"
2015-04-02 10:49:49.334 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM6.HTM"
2015-04-02 10:49:49.334 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM6.HTM"
2015-04-02 10:49:49.334 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM6.HTM.SHS"
2015-04-02 10:49:49.334 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM6.HTM"
2015-04-02 10:49:49.334 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM7.HTM"
2015-04-02 10:49:49.334 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM7.HTM"
2015-04-02 10:49:49.334 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM7.HTM.SHS"
2015-04-02 10:49:49.334 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM7.HTM"
2015-04-02 10:49:49.334 Cleanup on restart completed for Troj/Fujif-Gen: RenameFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM8.HTM"
2015-04-02 10:49:49.334 Cleanup on restart completed for Troj/Fujif-Gen: DriverDeleteDriverKey "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM8.HTM"
2015-04-02 10:49:49.334 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM8.HTM.SHS"
2015-04-02 10:49:49.334 Cleanup on restart completed for Troj/Fujif-Gen: DeleteFile "\\?\E:\THU VIEN HINH ANH\LINH TINH\HINH ANI\DUONG VIEN\ULTHM8.HTM"
2015-04-02 10:49:49.334 All cleanup on restart operations completed successfully.
 
redtarget.gif
Update Firefox to the current version.

redtarget.gif
Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

redtarget.gif
Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

===============================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
842
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back