Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015
Ran by admin (administrator) on ADMIN-PC (05-09-2015 11:17:40)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin & MSSQL$HUY & (Available Profiles: admin & MSSQL$HUY)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(CANON INC.) C:\Windows\System32\CNAB3RPD.EXE
() D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) D:\DUY\UNG DUNG\avast\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) E:\Huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) D:\DUY\UNG DUNG\Game Booster\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe
() D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Update\1.3.39.17\CocCocCrashHandler.exe
(CyberLink Corp.) D:\DUY\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
() D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\BBTalk.exe
(Malwarebytes Corporation) D:\DUY\UNG DUNG\avast\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Solid State Networks) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\lol.exe
() D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\Air\LolClient.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2057000 2010-02-18] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [YouCam Service] => D:\DUY\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-10-16] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [UniKey] => C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe [316928 2009-11-02] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [GarenaPlus] => D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe [10016704 2015-09-03] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [RGSC] => D:\DUY\GAMES\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [CocCoc Update] => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [140488 2015-07-14] (Coc Coc Co., Ltd.)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [UniKey] => C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe [316928 2009-11-02] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarenaPlus] => D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe [10016704 2015-09-03] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RGSC] => D:\DUY\GAMES\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CocCoc Update] => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [140488 2015-07-14] (Coc Coc Co., Ltd.)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-11-14]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP3000 Status Window.lnk [2014-11-30]
ShortcutTarget: Canon LBP3000 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB3LAD.EXE (CANON INC.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D0ED8A5C-3945-4A08-9E15-4394A60F2552}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130850202647942019&GUID=976E6C5F-4404-4638-A704-8719CAF19D3D
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=vi-VN&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fvn.search.yahoo.com%2F%3Ffr%3Dhp%2Dddc%2Dbd%26type%3Dpr%2Dbir%2Ddg%5F%5Falt%5F%5Fddc%5Fdsssyc%5Fbd%5Fcom&OSP=http%3A%2F%2Fvn.search.yahoo.com%2Fyhs%2Fsearch%3Fhspart%3Dddc%26hsimp%3Dyhs%2Dddc%5Fbd%26type%3Dpr%2Dbir%2Ddg%5F%5Falt%5F%5Fddc%5Fdss%5Fbd%5Fcom%26p%3D%7BsearchTerms%7D
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130850202647942019&GUID=976E6C5F-4404-4638-A704-8719CAF19D3D
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=vi-VN&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fvn.search.yahoo.com%2F%3Ffr%3Dhp%2Dddc%2Dbd%26type%3Dpr%2Dbir%2Ddg%5F%5Falt%5F%5Fddc%5Fdsssyc%5Fbd%5Fcom&OSP=http%3A%2F%2Fvn.search.yahoo.com%2Fyhs%2Fsearch%3Fhspart%3Dddc%26hsimp%3Dyhs%2Dddc%5Fbd%26type%3Dpr%2Dbir%2Ddg%5F%5Falt%5F%5Fddc%5Fdss%5Fbd%5Fcom%26p%3D%7BsearchTerms%7D
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-3669532553-1905751560-421692475-2796484278-3223018999 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-80-3669532553-1905751560-421692475-2796484278-3223018999-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: bksa - {AFBCA127-FD48-4FF5-B523-0E0DB4B8C295} - C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27] (Skype Technologies S.A.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll [2012-11-09] ()
FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\Windows\system32\npDeployJava1.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll [2012-11-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: bkav.com.vn/BkavSiteAdvisorPlugin -> C:\Program Files (x86)\BkavHome\npBkavSiteAdvisorPlugin.dll No File
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: bkav.com.vn/BkavSiteAdvisorPlugin -> C:\Program Files (x86)\BkavHome\npBkavSiteAdvisorPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [bkavsiteadvisor@bkav.com.vn] - C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox
Ran by admin (administrator) on ADMIN-PC (05-09-2015 11:17:40)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin & MSSQL$HUY & (Available Profiles: admin & MSSQL$HUY)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(CANON INC.) C:\Windows\System32\CNAB3RPD.EXE
() D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) D:\DUY\UNG DUNG\avast\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) E:\Huy\SQL\Source\MSSQL11.HUY\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) D:\DUY\UNG DUNG\Game Booster\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe
() D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Update\1.3.39.17\CocCocCrashHandler.exe
(CyberLink Corp.) D:\DUY\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
() D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\BBTalk.exe
(Malwarebytes Corporation) D:\DUY\UNG DUNG\avast\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Solid State Networks) D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\lol.exe
() D:\GAMES\LienMinhHuyenThoai\GameData\Apps\lolVN\Air\LolClient.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Coc Coc Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2057000 2010-02-18] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [YouCam Service] => D:\DUY\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-10-16] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [UniKey] => C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe [316928 2009-11-02] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [GarenaPlus] => D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe [10016704 2015-09-03] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [RGSC] => D:\DUY\GAMES\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [CocCoc Update] => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [140488 2015-07-14] (Coc Coc Co., Ltd.)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [UniKey] => C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe [316928 2009-11-02] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarenaPlus] => D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe [10016704 2015-09-03] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RGSC] => D:\DUY\GAMES\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CocCoc Update] => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [140488 2015-07-14] (Coc Coc Co., Ltd.)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-11-14]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP3000 Status Window.lnk [2014-11-30]
ShortcutTarget: Canon LBP3000 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB3LAD.EXE (CANON INC.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D0ED8A5C-3945-4A08-9E15-4394A60F2552}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130850202647942019&GUID=976E6C5F-4404-4638-A704-8719CAF19D3D
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=vi-VN&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fvn.search.yahoo.com%2F%3Ffr%3Dhp%2Dddc%2Dbd%26type%3Dpr%2Dbir%2Ddg%5F%5Falt%5F%5Fddc%5Fdsssyc%5Fbd%5Fcom&OSP=http%3A%2F%2Fvn.search.yahoo.com%2Fyhs%2Fsearch%3Fhspart%3Dddc%26hsimp%3Dyhs%2Dddc%5Fbd%26type%3Dpr%2Dbir%2Ddg%5F%5Falt%5F%5Fddc%5Fdss%5Fbd%5Fcom%26p%3D%7BsearchTerms%7D
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130850202647942019&GUID=976E6C5F-4404-4638-A704-8719CAF19D3D
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=vi-VN&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fvn.search.yahoo.com%2F%3Ffr%3Dhp%2Dddc%2Dbd%26type%3Dpr%2Dbir%2Ddg%5F%5Falt%5F%5Fddc%5Fdsssyc%5Fbd%5Fcom&OSP=http%3A%2F%2Fvn.search.yahoo.com%2Fyhs%2Fsearch%3Fhspart%3Dddc%26hsimp%3Dyhs%2Dddc%5Fbd%26type%3Dpr%2Dbir%2Ddg%5F%5Falt%5F%5Fddc%5Fdss%5Fbd%5Fcom%26p%3D%7BsearchTerms%7D
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-3669532553-1905751560-421692475-2796484278-3223018999 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-80-3669532553-1905751560-421692475-2796484278-3223018999-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: bksa - {AFBCA127-FD48-4FF5-B523-0E0DB4B8C295} - C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27] (Skype Technologies S.A.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll [2012-11-09] ()
FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\Windows\system32\npDeployJava1.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll [2012-11-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: bkav.com.vn/BkavSiteAdvisorPlugin -> C:\Program Files (x86)\BkavHome\npBkavSiteAdvisorPlugin.dll No File
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: bkav.com.vn/BkavSiteAdvisorPlugin -> C:\Program Files (x86)\BkavHome\npBkavSiteAdvisorPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [bkavsiteadvisor@bkav.com.vn] - C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox