Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by admin (administrator) on ADMIN-PC on 19-03-2015 10:34:25
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available profiles: admin & MSSQL$HUY)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bkav Corporation) C:\Program Files (x86)\BkavHome\BkavHomeUpdateService.exe
(Bkav Corporation) C:\Windows\SysWOW64\BkavService.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(AV Security Software) C:\Windows\mlwps.exe
() D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe
(CANON INC.) C:\Windows\System32\CNAB3RPD.EXE
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe
() D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Users\admin\AppData\Roaming\SpeedTray\speedtray.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Update\1.3.39.13\CocCocCrashHandler.exe
(CyberLink Corp.) D:\DUY\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Users\admin\AppData\Local\GC\runner.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Dolphin Deals\bin\utilDolphinDeals.exe
(Irismedia) C:\Program Files (x86)\hosts\hosts-bg.exe
() C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BrowserAdapter.exe
() C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BrowserAdapter64.exe
() C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BOASHelper.exe
() C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.expext.exe
() C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.PurBrowse64.exe
() C:\Program Files (x86)\Dolphin Deals\updateDolphinDeals.exe
() C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BOASPRT.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Google Inc.) C:\Users\admin\AppData\Local\GC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\GC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\GC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\GC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\GC\Chrome-bin\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2057000 2010-02-18] (Synaptics Incorporated)
HKLM\...\Run: [Chew7Hale] => C:\Windows\System32\hale.exe [2169856 2012-11-07] ()
HKLM-x32\...\Run: [YouCam Service] => D:\DUY\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-10-16] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BkavHome] => C:\Program Files (x86)\BkavHome\BkavHome.exe [2435584 2015-01-14] (Bkav Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [UniKey] => C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe [316928 2009-11-02] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\admin\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [GarenaPlus] => D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe [9981528 2015-01-20] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [CocCoc Update] => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [141528 2015-01-30] (Itim Technologies Co., Ltd.)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [Microsoft Application Manager] => C:\Users\admin\AppData\Roaming\Microsoft\ApplicationManager\mst.exe [193536 2014-03-26] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [SpeedTray] => C:\Users\admin\AppData\Roaming\SpeedTray\speedtray.exe [725518 2014-12-24] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [COOL] => wscript.exe //B "C:\Users\admin\AppData\Roaming\COOL.vbs"
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe [351904 2012-11-09] (Adobe Systems Incorporated)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COOL.vbs ()
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP3000 Status Window.lnk
ShortcutTarget: Canon LBP3000 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB3LAD.EXE (CANON INC.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-3818046159-3689817371-2580797029-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3818046159-3689817371-2580797029-1000] => 127.0.0.1:8118
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 0x00
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 0x00
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 0x00
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 0x00
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {01bd49d7-c76b-4310-8beb-14d7e5f322c6} URL = http://search.easylifeapp.com/?q={s...c=ie2&r=2013/04/07&hid=4113113638&lg=EN&cc=VN
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchesplace.info...013/08/08&hid=4113113638&lg=EN&cc=VN&unqvl=30
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://start.mysearchdial.com/resul...FtCtAyBzytN1L1CzutCyD1B1P1R&cr=1042115618&ir=
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> {01bd49d7-c76b-4310-8beb-14d7e5f322c6} URL = http://search.easylifeapp.com/?q={s...c=ie2&r=2013/04/07&hid=4113113638&lg=EN&cc=VN
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://start.mysearchdial.com/resul...FtCtAyBzytN1L1CzutCyD1B1P1R&cr=1042115618&ir=
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B8B9685D43D1A3C2&affID=120695&tsp=5023
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
BHO: hosts -> {11111111-1111-1111-1111-110311531182} -> C:\Program Files (x86)\hosts\hosts-bho64.dll [2013-10-02] (Irismedia)
BHO: TrustMediaViewerV1alpha2724 -> {6b9694c1-2bda-43e2-94d3-dbd1b01b1c99} -> C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2724\ie\TrustMediaViewerV1alpha2724x64.dll [2014-06-26] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-04-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-04-04] (Oracle Corporation)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: SearchNewTab -> {0727E909-6CCD-BC6E-1AF5-766629DFA1FC} -> C:\ProgramData\SearchNewTab\Pt.dll [2012-08-08] ()
BHO-x32: hosts -> {11111111-1111-1111-1111-110311531182} -> C:\Program Files (x86)\hosts\hosts-bho.dll [2013-10-02] (Irismedia)
BHO-x32: Dolphin Deals 1.0.0.7 -> {15a4ce1e-d288-4d04-85bf-907170010a7a} -> C:\Program Files (x86)\Dolphin Deals\DolphinDealsbho.dll [2015-02-04] (Dolphin Deals)
BHO-x32: BkavSiteAdvisorEngine Class -> {2876549C-1023-4AA0-82FF-8ED7112D5269} -> C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll [2014-04-03] (Bkav Corporation)
BHO-x32: Media View -> {292a9c09-66a9-4123-85ac-222c4687b7c2} -> C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha45\ie\MediaViewV1alpha45.dll [2014-02-26] ()
BHO-x32: SearchNewTab -> {52277627-029D-B628-0018-88DEBE87176F} -> C:\ProgramData\SearchNewTab\51cebe6cefb8f.dll [2013-06-29] ()
BHO-x32: soaofEE saave -> {5BA25F6F-43EA-885B-D7E1-7AF775B28E35} -> C:\ProgramData\soaofEE saave\51cebe6178ebd.dll [2013-06-29] ()
BHO-x32: Trust Media Viewer -> {6b9694c1-2bda-43e2-94d3-dbd1b01b1c99} -> C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2724\ie\TrustMediaViewerV1alpha2724.dll [2014-06-26] ()
BHO-x32: BetterSurf -> {6E3C6B04-08FE-43BC-8E50-F90285024DEA} -> C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll [2013-11-13] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: Better-Surf -> {8271B5D6-76D3-4ABF-AEB3-1721161C76BC} -> C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll [2013-11-25] ()
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> E:\Huy\Window\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation)
BHO-x32: Video Player -> {8c5f32e4-6041-4971-ac87-682ed8142443} -> C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta640\ie\VideoPlayerV3beta640.dll [2014-01-08] ()
BHO-x32: Rich Media View -> {8fd55b40-fa85-4da7-97e3-9bc4f1e19a26} -> C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release961\ie\RichMediaViewV1release961.dll [2014-05-13] ()
BHO-x32: BryOOwsee2ssavoe -> {901CD782-0464-2CCD-80DE-74253A767314} -> C:\ProgramData\BryOOwsee2ssavoe\515edbe4c903b.dll [2013-04-05] ()
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Media View -> {90d9818b-8fc1-4d4b-88e7-2074b23c0bbf} -> C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3170\ie\MediaViewV1alpha3170.dll [2014-02-27] ()
BHO-x32: SearchNewTab -> {973AEBF9-6677-0B1D-805B-461A6610469C} -> C:\ProgramData\SearchNewTab\51cec9d0d6a16.dll [2013-06-29] ()
BHO-x32: Media Player -> {98646bc7-0aff-4397-9c82-4a19e39c12f6} -> C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha335\ie\MediaPlayerV1alpha335.dll [2014-01-28] ()
BHO-x32: Media Buzz -> {9a88259d-0ed6-487f-9c13-7226acf25a0f} -> C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5557\ie\MediaBuzzV1mode5557.dll [2014-04-24] ()
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Rich Media View -> {c70985eb-33b8-45cf-9570-853fdb4d4808} -> C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release4398\ie\RichMediaViewV1release4398.dll [2014-05-14] ()
BHO-x32: soaofEE saave -> {C764A995-9013-3BFD-B070-846E6F0BC454} -> C:\ProgramData\soaofEE saave\51cebdc3b8850.dll [2013-06-29] ()
BHO-x32: Media Watch -> {c83b83bb-248b-47e2-a6ae-b8bbf940ae49} -> C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home412\ie\MediaWatchV1home412.dll [2014-03-20] ()
BHO-x32: saveenshhaire -> {CD2AAB10-6B84-A81F-DF0D-6A1CAF6FF7AD} -> C:\ProgramData\saveenshhaire\rti6l.dll [2013-08-08] ()
BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll [2015-02-06] (Jelbrus)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: SearchNewTab -> {DFBE860F-A916-B5F6-D027-E353DA36659C} -> C:\ProgramData\SearchNewTab\51cebe3424822.dll [2013-06-29] ()
BHO-x32: mysearchdial Helper Object -> {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll No File
BHO-x32: Media Viewer -> {f9c04e97-8374-4c84-a242-0f918e4b4726} -> C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha680\ie\MediaViewerV1alpha680.dll [2014-02-23] ()
Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll No File
Handler-x32: bksa - {AFBCA127-FD48-4FF5-B523-0E0DB4B8C295} - C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll [2014-04-03] (Bkav Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27] (Skype Technologies S.A.)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D0ED8A5C-3945-4A08-9E15-4394A60F2552}: [NameServer] 208.67.222.222,208.67.220.220
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll [2012-11-09] ()
FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\Windows\system32\npDeployJava1.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll [2012-11-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> D:\DUY\GAMES\HaG\Heroes & Generals\live\npretoxlive.dll No File
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-11-04] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @t.garena.com/garenatalk -> D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-21] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: xyzgl-plugin@xyz-soft.com -> C:\Program Files (x86)\Fairy Tail 3D\npxyzgl.dll No File
FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff
FF Extension: BetterSurf - C:\Program Files (x86)\BetterSurf\ff [2013-11-15]
FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
FF Extension: Better-Surf - C:\Program Files (x86)\Better-Surf\ff [2013-11-25]
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta640.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta640\ff
FF Extension: Video Player - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta640\ff [2014-01-10]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha335.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha335\ff
FF Extension: Media Player - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha335\ff [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewerV1alpha680.net] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha680\ff
FF Extension: Media Viewer - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha680\ff [2014-02-24]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha45.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha45\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha45\ff [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha3170.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3170\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3170\ff [2014-03-16]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home412.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home412\ff
FF Extension: Media Watch - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home412\ff [2014-03-23]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaBuzzV1mode5557.net] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5557\ff
FF Extension: Media Buzz - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5557\ff [2014-04-26]
FF HKLM-x32\...\Firefox\Extensions: [ext@RichMediaViewV1release4398.net] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release4398\ff
FF Extension: Rich Media View - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release4398\ff [2014-05-14]
FF HKLM-x32\...\Firefox\Extensions: [ext@TrustMediaViewerV1alpha2724.net] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2724\ff
FF Extension: Trust Media Viewer - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2724\ff [2014-06-29]
FF HKLM-x32\...\Firefox\Extensions: [bkavsiteadvisor@bkav.com.vn] - C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox
FF Extension: Bkav SiteAdvisor - C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox [2014-09-17]
FF HKLM-x32\...\Firefox\Extensions: [ext@RichMediaViewV1release961.net] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release961\ff
FF Extension: Rich Media View - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release961\ff [2014-10-26]
Ran by admin (administrator) on ADMIN-PC on 19-03-2015 10:34:25
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available profiles: admin & MSSQL$HUY)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bkav Corporation) C:\Program Files (x86)\BkavHome\BkavHomeUpdateService.exe
(Bkav Corporation) C:\Windows\SysWOW64\BkavService.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(AV Security Software) C:\Windows\mlwps.exe
() D:\GAMES\LienMinhHuyenThoai\GameData\ggdllhost.exe
(CANON INC.) C:\Windows\System32\CNAB3RPD.EXE
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe
() D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Users\admin\AppData\Roaming\SpeedTray\speedtray.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Update\1.3.39.13\CocCocCrashHandler.exe
(CyberLink Corp.) D:\DUY\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Users\admin\AppData\Local\GC\runner.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Dolphin Deals\bin\utilDolphinDeals.exe
(Irismedia) C:\Program Files (x86)\hosts\hosts-bg.exe
() C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BrowserAdapter.exe
() C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BrowserAdapter64.exe
() C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BOASHelper.exe
() C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.expext.exe
() C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.PurBrowse64.exe
() C:\Program Files (x86)\Dolphin Deals\updateDolphinDeals.exe
() C:\Program Files (x86)\Dolphin Deals\bin\DolphinDeals.BOASPRT.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Itim Technologies Co., Ltd.) C:\Users\admin\AppData\Local\CocCoc\Browser\Application\browser.exe
(Google Inc.) C:\Users\admin\AppData\Local\GC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\GC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\GC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\GC\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\GC\Chrome-bin\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2057000 2010-02-18] (Synaptics Incorporated)
HKLM\...\Run: [Chew7Hale] => C:\Windows\System32\hale.exe [2169856 2012-11-07] ()
HKLM-x32\...\Run: [YouCam Service] => D:\DUY\UNG DUNG\YouCam 5 v5.0.0909 PreActivated_da fix watermark\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-10-16] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BkavHome] => C:\Program Files (x86)\BkavHome\BkavHome.exe [2435584 2015-01-14] (Bkav Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [UniKey] => C:\UniKey 4.0 RC2 Win64\UniKeyNT.exe [316928 2009-11-02] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\admin\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [GarenaPlus] => D:\GAMES\LienMinhHuyenThoai\GameData\GarenaMessenger.exe [9981528 2015-01-20] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [CocCoc Update] => C:\Users\admin\AppData\Local\CocCoc\Update\CocCocUpdate.exe [141528 2015-01-30] (Itim Technologies Co., Ltd.)
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [Microsoft Application Manager] => C:\Users\admin\AppData\Roaming\Microsoft\ApplicationManager\mst.exe [193536 2014-03-26] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [SpeedTray] => C:\Users\admin\AppData\Roaming\SpeedTray\speedtray.exe [725518 2014-12-24] ()
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\Run: [COOL] => wscript.exe //B "C:\Users\admin\AppData\Roaming\COOL.vbs"
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe [351904 2012-11-09] (Adobe Systems Incorporated)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COOL.vbs ()
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP3000 Status Window.lnk
ShortcutTarget: Canon LBP3000 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB3LAD.EXE (CANON INC.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-3818046159-3689817371-2580797029-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3818046159-3689817371-2580797029-1000] => 127.0.0.1:8118
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 0x00
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 0x00
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1417707889&from=irs&uid=ST9500325AS_5VET5TGDXXXX5VET5TGD
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 0x00
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 0x00
HKU\S-1-5-21-3818046159-3689817371-2580797029-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/...500325AS_5VET5TGDXXXX5VET5TGD&q={searchTerms}
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {01bd49d7-c76b-4310-8beb-14d7e5f322c6} URL = http://search.easylifeapp.com/?q={s...c=ie2&r=2013/04/07&hid=4113113638&lg=EN&cc=VN
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchesplace.info...013/08/08&hid=4113113638&lg=EN&cc=VN&unqvl=30
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://start.mysearchdial.com/resul...FtCtAyBzytN1L1CzutCyD1B1P1R&cr=1042115618&ir=
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> {01bd49d7-c76b-4310-8beb-14d7e5f322c6} URL = http://search.easylifeapp.com/?q={s...c=ie2&r=2013/04/07&hid=4113113638&lg=EN&cc=VN
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://start.mysearchdial.com/resul...FtCtAyBzytN1L1CzutCyD1B1P1R&cr=1042115618&ir=
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B8B9685D43D1A3C2&affID=120695&tsp=5023
SearchScopes: HKU\S-1-5-21-3818046159-3689817371-2580797029-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
BHO: hosts -> {11111111-1111-1111-1111-110311531182} -> C:\Program Files (x86)\hosts\hosts-bho64.dll [2013-10-02] (Irismedia)
BHO: TrustMediaViewerV1alpha2724 -> {6b9694c1-2bda-43e2-94d3-dbd1b01b1c99} -> C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2724\ie\TrustMediaViewerV1alpha2724x64.dll [2014-06-26] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-04-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-04-04] (Oracle Corporation)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: SearchNewTab -> {0727E909-6CCD-BC6E-1AF5-766629DFA1FC} -> C:\ProgramData\SearchNewTab\Pt.dll [2012-08-08] ()
BHO-x32: hosts -> {11111111-1111-1111-1111-110311531182} -> C:\Program Files (x86)\hosts\hosts-bho.dll [2013-10-02] (Irismedia)
BHO-x32: Dolphin Deals 1.0.0.7 -> {15a4ce1e-d288-4d04-85bf-907170010a7a} -> C:\Program Files (x86)\Dolphin Deals\DolphinDealsbho.dll [2015-02-04] (Dolphin Deals)
BHO-x32: BkavSiteAdvisorEngine Class -> {2876549C-1023-4AA0-82FF-8ED7112D5269} -> C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll [2014-04-03] (Bkav Corporation)
BHO-x32: Media View -> {292a9c09-66a9-4123-85ac-222c4687b7c2} -> C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha45\ie\MediaViewV1alpha45.dll [2014-02-26] ()
BHO-x32: SearchNewTab -> {52277627-029D-B628-0018-88DEBE87176F} -> C:\ProgramData\SearchNewTab\51cebe6cefb8f.dll [2013-06-29] ()
BHO-x32: soaofEE saave -> {5BA25F6F-43EA-885B-D7E1-7AF775B28E35} -> C:\ProgramData\soaofEE saave\51cebe6178ebd.dll [2013-06-29] ()
BHO-x32: Trust Media Viewer -> {6b9694c1-2bda-43e2-94d3-dbd1b01b1c99} -> C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2724\ie\TrustMediaViewerV1alpha2724.dll [2014-06-26] ()
BHO-x32: BetterSurf -> {6E3C6B04-08FE-43BC-8E50-F90285024DEA} -> C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll [2013-11-13] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: Better-Surf -> {8271B5D6-76D3-4ABF-AEB3-1721161C76BC} -> C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll [2013-11-25] ()
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> E:\Huy\Window\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation)
BHO-x32: Video Player -> {8c5f32e4-6041-4971-ac87-682ed8142443} -> C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta640\ie\VideoPlayerV3beta640.dll [2014-01-08] ()
BHO-x32: Rich Media View -> {8fd55b40-fa85-4da7-97e3-9bc4f1e19a26} -> C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release961\ie\RichMediaViewV1release961.dll [2014-05-13] ()
BHO-x32: BryOOwsee2ssavoe -> {901CD782-0464-2CCD-80DE-74253A767314} -> C:\ProgramData\BryOOwsee2ssavoe\515edbe4c903b.dll [2013-04-05] ()
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Media View -> {90d9818b-8fc1-4d4b-88e7-2074b23c0bbf} -> C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3170\ie\MediaViewV1alpha3170.dll [2014-02-27] ()
BHO-x32: SearchNewTab -> {973AEBF9-6677-0B1D-805B-461A6610469C} -> C:\ProgramData\SearchNewTab\51cec9d0d6a16.dll [2013-06-29] ()
BHO-x32: Media Player -> {98646bc7-0aff-4397-9c82-4a19e39c12f6} -> C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha335\ie\MediaPlayerV1alpha335.dll [2014-01-28] ()
BHO-x32: Media Buzz -> {9a88259d-0ed6-487f-9c13-7226acf25a0f} -> C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5557\ie\MediaBuzzV1mode5557.dll [2014-04-24] ()
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Rich Media View -> {c70985eb-33b8-45cf-9570-853fdb4d4808} -> C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release4398\ie\RichMediaViewV1release4398.dll [2014-05-14] ()
BHO-x32: soaofEE saave -> {C764A995-9013-3BFD-B070-846E6F0BC454} -> C:\ProgramData\soaofEE saave\51cebdc3b8850.dll [2013-06-29] ()
BHO-x32: Media Watch -> {c83b83bb-248b-47e2-a6ae-b8bbf940ae49} -> C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home412\ie\MediaWatchV1home412.dll [2014-03-20] ()
BHO-x32: saveenshhaire -> {CD2AAB10-6B84-A81F-DF0D-6A1CAF6FF7AD} -> C:\ProgramData\saveenshhaire\rti6l.dll [2013-08-08] ()
BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll [2015-02-06] (Jelbrus)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: SearchNewTab -> {DFBE860F-A916-B5F6-D027-E353DA36659C} -> C:\ProgramData\SearchNewTab\51cebe3424822.dll [2013-06-29] ()
BHO-x32: mysearchdial Helper Object -> {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll No File
BHO-x32: Media Viewer -> {f9c04e97-8374-4c84-a242-0f918e4b4726} -> C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha680\ie\MediaViewerV1alpha680.dll [2014-02-23] ()
Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll No File
Handler-x32: bksa - {AFBCA127-FD48-4FF5-B523-0E0DB4B8C295} - C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll [2014-04-03] (Bkav Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27] (Skype Technologies S.A.)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D0ED8A5C-3945-4A08-9E15-4394A60F2552}: [NameServer] 208.67.222.222,208.67.220.220
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll [2012-11-09] ()
FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\Windows\system32\npDeployJava1.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll [2012-11-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> D:\DUY\GAMES\HaG\Heroes & Generals\live\npretoxlive.dll No File
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-11-04] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @t.garena.com/garenatalk -> D:\GAMES\LienMinhHuyenThoai\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-21] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3818046159-3689817371-2580797029-1000: xyzgl-plugin@xyz-soft.com -> C:\Program Files (x86)\Fairy Tail 3D\npxyzgl.dll No File
FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff
FF Extension: BetterSurf - C:\Program Files (x86)\BetterSurf\ff [2013-11-15]
FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
FF Extension: Better-Surf - C:\Program Files (x86)\Better-Surf\ff [2013-11-25]
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta640.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta640\ff
FF Extension: Video Player - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta640\ff [2014-01-10]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha335.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha335\ff
FF Extension: Media Player - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha335\ff [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewerV1alpha680.net] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha680\ff
FF Extension: Media Viewer - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha680\ff [2014-02-24]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha45.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha45\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha45\ff [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha3170.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3170\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3170\ff [2014-03-16]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home412.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home412\ff
FF Extension: Media Watch - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home412\ff [2014-03-23]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaBuzzV1mode5557.net] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5557\ff
FF Extension: Media Buzz - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5557\ff [2014-04-26]
FF HKLM-x32\...\Firefox\Extensions: [ext@RichMediaViewV1release4398.net] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release4398\ff
FF Extension: Rich Media View - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release4398\ff [2014-05-14]
FF HKLM-x32\...\Firefox\Extensions: [ext@TrustMediaViewerV1alpha2724.net] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2724\ff
FF Extension: Trust Media Viewer - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2724\ff [2014-06-29]
FF HKLM-x32\...\Firefox\Extensions: [bkavsiteadvisor@bkav.com.vn] - C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox
FF Extension: Bkav SiteAdvisor - C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox [2014-09-17]
FF HKLM-x32\...\Firefox\Extensions: [ext@RichMediaViewV1release961.net] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release961\ff
FF Extension: Rich Media View - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release961\ff [2014-10-26]