Please here is the log file
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2015
Ran by GEOFFERY (administrator) on UDENWANI on 15-04-2015 02:36:30
Running from C:\Users\GEOFFERY\Desktop
Loaded Profiles: GEOFFERY (Available profiles: GEOFFERY)
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\ProgramData\Airtel Broadband\OnlineUpdate\ouc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\MTN F@stLink\OnlineUpdate\ouc.exe
(Proxy Labs) C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe
(Paessler AG) C:\Program Files (x86)\PRTG Network Monitor\PRTG Server.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Paessler AG) C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Speedbit Ltd.) C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
() C:\Program Files (x86)\Tether\TBService.exe
(TorchMedia Inc.) C:\Users\GEOFFERY\AppData\Local\Torch\Update\TorchCrashHandler.exe
() C:\Program Files (x86)\MTN F@stLink\AssistantServices.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\MTN F@stLink\UIExec.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\MTN F@stLink\MTN F@stLink.exe
() C:\Users\GEOFFERY\Desktop\BIS+SS\SimpleServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ProxyCap] => C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe [2599936 2014-07-06] (Proxy Labs)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-18] (Research In Motion Limited)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\MTN F@stLink\UIExec.exe [139088 2011-03-17] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [835288 2014-08-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21644384 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [se] => C:\Users\GEOFFERY\AppData\Roaming\SkypEmoticons\SE.exe [5679008 2014-11-20] (SkypEmoticons)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [LiveSupport] => "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [uTorrent] => C:\Users\GEOFFERY\AppData\Roaming\uTorrent\uTorrent.exe [1728336 2014-12-21] (BitTorrent Inc.)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3890768 2015-02-23] (Tonec Inc.)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [9882448 2014-10-06] (Visicom Media Inc.)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [4242064 2015-01-29] (Speedbit Ltd.)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [1163072 2012-04-12] (DT Soft Ltd)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [tsiVideo] => C:\Windows\SysWOW64\rundll32.exe C:\Users\GEOFFERY\AppData\Local\Temp\\mdi064.dll,asdasd <===== ATTENTION
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {1dada5ae-8f72-11e4-bea2-b8ee656c9248} - "F:\Windows\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {2c027a55-8689-11e4-be9b-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {383fcbd2-53d1-11e4-be77-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {40422c21-7233-11e4-be8c-c4346b4849e3} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {43cdebcb-acab-11e4-bec6-c4346b4849e3} - "G:\laucher.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {43dfe6fa-68b9-11e4-be88-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {600cbd8d-bf21-11e4-bed5-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {62f1d66d-d3b1-11e4-beee-b8ee656ce068} - "G:\setup.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {666d76e0-69e1-11e4-be8a-c4346b4849e3} - "G:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {666d7952-69e1-11e4-be8a-c4346b4849e3} - "I:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {83b72845-2eec-11e4-be6e-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {bc96256e-2411-11e4-be6a-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {bc9625e0-2411-11e4-be6a-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {d2b27d90-74ce-11e4-be8d-b8ee656c9248} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {f183abe2-9b45-11e4-bea5-c4346b4849e3} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {f183ac23-9b45-11e4-bea5-c4346b4849e3} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {f89c9ff5-33d8-11e4-be72-b8ee656ce068} - "I:\AutoRun.exe"
Startup: C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-2198692194-3404810195-2407512553-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2198692194-3404810195-2407512553-1001] => 127.0.0.1:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchalgo.com/?cid=5072
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
SearchScopes: HKLM-x32 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=F1Ra1&q={searchTerms}
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?unqvl=63&idate=2015/03/24&l=1&q={searchTerms}
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coolsearches.info/...&hid=4751682993849244761&lg=EN&cc=NG&unqvl=85
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> DefaultScope {a8177b71-ee19-4e0f-b2f9-02d533eb946D} URL = http://www.searchalgo.com/search.html?q={searchTerms}&cid=5072
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {a8177b71-ee19-4e0f-b2f9-02d533eb946D} URL = http://www.searchalgo.com/search.html?q={searchTerms}&cid=5072
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: SaalEPlus -> {513e12d2-f079-4adc-a4fc-5771006df6cb} -> C:\Program Files (x86)\SaalEPlus\E6ePluvXeRIsPa.x64.dll [2015-03-24] ()
BHO: SalePluus -> {7f7850e9-0b94-42d1-bb54-f449092c0686} -> C:\Program Files (x86)\SalePluus\rUR0MAu4s7es8o.x64.dll [2015-03-26] ()
BHO: youtubeadblocker -> {a57942b0-1098-464f-bddd-36e85047f2bc} -> C:\Program Files (x86)\youtubeadblocker\SlB36L7zeIVN8c.x64.dll No File
BHO: SalePLus -> {a7e93dc1-bcd4-481f-8ba0-ab52cfd1c9ab} -> C:\Program Files (x86)\SalePLus\4Rx8vVEQf3HYSw.x64.dll [2015-03-24] ()
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll [2015-01-28] (Speedbit Ltd.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.109.2.97 10.109.5.97
Tcpip\..\Interfaces\{46B6BAE7-18EE-4DFE-9350-7A05703EB645}: [NameServer] 10.109.2.97 10.109.5.97
Tcpip\..\Interfaces\{55067579-DA9A-4E67-94A4-DD8A03A165AB}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{80602E45-81AF-4059-A08B-F6CCCD642126}: [NameServer] 10.109.2.97 10.109.5.97
Tcpip\..\Interfaces\{923F1A57-A3B4-45D8-99BA-16FF7BD43085}: [NameServer] 10.109.2.97 10.109.5.97
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
FireFox:
========
FF ProfilePath: C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992
FF NewTab: hxxp://www.searchalgo.com/?cid=5072
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchfix.info/?unqvl=63&idate=2015/03/24&l=1&q=
FF SearchEngineOrder.1: SearchAlgo
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: SearchAlgo
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://www.searchalgo.com/?cid=5072
FF Keyword.URL: hxxp://websearch.searchfix.info/?unqvl=63&idate=2015/03/24&l=1&q=
FF NetworkProxy: "backup.ftp", "127.0.0.1"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "127.0.0.1"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "127.0.0.1"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: TorchVLC -> C:\Users\GEOFFERY\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF SearchPlugin: C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\searchplugins\SearchAlgo.xml [2015-04-03]
FF SearchPlugin: C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\searchplugins\speedbit.xml [2015-01-28]
FF SearchPlugin: C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\searchplugins\WebSearch.xml [2015-03-24]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml [2014-11-19]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2014-11-20]
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2015
Ran by GEOFFERY (administrator) on UDENWANI on 15-04-2015 02:36:30
Running from C:\Users\GEOFFERY\Desktop
Loaded Profiles: GEOFFERY (Available profiles: GEOFFERY)
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\ProgramData\Airtel Broadband\OnlineUpdate\ouc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\MTN F@stLink\OnlineUpdate\ouc.exe
(Proxy Labs) C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe
(Paessler AG) C:\Program Files (x86)\PRTG Network Monitor\PRTG Server.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Paessler AG) C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Speedbit Ltd.) C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
() C:\Program Files (x86)\Tether\TBService.exe
(TorchMedia Inc.) C:\Users\GEOFFERY\AppData\Local\Torch\Update\TorchCrashHandler.exe
() C:\Program Files (x86)\MTN F@stLink\AssistantServices.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\MTN F@stLink\UIExec.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\MTN F@stLink\MTN F@stLink.exe
() C:\Users\GEOFFERY\Desktop\BIS+SS\SimpleServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ProxyCap] => C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe [2599936 2014-07-06] (Proxy Labs)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-18] (Research In Motion Limited)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\MTN F@stLink\UIExec.exe [139088 2011-03-17] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [835288 2014-08-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21644384 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [se] => C:\Users\GEOFFERY\AppData\Roaming\SkypEmoticons\SE.exe [5679008 2014-11-20] (SkypEmoticons)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [LiveSupport] => "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [uTorrent] => C:\Users\GEOFFERY\AppData\Roaming\uTorrent\uTorrent.exe [1728336 2014-12-21] (BitTorrent Inc.)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3890768 2015-02-23] (Tonec Inc.)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [9882448 2014-10-06] (Visicom Media Inc.)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [4242064 2015-01-29] (Speedbit Ltd.)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [1163072 2012-04-12] (DT Soft Ltd)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [tsiVideo] => C:\Windows\SysWOW64\rundll32.exe C:\Users\GEOFFERY\AppData\Local\Temp\\mdi064.dll,asdasd <===== ATTENTION
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {1dada5ae-8f72-11e4-bea2-b8ee656c9248} - "F:\Windows\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {2c027a55-8689-11e4-be9b-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {383fcbd2-53d1-11e4-be77-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {40422c21-7233-11e4-be8c-c4346b4849e3} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {43cdebcb-acab-11e4-bec6-c4346b4849e3} - "G:\laucher.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {43dfe6fa-68b9-11e4-be88-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {600cbd8d-bf21-11e4-bed5-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {62f1d66d-d3b1-11e4-beee-b8ee656ce068} - "G:\setup.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {666d76e0-69e1-11e4-be8a-c4346b4849e3} - "G:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {666d7952-69e1-11e4-be8a-c4346b4849e3} - "I:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {83b72845-2eec-11e4-be6e-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {bc96256e-2411-11e4-be6a-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {bc9625e0-2411-11e4-be6a-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {d2b27d90-74ce-11e4-be8d-b8ee656c9248} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {f183abe2-9b45-11e4-bea5-c4346b4849e3} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {f183ac23-9b45-11e4-bea5-c4346b4849e3} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {f89c9ff5-33d8-11e4-be72-b8ee656ce068} - "I:\AutoRun.exe"
Startup: C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-2198692194-3404810195-2407512553-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2198692194-3404810195-2407512553-1001] => 127.0.0.1:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchalgo.com/?cid=5072
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
SearchScopes: HKLM-x32 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=F1Ra1&q={searchTerms}
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?unqvl=63&idate=2015/03/24&l=1&q={searchTerms}
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coolsearches.info/...&hid=4751682993849244761&lg=EN&cc=NG&unqvl=85
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> DefaultScope {a8177b71-ee19-4e0f-b2f9-02d533eb946D} URL = http://www.searchalgo.com/search.html?q={searchTerms}&cid=5072
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {a8177b71-ee19-4e0f-b2f9-02d533eb946D} URL = http://www.searchalgo.com/search.html?q={searchTerms}&cid=5072
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: SaalEPlus -> {513e12d2-f079-4adc-a4fc-5771006df6cb} -> C:\Program Files (x86)\SaalEPlus\E6ePluvXeRIsPa.x64.dll [2015-03-24] ()
BHO: SalePluus -> {7f7850e9-0b94-42d1-bb54-f449092c0686} -> C:\Program Files (x86)\SalePluus\rUR0MAu4s7es8o.x64.dll [2015-03-26] ()
BHO: youtubeadblocker -> {a57942b0-1098-464f-bddd-36e85047f2bc} -> C:\Program Files (x86)\youtubeadblocker\SlB36L7zeIVN8c.x64.dll No File
BHO: SalePLus -> {a7e93dc1-bcd4-481f-8ba0-ab52cfd1c9ab} -> C:\Program Files (x86)\SalePLus\4Rx8vVEQf3HYSw.x64.dll [2015-03-24] ()
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll [2015-01-28] (Speedbit Ltd.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.109.2.97 10.109.5.97
Tcpip\..\Interfaces\{46B6BAE7-18EE-4DFE-9350-7A05703EB645}: [NameServer] 10.109.2.97 10.109.5.97
Tcpip\..\Interfaces\{55067579-DA9A-4E67-94A4-DD8A03A165AB}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{80602E45-81AF-4059-A08B-F6CCCD642126}: [NameServer] 10.109.2.97 10.109.5.97
Tcpip\..\Interfaces\{923F1A57-A3B4-45D8-99BA-16FF7BD43085}: [NameServer] 10.109.2.97 10.109.5.97
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
FireFox:
========
FF ProfilePath: C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992
FF NewTab: hxxp://www.searchalgo.com/?cid=5072
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchfix.info/?unqvl=63&idate=2015/03/24&l=1&q=
FF SearchEngineOrder.1: SearchAlgo
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: SearchAlgo
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://www.searchalgo.com/?cid=5072
FF Keyword.URL: hxxp://websearch.searchfix.info/?unqvl=63&idate=2015/03/24&l=1&q=
FF NetworkProxy: "backup.ftp", "127.0.0.1"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "127.0.0.1"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "127.0.0.1"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: TorchVLC -> C:\Users\GEOFFERY\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF SearchPlugin: C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\searchplugins\SearchAlgo.xml [2015-04-03]
FF SearchPlugin: C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\searchplugins\speedbit.xml [2015-01-28]
FF SearchPlugin: C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\searchplugins\WebSearch.xml [2015-03-24]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml [2014-11-19]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2014-11-20]