Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2015 Ran by ThanhUTS at 2015-01-02 11:34:46 Running from C:\Users\ThanhUTS\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Blackboard Collaborate Launcher (HKLM-x32\...\{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}) (Version: 1.2.0.0 - Blackboard) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.02026 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.02026 - Cisco Systems, Inc.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden ESET Smart Security (HKLM\...\{F7C525E7-659A-47F6-A25A-7A63FA10E767}) (Version: 7.0.302.26 - ESET, spol s r. o.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation) Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation) Java 8 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218000FF}) (Version: 8.0.0 - Oracle Corporation) KromtechAccountService (Version: 1.1.25 - Kromtech) Hidden Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden NoMachine Enterprise Client (HKLM-x32\...\NoMachine Enterprise Client_is1) (Version: 4.2.21 - NoMachine S.a.r.l.) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.) SRS Premium Sound Control Panel (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.3 - Synaptics Incorporated) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer) Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba) TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA) TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation) TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.8.1C - TOSHIBA CORPORATION) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation) TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 1.0.0.5C - Toshiba Corporation) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation) TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation) TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation) TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA) TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA) UniKey Vista 2.0 (HKU\S-1-5-21-3805003500-4178845559-2028292636-1001\...\UniKey Vista 2.0) (Version: - ) Utility Common Driver (x32 Version: 1.0.53.1 - Compal) Hidden VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation) Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 19-12-2014 12:47:41 Scheduled Checkpoint 26-12-2014 13:34:48 Scheduled Checkpoint 30-12-2014 11:51:00 Before uninstalling YAC(Yet Another Cleaner!) 01-01-2015 21:34:54 Before uninstalling Google Chrome ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 16:26 - 2014-12-07 08:46 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0560D970-1D11-45F3-A57F-1ABF7F71B527} - System32\Tasks\GoogleUpdateTaskMachineUA1cfee543aaf6598 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.) Task: {2024A53A-1601-4A84-8C42-63F70DDFAC94} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-11] (Microsoft Corporation) Task: {3C0B4ACE-470F-46AE-8359-CA27E789818A} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe Task: {4809AC4A-C929-42E4-9B97-C60D96C34CB5} - System32\Tasks\AutoKMS => C:\windows\AutoKMS\AutoKMS.exe [2014-03-28] () Task: {5C9E0088-91D9-4CBE-B941-5B1BC8131051} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe Task: {6BE58961-9162-487F-A198-A42CEDD482F5} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-28] (TOSHIBA Corporation) Task: {7502774B-139C-4827-8679-031DB3ABD9EB} - System32\Tasks\{84F4ECFF-F670-4555-85F6-18E69E7EF461} => pcalua.exe -a C:\Users\ThanhUTS\Downloads\yet_another_cleaner_sk_85837.exe -d C:\Users\ThanhUTS\Downloads Task: {7DCCE2A5-C789-4E75-A5C3-9BCC0BD1DE71} - System32\Tasks\{63D75DF5-7C57-4433-89ED-360DDD89D642} => pcalua.exe -a C:\Users\ThanhUTS\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=tugs Task: {9A4B64B4-8114-442F-9D25-EDACD9E83C69} - System32\Tasks\GoogleUpdateTaskMachineUA1cf69e28cec3b3f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.) Task: {9AFDC704-2A95-4827-889A-2A8D17105F6F} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-29] (Synaptics Incorporated) Task: {9FEFD7A4-290C-4476-8CE2-A58C10F6857A} - System32\Tasks\GoogleUpdateTaskMachineCore1cfff427f01386b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.) Task: {AE78240C-9FFA-4CB8-A947-37D6C7E38444} - System32\Tasks\{18E25A6D-7EC8-4CE8-BE90-C0A11B161241} => pcalua.exe -a "C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe" Task: {BB87E9CD-B7DF-4772-A696-2452551B6161} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {C49CAFA3-C0A5-408F-9C0A-29D607080A26} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.) Task: {D5ED19E1-2D09-4FBC-8F88-F173613F0708} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-06-02 23:21 - 2014-04-17 22:54 - 00842928 _____ () C:\Program Files (x86)\NoMachine Enterprise Client\bin\libnxlp64.dll 2012-07-19 13:38 - 2012-07-19 13:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2012-07-19 13:38 - 2012-07-19 13:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll 2011-08-13 09:57 - 2011-08-13 09:57 - 00437632 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe 2012-08-14 14:13 - 2012-08-14 14:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll 2006-04-19 10:55 - 2006-04-19 10:55 - 00675840 _____ () C:\Program Files (x86)\UniKey Vista 2.0\UniKeyVista2.0.exe 2012-07-26 07:44 - 2012-07-26 07:35 - 00129024 _____ () C:\windows\system32\WinMetadata\Windows.UI.winmd 2012-07-26 07:44 - 2012-07-26 07:35 - 00036864 _____ () C:\windows\system32\WinMetadata\Windows.Data.winmd 2012-07-26 07:44 - 2012-07-26 07:35 - 00022016 _____ () C:\windows\system32\WinMetadata\Windows.Foundation.winmd 2011-03-17 18:07 - 2011-03-17 18:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-21 09:23 - 2010-10-21 09:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-12-14 00:45 - 2012-12-14 00:45 - 00063560 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2012-11-16 18:02 - 2012-06-26 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2006-04-19 10:53 - 2006-04-19 10:53 - 00188416 _____ () C:\Program Files (x86)\UniKey Vista 2.0\UKHook40.dll 2015-01-01 22:09 - 2014-12-06 12:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll 2015-01-01 22:09 - 2014-12-06 12:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll 2015-01-01 22:09 - 2014-12-06 12:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll 2015-01-01 22:09 - 2014-12-06 12:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll 2015-01-01 22:09 - 2014-12-06 12:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3805003500-4178845559-2028292636-500 - Administrator - Disabled) Guest (S-1-5-21-3805003500-4178845559-2028292636-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3805003500-4178845559-2028292636-1003 - Limited - Enabled) ThanhUTS (S-1-5-21-3805003500-4178845559-2028292636-1001 - Administrator - Enabled) => C:\Users\ThanhUTS ==================== Faulty Device Manager Devices ============= Name: USB-IF xHCI USB Host Controller Description: USB-IF xHCI USB Host Controller Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee} Manufacturer: Intel Corporation Service: XHCIPort Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz Percentage of memory in use: 30% Total physical RAM: 6033.93 MB Available physical RAM: 4173.51 MB Total Pagefile: 12177.93 MB Available Pagefile: 10212.34 MB Total Virtual: 8192 MB Available Virtual: 8191.77 MB ==================== Drives ================================ Drive c: (PROGRAM) (Fixed) (Total:113.69 GB) (Free:72.87 GB) NTFS Drive d: (DATA) (Fixed) (Total:195.31 GB) (Free:193.61 GB) NTFS Drive e: (ENTERTAINMENT) (Fixed) (Total:146.48 GB) (Free:130.15 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 11.2 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================