Inactive-A Malware dwm.exe and indexer.exe

Status
Not open for further replies.

nolly190

Posts: 7   +0
Please here is the log file
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2015
Ran by GEOFFERY (administrator) on UDENWANI on 15-04-2015 02:36:30
Running from C:\Users\GEOFFERY\Desktop
Loaded Profiles: GEOFFERY (Available profiles: GEOFFERY)
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\ProgramData\Airtel Broadband\OnlineUpdate\ouc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\MTN F@stLink\OnlineUpdate\ouc.exe
(Proxy Labs) C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe
(Paessler AG) C:\Program Files (x86)\PRTG Network Monitor\PRTG Server.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Paessler AG) C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Speedbit Ltd.) C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
() C:\Program Files (x86)\Tether\TBService.exe
(TorchMedia Inc.) C:\Users\GEOFFERY\AppData\Local\Torch\Update\TorchCrashHandler.exe
() C:\Program Files (x86)\MTN F@stLink\AssistantServices.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\MTN F@stLink\UIExec.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\MTN F@stLink\MTN F@stLink.exe
() C:\Users\GEOFFERY\Desktop\BIS+SS\SimpleServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ProxyCap] => C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe [2599936 2014-07-06] (Proxy Labs)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-18] (Research In Motion Limited)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\MTN F@stLink\UIExec.exe [139088 2011-03-17] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [835288 2014-08-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21644384 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [se] => C:\Users\GEOFFERY\AppData\Roaming\SkypEmoticons\SE.exe [5679008 2014-11-20] (SkypEmoticons)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [LiveSupport] => "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [uTorrent] => C:\Users\GEOFFERY\AppData\Roaming\uTorrent\uTorrent.exe [1728336 2014-12-21] (BitTorrent Inc.)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3890768 2015-02-23] (Tonec Inc.)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [9882448 2014-10-06] (Visicom Media Inc.)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [4242064 2015-01-29] (Speedbit Ltd.)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [1163072 2012-04-12] (DT Soft Ltd)
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [tsiVideo] => C:\Windows\SysWOW64\rundll32.exe C:\Users\GEOFFERY\AppData\Local\Temp\\mdi064.dll,asdasd <===== ATTENTION
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {1dada5ae-8f72-11e4-bea2-b8ee656c9248} - "F:\Windows\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {2c027a55-8689-11e4-be9b-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {383fcbd2-53d1-11e4-be77-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {40422c21-7233-11e4-be8c-c4346b4849e3} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {43cdebcb-acab-11e4-bec6-c4346b4849e3} - "G:\laucher.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {43dfe6fa-68b9-11e4-be88-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {600cbd8d-bf21-11e4-bed5-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {62f1d66d-d3b1-11e4-beee-b8ee656ce068} - "G:\setup.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {666d76e0-69e1-11e4-be8a-c4346b4849e3} - "G:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {666d7952-69e1-11e4-be8a-c4346b4849e3} - "I:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {83b72845-2eec-11e4-be6e-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {bc96256e-2411-11e4-be6a-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {bc9625e0-2411-11e4-be6a-b8ee656ce068} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {d2b27d90-74ce-11e4-be8d-b8ee656c9248} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {f183abe2-9b45-11e4-bea5-c4346b4849e3} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {f183ac23-9b45-11e4-bea5-c4346b4849e3} - "F:\AutoRun.exe"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {f89c9ff5-33d8-11e4-be72-b8ee656ce068} - "I:\AutoRun.exe"
Startup: C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2198692194-3404810195-2407512553-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2198692194-3404810195-2407512553-1001] => 127.0.0.1:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchalgo.com/?cid=5072
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
SearchScopes: HKLM-x32 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=F1Ra1&q={searchTerms}
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?unqvl=63&idate=2015/03/24&l=1&q={searchTerms}
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coolsearches.info/...&hid=4751682993849244761&lg=EN&cc=NG&unqvl=85
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> DefaultScope {a8177b71-ee19-4e0f-b2f9-02d533eb946D} URL = http://www.searchalgo.com/search.html?q={searchTerms}&cid=5072
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {a8177b71-ee19-4e0f-b2f9-02d533eb946D} URL = http://www.searchalgo.com/search.html?q={searchTerms}&cid=5072
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: SaalEPlus -> {513e12d2-f079-4adc-a4fc-5771006df6cb} -> C:\Program Files (x86)\SaalEPlus\E6ePluvXeRIsPa.x64.dll [2015-03-24] ()
BHO: SalePluus -> {7f7850e9-0b94-42d1-bb54-f449092c0686} -> C:\Program Files (x86)\SalePluus\rUR0MAu4s7es8o.x64.dll [2015-03-26] ()
BHO: youtubeadblocker -> {a57942b0-1098-464f-bddd-36e85047f2bc} -> C:\Program Files (x86)\youtubeadblocker\SlB36L7zeIVN8c.x64.dll No File
BHO: SalePLus -> {a7e93dc1-bcd4-481f-8ba0-ab52cfd1c9ab} -> C:\Program Files (x86)\SalePLus\4Rx8vVEQf3HYSw.x64.dll [2015-03-24] ()
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll [2015-01-28] (Speedbit Ltd.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.109.2.97 10.109.5.97
Tcpip\..\Interfaces\{46B6BAE7-18EE-4DFE-9350-7A05703EB645}: [NameServer] 10.109.2.97 10.109.5.97
Tcpip\..\Interfaces\{55067579-DA9A-4E67-94A4-DD8A03A165AB}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{80602E45-81AF-4059-A08B-F6CCCD642126}: [NameServer] 10.109.2.97 10.109.5.97
Tcpip\..\Interfaces\{923F1A57-A3B4-45D8-99BA-16FF7BD43085}: [NameServer] 10.109.2.97 10.109.5.97
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX

FireFox:
========
FF ProfilePath: C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992
FF NewTab: hxxp://www.searchalgo.com/?cid=5072
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchfix.info/?unqvl=63&idate=2015/03/24&l=1&q=
FF SearchEngineOrder.1: SearchAlgo
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: SearchAlgo
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://www.searchalgo.com/?cid=5072
FF Keyword.URL: hxxp://websearch.searchfix.info/?unqvl=63&idate=2015/03/24&l=1&q=
FF NetworkProxy: "backup.ftp", "127.0.0.1"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "127.0.0.1"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "127.0.0.1"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: TorchVLC -> C:\Users\GEOFFERY\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF SearchPlugin: C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\searchplugins\SearchAlgo.xml [2015-04-03]
FF SearchPlugin: C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\searchplugins\speedbit.xml [2015-01-28]
FF SearchPlugin: C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\searchplugins\WebSearch.xml [2015-03-24]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml [2014-11-19]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2014-11-20]
 
FF Extension: Avira Browser Safety - C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\Extensions\abs@avira.com [2015-03-31]
FF Extension: IDM CC - C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\Extensions\mozilla_cc@internetdownloadmanager.com [2015-04-06]
FF Extension: Search Enginer - C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\Extensions\searchengine@gmail.com [2015-03-24]
FF Extension: SaveFrom.net helper - C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\Extensions\helper@savefrom.net.xpi [2015-01-07]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2015-01-28]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-02-27]
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\istart_ffnt@gmail.com
FF HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\GEOFFERY\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\GEOFFERY\AppData\Roaming\IDM\idmmzcc5 [2015-03-06]
FF HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files (x86)\DAP\DAPFireFox [2015-01-28]
FF HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\GEOFFERY\AppData\Roaming\IDM\idmmzcc5
FF Extension: No Name - C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> 83D3D3ABA70EA83BA55755152DCD77B8E3F87FE811EE750AA4509DFE54865952
CHR DefaultSearchURL: Default -> D658ED442F74A7E98CEEE3F92EB9BE37766FF914DEEA28E16AEDF77F00244BE0
CHR Profile: C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-15]
CHR Extension: (Google Docs) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-15]
CHR Extension: (Google Drive) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-15]
CHR Extension: (YouTube) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-15]
CHR Extension: (Google Search) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-15]
CHR Extension: (Tampermonkey) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-01-07]
CHR Extension: (Xdebug helper) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadndfjplgieldjbigjakmdgkmoaaaoc [2014-11-15]
CHR Extension: (Google Sheets) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-15]
CHR Extension: (Avira Browser Safety) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-15]
CHR Extension: (NetBeans Connector) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hafdlehgocfcodbgjnpecfajgkeejnaa [2014-11-15]
CHR Extension: (Hey Girl) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpmmhaffdebnmkjelaohgjmndeongip [2015-03-24]
CHR Extension: (Silver Bird Plus Twitter Client) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kagejfgngcmkbaacpmcnbpkhmhoeccee [2015-03-24]
CHR Extension: (mpajngnpcmjjeoflljdjpnehcfaldcia) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpajngnpcmjjeoflljdjpnehcfaldcia [2015-04-12]
CHR Extension: (IDM Integration Module) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-03-06]
CHR Extension: (Google Wallet) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-15]
CHR Extension: (Gmail) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-15]
CHR Extension: (SaalEPlus) - C:\ProgramData\gfklgjjghanjhlkepkbmbacgnhbmadga\ []
CHR Extension: (BuyNNssave) - C:\ProgramData\icmdfnaocbhjdijlbhjhcnoadjkbaeip\ []
CHR Extension: (GoSave) - C:\ProgramData\ieoagbfafmkoplmimfiooggffdjmmbkn\ []
CHR Extension: (SalePluus) - C:\ProgramData\kiemmhkanngdinianilpblpdnadfohoa\ []
CHR Extension: (SalePLus) - C:\ProgramData\lmgogmohjfpcfmghbijnecleffggoofd\ []
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-24]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-24]
CHR HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kbhplonhjleiopohgmppianogioknked] - C:\Program Files\Common Files\SpeedBit\SBUpdate\NewTabLaunch.crx [2014-01-24]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Airtel Broadband. RunOuc; C:\Program Files (x86)\Airtel Broadband\UpdateDog\ouc.exe [656976 2013-08-21] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-19] (Research In Motion Limited) [File not signed]
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-08-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-08-13] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-08-13] (BlueStack Systems, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-12-08] (Macrovision Europe Ltd.) [File not signed]
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-02-06] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S2 MTN F@stLink. RunOuc; C:\Program Files (x86)\MTN F@stLink\UpdateDog\ouc.exe [246112 2015-01-21] ()
R2 pcapsvc; C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe [2401792 2014-07-06] (Proxy Labs) [File not signed]
R2 PRTGCoreService; C:\Program Files (x86)\PRTG Network Monitor\PRTG Server.exe [7630048 2015-03-31] (Paessler AG)
R2 PRTGProbeService; C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe [9700576 2015-03-31] (Paessler AG)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [2545272 2014-04-15] (Speedbit Ltd.)
R2 Tether; C:\Program Files (x86)\Tether\TBService.exe [50416 2011-09-29] () [File not signed]
R2 TorchCrashHandler; C:\Users\GEOFFERY\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2014-12-04] (TorchMedia Inc.) <==== ATTENTION
R2 UI Assistant Service; C:\Program Files (x86)\MTN F@stLink\AssistantServices.exe [261456 2011-03-17] ()
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-08-13] (BlueStack Systems)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 BthMtpEnum; C:\Windows\system32\DRIVERS\BthMtpEnum.sys [64512 2012-07-26] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-03-26] (DT Soft Ltd)
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [246272 2013-08-21] (Huawei Technologies Co., Ltd.)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49776 2014-07-25] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-08-26] (Realtek Semiconductor Corp.)
R3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [41368 2014-04-15] ()
R1 sbwfpc; C:\Windows\system32\drivers\sbwfpc.sys [47392 2014-07-06] ()
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-08-07] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [35344 2015-04-15] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 02:36 - 2015-04-15 02:37 - 00036288 _____ () C:\Users\GEOFFERY\Desktop\FRST.txt
2015-04-15 02:36 - 2015-04-15 02:36 - 00000000 ____D () C:\FRST
2015-04-15 02:33 - 2015-04-15 02:33 - 02096640 _____ (Farbar) C:\Users\GEOFFERY\Downloads\FRST64.exe
2015-04-15 02:33 - 2015-04-15 02:33 - 02096640 _____ (Farbar) C:\Users\GEOFFERY\Desktop\FRST64.exe
2015-04-15 02:18 - 2015-04-15 02:18 - 00000117 _____ () C:\Windows\system32\netcfg-956343.txt
2015-04-15 02:07 - 2015-04-15 02:07 - 00096784 _____ (CACE Technologies) C:\Windows\SysWOW64\WPRO_41_2001woem.tmp
2015-04-14 22:59 - 2015-04-14 22:59 - 00000117 _____ () C:\Windows\system32\netcfg-6687843.txt
2015-04-14 22:00 - 2015-04-14 22:04 - 14958592 _____ () C:\Users\GEOFFERY\Downloads\RogueKiller.exe
2015-04-14 21:15 - 2015-04-14 21:15 - 00000117 _____ () C:\Windows\system32\netcfg-482140.txt
2015-04-14 21:11 - 2015-04-15 02:07 - 00035344 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2015-04-14 20:48 - 2015-04-14 20:48 - 00000117 _____ () C:\Windows\system32\netcfg-14177890.txt
2015-04-14 20:24 - 2015-04-14 20:24 - 00000117 _____ () C:\Windows\system32\netcfg-12731687.txt
2015-04-14 20:17 - 2015-04-14 20:17 - 00000117 _____ () C:\Windows\system32\netcfg-12325859.txt
2015-04-14 17:04 - 2015-04-14 17:04 - 00000117 _____ () C:\Windows\system32\netcfg-730343.txt
2015-04-14 16:59 - 2015-04-14 16:59 - 00000156 _____ () C:\Windows\system32\netcfg-424218.txt
2015-04-14 16:58 - 2015-04-14 16:58 - 00000117 _____ () C:\Windows\system32\netcfg-380234.txt
2015-04-14 16:56 - 2015-04-14 16:56 - 00000117 _____ () C:\Windows\system32\netcfg-270718.txt
2015-04-14 16:42 - 2015-04-14 16:42 - 00000117 _____ () C:\Windows\system32\netcfg-6938734.txt
2015-04-14 15:50 - 2015-04-14 15:50 - 00000117 _____ () C:\Windows\system32\netcfg-3841078.txt
2015-04-14 10:52 - 2015-04-14 10:52 - 00000117 _____ () C:\Windows\system32\netcfg-89432609.txt
2015-04-14 08:47 - 2015-04-14 08:48 - 00000117 _____ () C:\Windows\system32\netcfg-81954218.txt
2015-04-13 22:21 - 2015-04-13 22:21 - 00000117 _____ () C:\Windows\system32\netcfg-44361812.txt
2015-04-13 20:54 - 2015-04-13 20:54 - 00000117 _____ () C:\Windows\system32\netcfg-39160468.txt
2015-04-13 13:14 - 2015-04-13 13:14 - 00000117 _____ () C:\Windows\system32\netcfg-11556328.txt
2015-04-13 13:13 - 2015-04-13 13:13 - 00000117 _____ () C:\Windows\system32\netcfg-11508406.txt
2015-04-13 13:08 - 2015-04-13 13:08 - 00000117 _____ () C:\Windows\system32\netcfg-11209640.txt
2015-04-13 13:08 - 2015-04-13 13:08 - 00000117 _____ () C:\Windows\system32\netcfg-11208171.txt
2015-04-13 13:08 - 2015-04-13 13:08 - 00000117 _____ () C:\Windows\system32\netcfg-11190250.txt
2015-04-13 13:08 - 2015-04-13 13:08 - 00000117 _____ () C:\Windows\system32\netcfg-11188796.txt
2015-04-13 12:47 - 2015-04-13 12:47 - 00000117 _____ () C:\Windows\system32\netcfg-9933296.txt
2015-04-13 12:47 - 2015-04-13 12:47 - 00000117 _____ () C:\Windows\system32\netcfg-9920218.txt
2015-04-13 12:40 - 2015-04-13 12:40 - 00000131 _____ () C:\Windows\system32\netcfg-9508250.txt
2015-04-13 12:38 - 2015-04-13 12:38 - 00000117 _____ () C:\Windows\system32\netcfg-9432890.txt
2015-04-13 12:35 - 2015-04-13 12:35 - 00000117 _____ () C:\Windows\system32\netcfg-9205953.txt
2015-04-13 12:05 - 2015-04-13 12:05 - 00000156 _____ () C:\Windows\system32\netcfg-7443453.txt
2015-04-13 12:05 - 2015-04-13 12:05 - 00000156 _____ () C:\Windows\system32\netcfg-7414125.txt
2015-04-13 12:04 - 2015-04-13 12:04 - 00000131 _____ () C:\Windows\system32\netcfg-7395734.txt
2015-04-13 12:04 - 2015-04-13 12:04 - 00000131 _____ () C:\Windows\system32\netcfg-7365125.txt
2015-04-13 12:03 - 2015-04-13 12:03 - 00000131 _____ () C:\Windows\system32\netcfg-7296281.txt
2015-04-13 12:02 - 2015-04-13 12:03 - 00000156 _____ () C:\Windows\system32\netcfg-7275437.txt
2015-04-13 12:02 - 2015-04-13 12:02 - 00000156 _____ () C:\Windows\system32\netcfg-7236421.txt
2015-04-13 12:01 - 2015-04-13 12:01 - 00000156 _____ () C:\Windows\system32\netcfg-7195812.txt
2015-04-13 12:00 - 2015-04-13 12:00 - 00000117 _____ () C:\Windows\system32\netcfg-7119453.txt
2015-04-13 11:59 - 2015-04-13 11:59 - 00000117 _____ () C:\Windows\system32\netcfg-7047671.txt
2015-04-13 11:05 - 2015-04-13 10:57 - 00701216 _____ () C:\Users\GEOFFERY\Desktop\Adobe CS6 All Products Activator (x32 & x64).rar
2015-04-13 10:38 - 2015-04-13 10:38 - 00000156 _____ () C:\Windows\system32\netcfg-2215250.txt
2015-04-13 10:26 - 2015-04-13 10:33 - 39620744 _____ () C:\Users\GEOFFERY\Downloads\Firefox Setup 38.0b3.exe
2015-04-13 10:26 - 2015-04-13 10:33 - 39620744 _____ () C:\Users\GEOFFERY\Desktop\Firefox Setup 38.0b3.exe
2015-04-13 10:08 - 2015-04-13 10:08 - 00000117 _____ () C:\Windows\system32\netcfg-415343.txt
2015-04-13 10:06 - 2015-04-13 10:06 - 00000117 _____ () C:\Windows\system32\netcfg-306812.txt
2015-04-13 10:04 - 2015-04-13 10:04 - 00000117 _____ () C:\Windows\system32\netcfg-173375.txt
2015-04-13 10:01 - 2015-04-13 10:01 - 00000117 _____ () C:\Windows\system32\netcfg-37768703.txt
2015-04-13 07:51 - 2015-04-13 07:51 - 00000117 _____ () C:\Windows\system32\netcfg-29989984.txt
2015-04-13 06:21 - 2015-04-13 06:21 - 00000117 _____ () C:\Windows\system32\netcfg-24577968.txt
2015-04-13 06:21 - 2015-04-13 06:21 - 00000117 _____ () C:\Windows\system32\netcfg-24574968.txt
2015-04-13 06:21 - 2015-04-13 06:21 - 00000117 _____ () C:\Windows\system32\netcfg-24559109.txt
2015-04-13 00:12 - 2015-04-13 00:12 - 00000117 _____ () C:\Windows\system32\netcfg-2472406.txt
2015-04-12 23:35 - 2015-04-12 23:35 - 00000117 _____ () C:\Windows\system32\netcfg-202609.txt
2015-04-12 23:27 - 2015-04-12 23:27 - 01563673 _____ ( ) C:\Users\GEOFFERY\Downloads\mytxtsetup.exe
2015-04-12 23:10 - 2015-04-12 23:17 - 39156855 _____ () C:\Users\GEOFFERY\Downloads\spb.zip
2015-04-12 21:35 - 2015-04-12 21:35 - 00000156 _____ () C:\Windows\system32\netcfg-121474015.txt
2015-04-12 21:34 - 2015-04-12 21:34 - 00000117 _____ () C:\Windows\system32\netcfg-121417234.txt
2015-04-12 21:34 - 2015-04-12 21:34 - 00000117 _____ () C:\Windows\system32\netcfg-121386406.txt
2015-04-12 14:05 - 2015-04-12 14:05 - 00000117 _____ () C:\Windows\system32\netcfg-94506250.txt
2015-04-12 14:02 - 2015-04-12 14:02 - 00000117 _____ () C:\Windows\system32\netcfg-94303593.txt
2015-04-12 14:01 - 2015-04-12 14:01 - 00000117 _____ () C:\Windows\system32\netcfg-94222062.txt
2015-04-12 00:57 - 2015-04-12 00:57 - 00000117 _____ () C:\Windows\system32\netcfg-47195593.txt
2015-04-12 00:47 - 2015-04-12 00:47 - 00000117 _____ () C:\Windows\system32\netcfg-46580468.txt
2015-04-12 00:45 - 2015-04-12 00:45 - 00000117 _____ () C:\Windows\system32\netcfg-46483484.txt
2015-04-12 00:35 - 2015-04-12 00:36 - 14576979 _____ () C:\Users\GEOFFERY\Downloads\com.creapp.photoeditor-4.3.2-APK4Fun.com.apk
2015-04-11 19:44 - 2015-04-11 19:44 - 00002644 _____ () C:\Users\GEOFFERY\Downloads\example_php.zip
2015-04-11 19:18 - 2015-04-11 19:19 - 00000069 _____ () C:\Users\GEOFFERY\Desktop\prtg license.txt
2015-04-11 19:03 - 2015-04-11 19:03 - 00000117 _____ () C:\Windows\system32\netcfg-25980781.txt
2015-04-11 19:01 - 2015-04-11 19:01 - 00000117 _____ () C:\Windows\system32\netcfg-25871296.txt
2015-04-11 19:01 - 2015-04-11 19:01 - 00000117 _____ () C:\Windows\system32\netcfg-25869843.txt
2015-04-11 19:01 - 2015-04-11 19:01 - 00000117 _____ () C:\Windows\system32\netcfg-25825750.txt
2015-04-11 19:01 - 2015-04-11 19:01 - 00000117 _____ () C:\Windows\system32\netcfg-25824078.txt
2015-04-11 19:00 - 2015-04-11 19:00 - 00000117 _____ () C:\Windows\system32\netcfg-25812062.txt
2015-04-11 18:58 - 2015-04-11 18:58 - 00000117 _____ () C:\Windows\system32\netcfg-25662421.txt
2015-04-11 18:47 - 2015-04-11 18:47 - 00001024 _____ () C:\.rnd
2015-04-11 18:47 - 2015-04-11 18:47 - 00000000 ____D () C:\ProgramData\Paessler
2015-04-11 18:47 - 2015-04-11 18:47 - 00000000 ____D () C:\ProgramData\Licenses
2015-04-11 18:46 - 2015-04-11 18:46 - 00001170 _____ () C:\Users\Public\Desktop\PRTG Enterprise Console.lnk
2015-04-11 18:46 - 2015-04-11 18:46 - 00001135 _____ () C:\Users\Public\Desktop\PRTG Network Monitor.lnk
2015-04-11 18:46 - 2015-04-11 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRTG Network Monitor
2015-04-11 18:45 - 2015-04-15 02:03 - 00000000 ____D () C:\Program Files (x86)\PRTG Network Monitor
2015-04-11 18:36 - 2015-04-11 18:36 - 00000117 _____ () C:\Windows\system32\netcfg-24370593.txt
2015-04-11 18:33 - 2015-04-11 18:33 - 00000117 _____ () C:\Windows\system32\netcfg-24144609.txt
2015-04-11 13:15 - 2015-04-11 13:15 - 00000117 _____ () C:\Windows\system32\netcfg-5077375.txt
2015-04-11 12:20 - 2015-04-11 12:25 - 161148503 _____ () C:\Users\GEOFFERY\Downloads\prtg.zip
2015-04-11 11:58 - 2015-04-11 11:58 - 00000156 _____ () C:\Windows\system32\netcfg-478656.txt
2015-04-11 11:57 - 2015-04-11 11:57 - 00000117 _____ () C:\Windows\system32\netcfg-400343.txt
2015-04-11 11:56 - 2015-04-11 11:56 - 00000117 _____ () C:\Windows\system32\netcfg-376609.txt
2015-04-11 11:53 - 2015-04-11 11:53 - 00000117 _____ () C:\Windows\system32\netcfg-175234.txt
2015-04-11 11:53 - 2015-04-11 11:53 - 00000117 _____ () C:\Windows\system32\netcfg-153093.txt
2015-04-11 11:48 - 2015-04-11 11:48 - 00000117 _____ () C:\Windows\system32\netcfg-177565625.txt
2015-04-11 11:47 - 2015-04-11 11:47 - 00000117 _____ () C:\Windows\system32\netcfg-177520500.txt
2015-04-10 20:51 - 2015-04-10 20:51 - 00000117 _____ () C:\Windows\system32\netcfg-123763796.txt
2015-04-10 20:32 - 2015-04-10 20:33 - 00000117 _____ () C:\Windows\system32\netcfg-122644140.txt
2015-04-10 18:58 - 2015-04-10 18:58 - 00000117 _____ () C:\Windows\system32\netcfg-116988718.txt
2015-04-10 17:35 - 2015-04-10 17:35 - 00000117 _____ () C:\Windows\system32\netcfg-111989718.txt
2015-04-10 15:24 - 2015-04-10 15:24 - 00000117 _____ () C:\Windows\system32\netcfg-104171265.txt
2015-04-10 13:39 - 2015-04-10 13:39 - 00000117 _____ () C:\Windows\system32\netcfg-97818218.txt
2015-04-10 13:36 - 2015-04-10 13:36 - 00000117 _____ () C:\Windows\system32\netcfg-97686812.txt
2015-04-10 01:53 - 2015-04-10 01:53 - 00000117 _____ () C:\Windows\system32\netcfg-55491500.txt
2015-04-10 00:54 - 2015-04-10 00:54 - 00000117 _____ () C:\Windows\system32\netcfg-51935000.txt
2015-04-10 00:52 - 2015-04-10 00:52 - 00000117 _____ () C:\Windows\system32\netcfg-51823984.txt
2015-04-10 00:48 - 2015-04-10 00:48 - 00001082 _____ () C:\Users\GEOFFERY\Desktop\DC-Unlocker client.lnk
2015-04-10 00:48 - 2015-04-10 00:48 - 00000000 ____D () C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC-Unlocker
2015-04-10 00:48 - 2015-04-10 00:48 - 00000000 ____D () C:\Program Files (x86)\DC-Unlocker
2015-04-10 00:46 - 2015-04-10 00:46 - 03695488 _____ (UAB Digiteka) C:\Users\GEOFFERY\Downloads\dc-unlocker_client-1.00.1084.exe
2015-04-09 21:43 - 2015-04-13 21:18 - 00003252 _____ () C:\Windows\System32\Tasks\PC Performer Logon Scan
2015-04-09 20:05 - 2015-04-09 20:05 - 00000156 _____ () C:\Windows\system32\netcfg-34620812.txt
2015-04-09 20:05 - 2015-04-09 20:05 - 00000131 _____ () C:\Windows\system32\netcfg-34587875.txt
2015-04-09 20:04 - 2015-04-09 20:04 - 00000117 _____ () C:\Windows\system32\netcfg-34561718.txt
2015-04-09 20:04 - 2015-04-09 20:04 - 00000117 _____ () C:\Windows\system32\netcfg-34541765.txt
2015-04-09 20:04 - 2015-04-09 20:04 - 00000117 _____ () C:\Windows\system32\netcfg-34538671.txt
2015-04-09 20:04 - 2015-04-09 20:04 - 00000117 _____ () C:\Windows\system32\netcfg-34522359.txt
2015-04-09 15:09 - 2015-04-09 15:09 - 00000117 _____ () C:\Windows\system32\netcfg-16847750.txt
2015-04-09 12:09 - 2015-04-09 12:09 - 00000117 _____ () C:\Windows\system32\netcfg-6048187.txt
2015-04-09 11:20 - 2015-04-09 11:21 - 00000156 _____ () C:\Windows\system32\netcfg-3152328.txt
2015-04-09 11:05 - 2015-04-09 11:05 - 00000117 _____ () C:\Windows\system32\netcfg-2209921.txt
2015-04-09 11:03 - 2015-04-09 11:03 - 00000117 _____ () C:\Windows\system32\netcfg-2087656.txt
2015-04-09 11:00 - 2015-04-09 11:00 - 00000114 _____ () C:\Users\GEOFFERY\Desktop\hotspot.txt
2015-04-09 10:58 - 2015-04-09 10:58 - 00000117 _____ () C:\Windows\system32\netcfg-1801171.txt
2015-04-09 10:58 - 2015-04-09 10:58 - 00000000 ____D () C:\Users\GEOFFERY\Downloads\01299-Modern-Combat-4-Zero-Hour-v1-1-7c-cache1
2015-04-09 10:45 - 2015-04-09 10:45 - 00000117 _____ () C:\Windows\system32\netcfg-998921.txt
2015-04-09 10:29 - 2015-04-09 10:29 - 00000117 _____ () C:\Windows\system32\netcfg-91578.txt
2015-04-09 10:29 - 2015-04-09 10:29 - 00000117 _____ () C:\Windows\system32\netcfg-90468.txt
2015-04-09 10:10 - 2015-04-09 10:11 - 00000156 _____ () C:\Windows\system32\netcfg-43134687.txt
2015-04-09 10:04 - 2015-04-09 10:04 - 00000117 _____ () C:\Windows\system32\netcfg-42749578.txt
2015-04-09 10:03 - 2015-04-09 10:03 - 00000117 _____ () C:\Windows\system32\netcfg-42732531.txt
2015-04-09 10:01 - 2015-04-09 10:01 - 05770505 _____ () C:\Users\GEOFFERY\Downloads\01299-Modern-Combat-4-Zero-Hour-v1-1-7c-patch.zip
2015-04-09 09:59 - 2015-04-09 10:26 - 1240318998 _____ () C:\Users\GEOFFERY\Downloads\01299-Modern-Combat-4-Zero-Hour-v1-1-7c-cache1.zip
2015-04-09 09:57 - 2015-04-09 09:58 - 00000156 _____ () C:\Windows\system32\netcfg-42358671.txt
2015-04-09 09:55 - 2015-04-09 09:55 - 00000117 _____ () C:\Windows\system32\netcfg-42253468.txt
2015-04-09 09:55 - 2015-04-09 09:55 - 00000117 _____ () C:\Windows\system32\netcfg-42253156.txt
2015-04-09 09:55 - 2015-04-09 09:55 - 00000117 _____ () C:\Windows\system32\netcfg-42246906.txt
2015-04-09 09:52 - 2015-04-09 09:52 - 01821360 _____ () C:\Users\GEOFFERY\Downloads\SimpleAndroidServer-2.0_com.simpleandroidserver.simpleandroidserver-2.apk
2015-04-09 09:20 - 2015-04-09 09:23 - 23975306 _____ () C:\Users\GEOFFERY\Downloads\Modern_Combat_4_Zero_Hour_1.1.7c_www.revdl.com.apk
2015-04-09 09:03 - 2015-04-09 09:03 - 00000117 _____ () C:\Windows\system32\netcfg-39097671.txt
2015-04-09 01:24 - 2015-04-09 01:24 - 00000117 _____ () C:\Windows\system32\netcfg-11578000.txt
2015-04-09 00:53 - 2015-04-09 00:53 - 00000117 _____ () C:\Windows\system32\netcfg-9716890.txt
2015-04-09 00:52 - 2015-04-09 00:52 - 00000117 _____ () C:\Windows\system32\netcfg-9655187.txt
2015-04-08 23:56 - 2015-04-08 23:56 - 00000117 _____ () C:\Windows\system32\netcfg-6323031.txt
2015-04-08 22:23 - 2015-04-08 22:23 - 00001131 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-08 22:17 - 2015-04-08 22:17 - 00000156 _____ () C:\Windows\system32\netcfg-376296.txt
2015-04-08 22:17 - 2015-04-08 22:17 - 00000117 _____ () C:\Windows\system32\netcfg-340359.txt
2015-04-08 22:14 - 2015-04-08 22:14 - 00000117 _____ () C:\Windows\system32\netcfg-195359.txt
2015-04-08 22:11 - 2015-04-08 22:11 - 00000117 _____ () C:\Windows\system32\netcfg-23276515.txt
2015-04-08 21:44 - 2015-04-08 21:44 - 00000117 _____ () C:\Windows\system32\netcfg-21678484.txt
2015-04-08 21:35 - 2015-04-08 21:35 - 00000117 _____ () C:\Windows\system32\netcfg-21128796.txt
2015-04-08 21:26 - 2015-04-08 21:26 - 00000117 _____ () C:\Windows\system32\netcfg-20579937.txt
2015-04-08 21:25 - 2015-04-08 21:25 - 00000117 _____ () C:\Windows\system32\netcfg-20533359.txt
2015-04-08 18:23 - 2015-04-08 18:23 - 00389941 _____ () C:\Users\GEOFFERY\Downloads\iAndroGames.CreeHack.v1.1.apk
2015-04-08 18:00 - 2015-04-08 18:03 - 04342172 _____ () C:\Users\GEOFFERY\Downloads\Lucky+Patcher+v5.5.3(http___apkdownloads.wap-ka.apk
2015-04-08 17:10 - 2015-04-08 17:10 - 04522309 _____ () C:\Users\GEOFFERY\Downloads\com.rhmsoft.fm-v2.1.0.185-Android-2.3.apk
2015-04-08 16:39 - 2015-04-08 16:39 - 00289260 _____ () C:\Users\GEOFFERY\Downloads\game-killer.apk
2015-04-08 15:51 - 2015-04-08 15:51 - 00000117 _____ () C:\Windows\system32\netcfg-485968.txt
2015-04-08 15:48 - 2015-04-14 14:47 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-08 15:44 - 2015-04-08 15:44 - 00000117 _____ () C:\Windows\system32\netcfg-97906.txt
2015-04-08 15:39 - 2014-09-06 21:12 - 28574669 _____ () C:\Users\GEOFFERY\Desktop\GUNSHIP-BATTLE-1.1.9 MOD-APK-oym.apk
2015-04-08 15:35 - 2015-04-08 15:35 - 00000000 ____D () C:\Users\GEOFFERY\AppData\Local\globalUpdate
2015-04-08 15:32 - 2015-04-08 15:32 - 01980416 _____ () C:\Users\GEOFFERY\Downloads\VIPGunshipBattleHelicopter3D2015__7934_il64464(1).exe
2015-04-08 15:32 - 2015-04-08 15:32 - 00001222 _____ () C:\Users\GEOFFERY\Desktop\Continue installation .lnk
2015-04-08 15:03 - 2015-04-08 15:10 - 25472569 _____ () C:\Users\GEOFFERY\Downloads\GUNSHIP-BATTLE-1.1.9 MOD-APK-oym.rar
2015-04-08 14:58 - 2015-04-08 14:58 - 03724394 _____ () C:\Users\GEOFFERY\Downloads\Gunship-Battle-Helicopter-3D-Hack.zip
2015-04-08 14:47 - 2015-04-08 14:47 - 04490434 _____ () C:\Users\GEOFFERY\Downloads\Gunship-Battle-Helicopter-3D-Hack-AndroidiOS.rar
2015-04-08 14:34 - 2015-04-08 14:34 - 02048000 _____ () C:\Users\GEOFFERY\Downloads\VIPGunshipBattleHelicopter3D2015__7934_il64464.exe
2015-04-08 14:22 - 2015-04-08 14:22 - 00000117 _____ () C:\Windows\system32\netcfg-26089109.txt
2015-04-08 14:09 - 2015-04-08 14:09 - 00000117 _____ () C:\Windows\system32\netcfg-25274093.txt
2015-04-08 13:30 - 2015-04-08 13:30 - 00000117 _____ () C:\Windows\system32\netcfg-22941468.txt
2015-04-08 11:19 - 2015-04-08 11:19 - 00000117 _____ () C:\Windows\system32\netcfg-15134156.txt
2015-04-08 11:04 - 2015-04-08 11:04 - 01760040 _____ () C:\Users\GEOFFERY\Downloads\wrar521.exe
2015-04-08 11:03 - 2015-04-08 11:03 - 00000117 _____ () C:\Windows\system32\netcfg-14152796.txt
2015-04-08 11:03 - 2015-04-08 11:03 - 00000117 _____ () C:\Windows\system32\netcfg-14119984.txt
 
(x86)\SalePLus
2015-03-24 23:29 - 2015-03-24 23:29 - 00000000 ____D () C:\ProgramData\lmgogmohjfpcfmghbijnecleffggoofd
2015-03-24 23:27 - 2015-03-25 14:53 - 00000000 ____D () C:\ProgramData\{ada660f2-0618-148b-ada6-660f206183c8}
2015-03-24 23:27 - 2015-03-25 14:53 - 00000000 ____D () C:\ProgramData\{00a01f91-90cd-cdab-00a0-01f9190c7e46}
2015-03-24 22:28 - 2015-03-24 22:28 - 00000117 _____ () C:\Windows\system32\netcfg-23035265.txt
2015-03-24 22:27 - 2015-03-24 22:27 - 00000117 _____ () C:\Windows\system32\netcfg-23012250.txt
2015-03-24 21:32 - 2015-03-24 21:32 - 00000117 _____ () C:\Windows\system32\netcfg-19656484.txt
2015-03-24 21:01 - 2015-03-24 21:01 - 00000117 _____ () C:\Windows\system32\netcfg-17828000.txt
2015-03-24 20:07 - 2015-03-24 20:07 - 00000117 _____ () C:\Windows\system32\netcfg-14572531.txt
2015-03-24 16:48 - 2015-03-24 16:48 - 00000117 _____ () C:\Windows\system32\netcfg-2668859.txt
2015-03-24 16:42 - 2015-03-24 16:42 - 00016259 _____ () C:\Users\GEOFFERY\Desktop\JAMB 2015 Unified Tertiary Matriculation Examination e-Registration - Result Slip Page.htm
2015-03-24 16:42 - 2015-03-24 16:42 - 00000000 ____D () C:\Users\GEOFFERY\Desktop\JAMB 2015 Unified Tertiary Matriculation Examination e-Registration - Result Slip Page_files
2015-03-24 16:32 - 2015-03-24 16:32 - 00000117 _____ () C:\Windows\system32\netcfg-1711687.txt
2015-03-24 15:40 - 2015-03-24 15:40 - 00000117 _____ () C:\Windows\system32\netcfg-84588953.txt
2015-03-24 15:27 - 2015-03-24 15:27 - 02653293 _____ () C:\Users\GEOFFERY\Downloads\11030256_361464694037351_1818682728_n.mp4
2015-03-24 14:18 - 2015-03-24 14:22 - 28509232 _____ () C:\Users\GEOFFERY\Downloads\vlc-2.2.0-win32.exe
2015-03-24 14:17 - 2015-03-24 14:22 - 19133578 _____ () C:\Users\GEOFFERY\Downloads\wowslider-win-setup(2).zip
2015-03-24 13:04 - 2015-03-24 13:08 - 00761595 _____ () C:\Users\GEOFFERY\Downloads\10625976_10153692136807977_1356325534_n.mp4
2015-03-24 12:42 - 2015-03-24 12:42 - 00000117 _____ () C:\Windows\system32\netcfg-73944296.txt
2015-03-23 20:56 - 2015-03-23 20:56 - 00000117 _____ () C:\Windows\system32\netcfg-17182796.txt
2015-03-23 20:55 - 2015-03-23 20:55 - 00000117 _____ () C:\Windows\system32\netcfg-17150593.txt
2015-03-23 20:55 - 2015-03-23 20:55 - 00000117 _____ () C:\Windows\system32\netcfg-17108281.txt
2015-03-23 20:48 - 2015-03-23 20:48 - 00000117 _____ () C:\Windows\system32\netcfg-16702140.txt
2015-03-23 20:39 - 2015-03-23 20:39 - 00000117 _____ () C:\Windows\system32\netcfg-16159515.txt
2015-03-23 20:25 - 2015-03-23 20:25 - 00000117 _____ () C:\Windows\system32\netcfg-15336968.txt
2015-03-23 16:12 - 2015-03-23 16:12 - 00000117 _____ () C:\Windows\system32\netcfg-149843.txt
2015-03-23 16:02 - 2015-03-23 16:07 - 79974543 _____ () C:\Users\GEOFFERY\Downloads\Wande Coal - Baby Hello [Official Video].mp4.part
2015-03-23 16:02 - 2015-03-23 16:02 - 00000117 _____ () C:\Windows\system32\netcfg-67592015.txt
2015-03-23 13:18 - 2015-03-23 13:18 - 00000000 ____D () C:\Users\GEOFFERY\Documents\NFCS
2015-03-23 13:00 - 2015-03-23 13:00 - 00000117 _____ () C:\Windows\system32\netcfg-56688187.txt
2015-03-23 12:17 - 2015-03-23 12:17 - 00000117 _____ () C:\Windows\system32\netcfg-54098171.txt
2015-03-23 12:10 - 2015-03-23 12:10 - 00000117 _____ () C:\Windows\system32\netcfg-53723234.txt
2015-03-23 11:42 - 2015-03-23 11:42 - 00000000 ____D () C:\Users\GEOFFERY\AppData\Local\Qualcomm Atheros
2015-03-23 11:28 - 2015-03-23 11:28 - 00000117 _____ () C:\Windows\system32\netcfg-51182953.txt
2015-03-22 23:48 - 2015-03-22 23:48 - 00000117 _____ () C:\Windows\system32\netcfg-9170859.txt
2015-03-22 22:14 - 2015-03-22 22:14 - 00000117 _____ () C:\Windows\system32\netcfg-3542625.txt
2015-03-22 22:13 - 2015-03-22 22:13 - 00000117 _____ () C:\Windows\system32\netcfg-3503109.txt
2015-03-22 22:12 - 2015-03-22 22:12 - 00000117 _____ () C:\Windows\system32\netcfg-3428062.txt
2015-03-22 22:07 - 2015-03-22 22:07 - 00000117 _____ () C:\Windows\system32\netcfg-3109062.txt
2015-03-22 22:03 - 2015-03-22 22:03 - 00000117 _____ () C:\Windows\system32\netcfg-2874546.txt
2015-03-22 21:12 - 2015-03-22 21:12 - 00000117 _____ () C:\Windows\system32\netcfg-144109.txt
2015-03-22 20:39 - 2015-03-22 20:43 - 58669568 _____ () C:\Users\GEOFFERY\Downloads\Sia - Elastic Heart feat. Shia LaBeouf & Maddie Ziegler (Official Video).mp4
2015-03-22 20:19 - 2015-03-22 20:19 - 00000117 _____ () C:\Windows\system32\netcfg-5586484.txt
2015-03-22 16:23 - 2015-03-22 16:23 - 00000117 _____ () C:\Windows\system32\netcfg-182088156.txt
2015-03-22 15:19 - 2015-03-22 15:19 - 00000117 _____ () C:\Windows\system32\netcfg-178239031.txt
2015-03-22 15:19 - 2015-03-22 15:19 - 00000117 _____ () C:\Windows\system32\netcfg-178238812.txt
2015-03-22 15:18 - 2015-03-22 15:18 - 00000117 _____ () C:\Windows\system32\netcfg-178221937.txt
2015-03-22 14:53 - 2015-03-22 14:53 - 00000117 _____ () C:\Windows\system32\netcfg-176736421.txt
2015-03-22 13:56 - 2015-03-22 13:56 - 00000117 _____ () C:\Windows\system32\netcfg-173259312.txt
2015-03-22 01:07 - 2015-03-22 01:07 - 00000117 _____ () C:\Windows\system32\netcfg-127173531.txt
2015-03-21 21:13 - 2015-03-21 21:14 - 00000117 _____ () C:\Windows\system32\netcfg-113145750.txt
2015-03-21 21:05 - 2015-03-21 21:05 - 00000117 _____ () C:\Windows\system32\netcfg-112645828.txt
2015-03-21 21:01 - 2015-03-21 21:01 - 00000117 _____ () C:\Windows\system32\netcfg-112388468.txt
2015-03-20 19:28 - 2015-03-20 19:28 - 00000117 _____ () C:\Windows\system32\netcfg-20431031.txt
2015-03-20 19:04 - 2015-03-20 19:04 - 00015516 _____ () C:\Users\GEOFFERY\Downloads\[limetorrents.cc]Avengers.Age.of.Ultron.2015.Movie.2014.DVDRip.XviD.torrent
2015-03-20 18:28 - 2015-03-20 18:28 - 00000117 _____ () C:\Windows\system32\netcfg-16879031.txt
2015-03-20 03:22 - 2015-03-20 03:22 - 00000117 _____ () C:\Windows\system32\netcfg-46725687.txt
2015-03-19 21:41 - 2015-03-19 21:41 - 00000117 _____ () C:\Windows\system32\netcfg-26221734.txt
2015-03-19 21:41 - 2015-03-19 21:41 - 00000117 _____ () C:\Windows\system32\netcfg-26218609.txt
2015-03-19 21:40 - 2015-03-19 21:40 - 00000117 _____ () C:\Windows\system32\netcfg-26202203.txt
2015-03-19 21:40 - 2015-03-19 21:40 - 00000117 _____ () C:\Windows\system32\netcfg-26160656.txt
2015-03-19 20:58 - 2015-03-19 20:58 - 00000117 _____ () C:\Windows\system32\netcfg-23650406.txt
2015-03-19 14:20 - 2015-03-19 14:20 - 00000165 ____H () C:\Users\GEOFFERY\Desktop\~$THE ASSOCIATION OF PROFESSIONAL WOMEN ENGINEERS OF NIGERIA.pptx
2015-03-19 14:13 - 2015-03-19 14:13 - 00000165 ____H () C:\Users\GEOFFERY\Desktop\~$APWEN.pptx
2015-03-19 14:06 - 2015-03-19 14:06 - 00000000 ____D () C:\Users\GEOFFERY\Desktop\WORK
2015-03-19 12:25 - 2015-03-18 11:31 - 85006587 _____ () C:\Users\GEOFFERY\Desktop\APWEN.pptx
2015-03-18 20:45 - 2015-03-18 20:45 - 00000117 _____ () C:\Windows\system32\netcfg-251021468.txt
2015-03-18 20:27 - 2015-03-18 20:27 - 00000117 _____ () C:\Windows\system32\netcfg-249935687.txt
2015-03-18 15:32 - 2015-03-18 15:32 - 00000117 _____ () C:\Windows\system32\netcfg-232259437.txt
2015-03-18 15:17 - 2015-03-18 15:17 - 00000117 _____ () C:\Windows\system32\netcfg-231305031.txt
2015-03-18 15:15 - 2015-03-18 15:15 - 00000117 _____ () C:\Windows\system32\netcfg-231237968.txt
2015-03-18 14:53 - 2015-03-18 14:53 - 00000117 _____ () C:\Windows\system32\netcfg-229908578.txt
2015-03-18 14:44 - 2015-03-18 14:44 - 00003674 _____ () C:\Users\GEOFFERY\Documents\SLIDER.wowsl
2015-03-18 14:22 - 2015-03-18 14:22 - 00000117 _____ () C:\Windows\system32\netcfg-228032968.txt
2015-03-18 14:05 - 2015-03-18 14:05 - 00000000 ____D () C:\Users\GEOFFERY\Documents\WOW Slider
2015-03-18 13:56 - 2015-03-18 13:56 - 00000000 ____D () C:\Program Files\WOW Slider
2015-03-18 13:33 - 2015-03-18 13:33 - 00000117 _____ () C:\Windows\system32\netcfg-225087484.txt
2015-03-18 11:44 - 2015-03-18 11:44 - 00000117 _____ () C:\Windows\system32\netcfg-218581250.txt
2015-03-18 10:58 - 2015-03-18 10:58 - 00000117 _____ () C:\Windows\system32\netcfg-215794921.txt
2015-03-18 00:51 - 2015-03-18 00:51 - 00000117 _____ () C:\Windows\system32\netcfg-179366593.txt
2015-03-17 22:37 - 2015-03-17 22:37 - 00013017 _____ () C:\Users\GEOFFERY\Downloads\[kickass.to]pirates.xxx.dvdrip.avi.torrent
2015-03-17 22:23 - 2015-03-17 22:23 - 00197852 _____ () C:\Users\GEOFFERY\Downloads\pirates 3 xxx Full.exe
2015-03-17 20:31 - 2015-03-17 20:31 - 00000000 ____D () C:\Users\GEOFFERY\Prezi
2015-03-17 20:29 - 2015-03-17 20:29 - 00001865 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prezi.lnk
2015-03-17 20:29 - 2015-03-17 20:29 - 00001853 _____ () C:\Users\Public\Desktop\Prezi.lnk
2015-03-17 20:26 - 2015-03-17 20:29 - 00000000 ____D () C:\Program Files (x86)\Prezi
2015-03-17 20:15 - 2015-03-17 20:20 - 36888746 _____ () C:\Users\GEOFFERY\Downloads\PRESIDENT GOODLUCK JONATHAN AND PATIENCE, ARE PLANNING TO ASSASSINATE FATHER MBAKA- REV FR MBAK - YouTube.3gp
2015-03-17 19:44 - 2015-03-17 19:44 - 00000117 _____ () C:\Windows\system32\netcfg-160967406.txt
2015-03-16 21:14 - 2015-03-16 21:14 - 00000117 _____ () C:\Windows\system32\netcfg-80006328.txt
2015-03-16 21:10 - 2015-03-16 21:10 - 00000117 _____ () C:\Windows\system32\netcfg-79723890.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 02:28 - 2015-02-02 07:23 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 02:28 - 2015-02-02 07:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-15 02:28 - 2014-08-15 01:23 - 01562488 _____ () C:\Windows\WindowsUpdate.log
2015-04-15 02:15 - 2012-07-26 08:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 02:08 - 2014-08-15 05:57 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2198692194-3404810195-2407512553-1001
2015-04-15 02:08 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-15 02:04 - 2014-12-21 09:58 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
2015-04-15 02:03 - 2015-01-28 01:13 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-15 02:02 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-14 22:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-04-14 21:21 - 2014-12-23 21:03 - 00000000 ____D () C:\Users\GEOFFERY\AppData\Roaming\IDM
2015-04-14 21:21 - 2014-10-26 16:51 - 00000000 ____D () C:\Users\GEOFFERY\AppData\Local\CrashDumps
2015-04-14 20:49 - 2014-11-15 08:20 - 00000000 ____D () C:\Users\GEOFFERY\AppData\Roaming\DMCache
2015-04-14 20:48 - 2014-11-15 08:20 - 00000000 ____D () C:\Users\GEOFFERY\Downloads\Video
2015-04-14 20:17 - 2014-08-30 17:46 - 00000755 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-04-14 16:54 - 2014-10-16 03:21 - 00000000 ____D () C:\Users\GEOFFERY\AppData\Roaming\vlc
2015-04-14 15:34 - 2014-08-07 22:39 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-14 14:51 - 2015-01-19 16:14 - 00000194 _____ () C:\Users\GEOFFERY\.packettracer
2015-04-14 14:46 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-13 22:19 - 2014-08-28 22:06 - 00000000 ____D () C:\Users\GEOFFERY\Desktop\example - php
2015-04-13 21:19 - 2012-07-26 06:26 - 00000230 _____ () C:\Windows\win.ini
2015-04-13 10:47 - 2015-02-22 22:37 - 00000000 ___RD () C:\Users\GEOFFERY\Desktop\New folder
2015-04-13 10:35 - 2014-11-15 08:20 - 00000000 ____D () C:\Users\GEOFFERY\Downloads\Compressed
2015-04-13 06:23 - 2015-01-21 19:02 - 00000000 ____D () C:\Users\GEOFFERY\AppData\Local\Adobe
2015-04-12 23:38 - 2014-08-15 01:26 - 00000000 ____D () C:\Users\GEOFFERY\AppData\Roaming\Atheros
2015-04-12 21:40 - 2014-08-15 01:26 - 00000000 ____D () C:\Users\GEOFFERY\Documents\Bluetooth Folder
2015-04-12 21:27 - 2014-10-17 03:11 - 00000000 ____D () C:\Windows\Minidump
2015-04-11 12:23 - 2015-01-17 01:55 - 00000000 ____D () C:\My Web Sites
2015-04-10 00:53 - 2014-08-22 04:05 - 00000000 ____D () C:\ProgramData\DatacardService
2015-04-08 22:22 - 2014-10-29 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-08 22:22 - 2014-10-29 10:25 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-08 22:21 - 2014-10-29 10:25 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-08 15:43 - 2014-08-30 17:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-08 07:08 - 2015-01-31 15:39 - 00000000 ____D () C:\ProgramData\OnlineUpdate
2015-04-07 21:02 - 2014-11-03 03:00 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-02 13:38 - 2015-03-15 22:24 - 00000000 ____D () C:\Users\GEOFFERY\Desktop\TABLET
2015-03-29 07:55 - 2015-01-25 20:17 - 00000000 ____D () C:\Users\GEOFFERY\Desktop\corel draw
2015-03-26 14:26 - 2014-08-15 01:23 - 00000000 ____D () C:\Users\GEOFFERY
2015-03-26 14:09 - 2015-03-11 09:46 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2015-03-24 23:52 - 2014-11-15 20:28 - 00002475 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-24 23:52 - 2014-08-30 17:19 - 00001379 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-24 23:52 - 2014-08-24 23:48 - 00001367 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-24 23:52 - 2014-08-15 01:23 - 00001650 _____ () C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-24 23:29 - 2014-11-20 00:11 - 00000000 ____D () C:\ProgramData\12404305945144379873
2015-03-19 14:23 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-18 15:11 - 2015-02-05 09:16 - 00000000 ____D () C:\Users\GEOFFERY\Desktop\NFCS
2015-03-18 13:56 - 2015-02-08 23:29 - 00000831 _____ () C:\Users\Public\Desktop\WOW Slider.lnk
2015-03-18 13:56 - 2015-02-08 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WOW Slider
2015-03-18 13:55 - 2015-02-08 23:29 - 00000000 ____D () C:\Program Files (x86)\WOW Slider

==================== Files in the root of some directories =======

2015-04-06 17:59 - 2015-04-06 17:59 - 0003868 _____ () C:\Users\GEOFFERY\AppData\Roaming\gns3.ini
2014-11-20 00:18 - 2014-11-20 01:29 - 0000942 _____ () C:\Users\GEOFFERY\AppData\Roaming\LiveSupport.exe_log.txt
2014-11-20 00:18 - 2014-11-20 01:29 - 0000092 _____ () C:\Users\GEOFFERY\AppData\Roaming\regsvr32.exe_log.txt
2014-10-27 07:31 - 2015-03-03 20:38 - 0000539 _____ () C:\Users\GEOFFERY\AppData\Roaming\Rim.Desktop.Exception.log
2014-10-27 07:25 - 2014-10-27 07:25 - 0001111 _____ () C:\Users\GEOFFERY\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-10-27 07:31 - 2015-03-03 20:38 - 0000539 _____ () C:\Users\GEOFFERY\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-10-27 08:05 - 2015-03-03 20:38 - 0000462 _____ () C:\Users\GEOFFERY\AppData\Roaming\Rim.Transcoder.Exception.log
2014-10-27 07:53 - 2014-12-19 12:23 - 0034816 _____ () C:\Users\GEOFFERY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-21 20:28 - 2015-01-21 20:28 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\GEOFFERY\AppData\Local\Temp\avgnt.exe
C:\Users\GEOFFERY\AppData\Local\Temp\mdi064.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-11 18:57

==================== End Of Log ============================
ADDITION
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2015
Ran by GEOFFERY at 2015-04-15 02:38:19
Running from C:\Users\GEOFFERY\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================


(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\uTorrent) (Version: 3.4.2.37252 - BitTorrent Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Corel Graphics - Windows Shell Extension 64 Bit (Version: 16.1.843 - Corel Corporation) Hidden
GNS3 0.8.7 (HKLM-x32\...\GNS3) (Version: 0.8.7 - )
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.135 - PandoraTV)
Kodi (HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Kodi) (Version: - XBMC-Foundation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{446CCB22-B632-4A1D-BF84-DA8DB0575F98}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
ProxyCap (HKLM\...\{DFBFBC41-DFE4-408C-A1F7-C02B1BF82921}) (Version: 5.2.70 - Proxy Labs)
PRTG Network Monitor (HKLM-x32\...\{5EC294B8-98F8-4C20-BE73-F11A04295CA5}_is1) (Version: 9 - Paessler AG)
PuTTY release 0.64 (HKLM-x32\...\PuTTY_is1) (Version: 0.64 - Simon Tatham)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
SolarWinds Response Time Viewer (HKLM-x32\...\{5B415E10-D1C1-4E54-9061-AE0FB3D7F2B2}) (Version: 1.0.0.162 - SolarWinds)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Torch (HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Torch) (Version: 36.0.0.8455 - Torch Media, Inc) <==== ATTENTION
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinHTTrack Website Copier 3.48-19 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.19 - HTTrack)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.20 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.3 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================


(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

31-03-2015 22:02:22 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
06-04-2015 17:04:53 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2015-01-17 20:49 - 00001073 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost127.0.0.1 thislineskipsanyemptylines
127.0.0.1 thislineskipsanyemptylines
127.0.0.1 thislineskipsanyemptylines


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4A8B532A-159F-48A7-8D0A-07A0C700F316} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {5574C74C-8188-4F6D-BDEF-39FFE05D7C6F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {609BD935-A842-4DFC-91BB-3D32EFA65911} - System32\Tasks\{FB9FD685-E055-4845-9E11-24A5568968A0} => pcalua.exe -a "C:\Program Files (x86)\Shuame\Uninst.exe"
Task: {61987F66-7E81-4D17-BEE5-91246F36FA09} - System32\Tasks\SBWUpdateTask_Logon_e64e45cf-5AEE656C9248 => C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe [2013-07-08] (Speedbit Ltd.) <==== ATTENTION
Task: {6BFE9216-8053-4399-828D-FCF175902DB6} - System32\Tasks\PC Performer Scheduled Scan => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {7F3400FB-8FE6-4AA3-BB26-FE4F3A357B58} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {846FEA69-1E98-4AAC-B86F-13CC15CF1B49} - System32\Tasks\PC Performer Daily Check => C:\Program Files (x86)\PC Performer\PSCheckUp.exe <==== ATTENTION
Task: {854EFE30-3EB5-4B7B-B462-B5A522ACD037} - System32\Tasks\PC Performer Logon Scan => C:\Program Files (x86)\PC Performer\PSCheckUp.exe <==== ATTENTION
Task: {C0B28F17-364F-43D6-8007-295D89CE9044} - System32\Tasks\AdobeAAMUpdater-1.0-UDENWANI-GEOFFERY => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {EDF447B4-10A6-4BBC-BC1D-159577661E8C} - System32\Tasks\SBW_UpdateTask_Time_323038343239313537392d7850235757324a6c412a5045 => Wscript.exe //B "C:\ProgramData\SpeedBit\sbhe.js" sbu.exe /invoke /f:check_services /l:0
Task: {F2564D4F-3728-42E3-A8D3-CEA1E4E83C7F} - System32\Tasks\SBWUpdateTask_Time_e64e45cf-5AEE656C9248 => C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe [2013-07-08] (Speedbit Ltd.) <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-08-22 04:07 - 2013-08-21 05:18 - 00656976 _____ () C:\ProgramData\Airtel Broadband\OnlineUpdate\ouc.exe
2014-05-16 23:34 - 2014-05-16 23:34 - 00430344 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2013-02-06 07:10 - 2013-02-06 07:10 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-11-19 20:12 - 2015-01-21 15:50 - 00246112 _____ () C:\ProgramData\MTN F@stLink\OnlineUpdate\ouc.exe
2015-04-04 10:40 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2015-04-04 10:40 - 2012-01-29 16:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-10-26 03:31 - 2011-09-29 21:29 - 00050416 _____ () C:\Program Files (x86)\Tether\TBService.exe
2015-01-14 11:13 - 2011-03-17 15:41 - 00261456 _____ () C:\Program Files (x86)\MTN F@stLink\AssistantServices.exe
2013-09-07 09:48 - 2013-09-07 09:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 09:45 - 2013-09-07 09:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 09:52 - 2013-09-07 09:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-04-15 21:26 - 2014-04-15 21:26 - 01014904 _____ () C:\Program Files\Common Files\SpeedBit\SBUpdate\sbei64.dll
2015-01-14 11:13 - 2011-03-17 15:41 - 00139088 _____ () C:\Program Files (x86)\MTN F@stLink\UIExec.exe
2014-04-14 20:41 - 2014-04-14 20:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-11-19 20:11 - 2014-11-19 20:12 - 00514048 _____ () C:\Program Files (x86)\MTN F@stLink\MTN
F@stLink.exe
2014-11-22 14:03 - 2013-07-18 16:41 - 04062708 _____ () C:\Users\GEOFFERY\Desktop\BIS+SS\SimpleServer.exe
2014-08-22 04:07 - 2009-01-10 19:32 - 00011362 _____ () C:\ProgramData\Airtel Broadband\OnlineUpdate\mingwm10.dll
2014-08-22 04:07 - 2009-06-23 03:42 - 00043008 _____ () C:\ProgramData\Airtel Broadband\OnlineUpdate\libgcc_s_dw2-1.dll
2014-08-22 04:07 - 2012-10-31 10:11 - 02417152 _____ () C:\ProgramData\Airtel Broadband\OnlineUpdate\QtCore4.dll
2014-08-22 04:07 - 2012-10-31 10:14 - 01148416 _____ () C:\ProgramData\Airtel Broadband\OnlineUpdate\QtNetwork4.dll
2014-08-22 04:07 - 2013-08-21 05:18 - 00839680 _____ () C:\ProgramData\Airtel Broadband\OnlineUpdate\QueryStrategy.dll
2014-08-22 04:07 - 2012-10-31 10:11 - 00398336 _____ () C:\ProgramData\Airtel Broadband\OnlineUpdate\QtXml4.dll
2014-05-17 01:11 - 2014-05-17 01:11 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2014-05-17 01:37 - 2014-05-17 01:37 - 00506664 _____ () C:\Program Files (x86)\Hotspot Shield\bin\HssRep.dll
2014-11-19 20:12 - 2014-11-19 20:11 - 00011362 _____ () C:\ProgramData\MTN F@stLink\OnlineUpdate\mingwm10.dll
2014-11-19 20:12 - 2014-11-19 20:11 - 00043008 _____ () C:\ProgramData\MTN F@stLink\OnlineUpdate\libgcc_s_dw2-1.dll
2014-11-19 20:12 - 2014-11-19 20:11 - 02415104 _____ () C:\ProgramData\MTN F@stLink\OnlineUpdate\QtCore4.dll
2014-11-19 20:12 - 2014-11-19 20:11 - 01148416 _____ () C:\ProgramData\MTN F@stLink\OnlineUpdate\QtNetwork4.dll
2014-11-19 20:12 - 2014-11-19 20:11 - 00384512 _____ () C:\ProgramData\MTN F@stLink\OnlineUpdate\QueryStrategy.dll
2014-11-19 20:12 - 2014-11-19 20:11 - 00398336 _____ () C:\ProgramData\MTN F@stLink\OnlineUpdate\QtXml4.dll
2015-04-11 18:46 - 2015-03-31 16:26 - 00781024 _____ () C:\Program Files (x86)\PRTG Network Monitor\PaesslerSNMP.dll
2015-04-15 02:03 - 2015-03-31 16:26 - 00781024 _____ () C:\Program Files (x86)\PRTG Network Monitor\dlltemp\snmp1.dll
2014-04-15 21:26 - 2014-04-15 21:26 - 00688248 _____ () C:\Program Files\Common Files\SpeedBit\SBUpdate\sbei32.dll
2015-04-14 12:51 - 2015-04-14 12:51 - 02923520 _____ () C:\Users\GEOFFERY\AppData\Local\Temp\mdi064.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00439296 _____ () C:\Program Files (x86)\MTN F@stLink\core.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00261632 _____ () C:\Program Files (x86)\MTN F@stLink\sdk.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00011362 _____ () C:\Program Files (x86)\MTN F@stLink\mingwm10.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00043008 _____ () C:\Program Files (x86)\MTN F@stLink\libgcc_s_dw2-1.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 02415104 _____ () C:\Program Files (x86)\MTN F@stLink\QtCore4.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 09515520 _____ () C:\Program Files (x86)\MTN F@stLink\QtGui4.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00381952 _____ () C:\Program Files (x86)\MTN F@stLink\Proxy.DLL
2014-11-19 20:11 - 2015-01-21 15:50 - 00218112 _____ () C:\Program Files (x86)\MTN F@stLink\Common.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00135168 _____ () C:\Program Files (x86)\MTN F@stLink\Trace.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00545280 _____ () C:\Program Files (x86)\MTN F@stLink\PluginContainer.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00238080 _____ () C:\Program Files (x86)\MTN F@stLink\AtCodec.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00301056 _____ () C:\Program Files (x86)\MTN F@stLink\DeviceSrvPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00235008 _____ () C:\Program Files (x86)\MTN F@stLink\NetSrvPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00133120 _____ () C:\Program Files (x86)\MTN F@stLink\OSDialup.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00159232 _____ () C:\Program Files (x86)\MTN F@stLink\XCodec.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00157184 _____ () C:\Program Files (x86)\MTN F@stLink\DataServicePlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00176128 _____ () C:\Program Files (x86)\MTN F@stLink\CallSrvPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00264704 _____ () C:\Program Files (x86)\MTN F@stLink\AddrBookSrvPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00217600 _____ () C:\Program Files (x86)\MTN F@stLink\SmsSrvPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00142336 _____ () C:\Program Files (x86)\MTN F@stLink\USSDSrvPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00156672 _____ () C:\Program Files (x86)\MTN F@stLink\STKSrvPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00154624 _____ () C:\Program Files (x86)\MTN F@stLink\GpsSrvPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00338432 _____ () C:\Program Files (x86)\MTN F@stLink\DeviceAppPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00065536 _____ () C:\Program Files (x86)\MTN F@stLink\OSPowerMgr.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00106496 _____ () C:\Program Files (x86)\MTN F@stLink\Win7Support.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 01077248 _____ () C:\Program Files (x86)\MTN F@stLink\AddrBookPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00670720 _____ () C:\Program Files (x86)\MTN F@stLink\SmsAppPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00550400 _____ () C:\Program Files (x86)\MTN F@stLink\CallAppPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00547840 _____ () C:\Program Files (x86)\MTN F@stLink\CallLogSrvPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00158720 _____ () C:\Program Files (x86)\MTN F@stLink\NetConnectSrvPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00211968 _____ () C:\Program Files (x86)\MTN F@stLink\DialUpPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00101376 _____ () C:\Program Files (x86)\MTN F@stLink\OSAdapt.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00180224 _____ () C:\Program Files (x86)\MTN F@stLink\NDISPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00131072 _____ () C:\Program Files (x86)\MTN F@stLink\OSNDIS.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 01101824 _____ () C:\Program Files (x86)\MTN F@stLink\NDISAPI.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00278528 _____ () C:\Program Files (x86)\MTN F@stLink\NetInfoSrvPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00062976 _____ () C:\Program Files (x86)\MTN F@stLink\OSCall.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00521728 _____ () C:\Program Files (x86)\MTN F@stLink\DeviceMgrUIPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00123392 _____ () C:\Program Files (x86)\MTN F@stLink\ATR2SMgr.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00185856 _____ () C:\Program Files (x86)\MTN F@stLink\XFramePlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00313856 _____ () C:\Program Files (x86)\MTN F@stLink\StatusBarMgrPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00119296 _____ () C:\Program Files (x86)\MTN F@stLink\LayoutPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00437760 _____ () C:\Program Files (x86)\MTN F@stLink\DialupUIPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00307200 _____ () C:\Program Files (x86)\MTN F@stLink\DiagnosisPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00093184 _____ () C:\Program Files (x86)\MTN F@stLink\NotifyServicePlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00351744 _____ () C:\Program Files (x86)\MTN F@stLink\NetConnectPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00307712 _____ () C:\Program Files (x86)\MTN F@stLink\ToolBarMgrPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00642560 _____ () C:\Program Files (x86)\MTN F@stLink\USSDUIPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00249856 _____ () C:\Program Files (x86)\MTN F@stLink\MenuMgrPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00577024 _____ () C:\Program Files (x86)\MTN F@stLink\NetInfoUIExPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00840192 _____ () C:\Program Files (x86)\MTN F@stLink\SMSUIPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00798208 _____ () C:\Program Files (x86)\MTN F@stLink\AddrBookUIPlugin.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00269824 _____ () C:\Program Files (x86)\MTN F@stLink\LiveUpdateInterface.DLL
2014-11-19 20:11 - 2015-01-21 15:50 - 01148416 _____ () C:\Program Files (x86)\MTN F@stLink\QtNetwork4.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00082944 _____ () C:\Program Files (x86)\MTN F@stLink\plugins\imageformats\qgif4.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00081920 _____ () C:\Program Files (x86)\MTN F@stLink\plugins\imageformats\qico4.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00192000 _____ () C:\Program Files (x86)\MTN F@stLink\plugins\imageformats\qjpeg4.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00350720 _____ () C:\Program Files (x86)\MTN F@stLink\plugins\imageformats\qmng4.dll
2014-11-19 20:11 - 2015-01-21 15:50 - 00370176 _____ () C:\Program Files (x86)\MTN F@stLink\plugins\imageformats\qtiff4.dll
2014-04-15 21:26 - 2014-04-15 21:26 - 00527480 _____ () C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B
AlternateDataStreams: C:\Users\GEOFFERY\Downloads\VIPGunshipBattleHelicopter3D2015__7934_il64464(1).exe:typelib

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.109.2.97 - 10.109.5.97

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "ProxyCap"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "RIMBBLaunchAgent.exe"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\StartupApproved\StartupFolder: => "PdaNet Desktop.lnk"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\StartupApproved\Run: => "se"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\StartupApproved\Run: => "Connectify"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\StartupApproved\Run: => "ManyCam"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\StartupApproved\Run: => "DownloadAccelerator"
HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"

==================== Accounts: =============================

Administrator (S-1-5-21-2198692194-3404810195-2407512553-500 - Administrator - Disabled)
GEOFFERY (S-1-5-21-2198692194-3404810195-2407512553-1001 - Administrator - Enabled) => C:\Users\GEOFFERY
Guest (S-1-5-21-2198692194-3404810195-2407512553-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Tether Ethernet Adapter
Description: Tether Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Tether
Service: qrkis
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/15/2015 02:38:42 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-04-16T01:22:42Z. Error Code: 0x80041316.


==================== Drives ================================

Drive c: () (Fixed) (Total:461.34 GB) (Free:227.73 GB) NTFS
Drive d: (HP_TOOLS) (Fixed) (Total:3.91 GB) (Free:2.08 GB) NTFS
Drive f: (MTN F@stLink) (CDROM) (Total:0.07 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0FDED070)

Partition: GPT Partition Type.

==================== End Of Log ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

redtarget.gif
Uninstall Torch.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.


(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
After using rogue killer
RogueKiller V10.5.10.0 [Apr 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : GEOFFERY [Administrator]
Started from : C:\Users\GEOFFERY\Downloads\RogueKiller(1).exe
Mode : Delete -- Date : 04/15/2015 21:28:28

¤¤¤ Processes : 5 ¤¤¤
[Suspicious.Path] ouc.exe(1864) -- C:\ProgramData\Airtel Broadband\OnlineUpdate\ouc.exe[7] -> Killed [TermProc]
[Suspicious.Path] ouc.exe(2196) -- C:\ProgramData\MTN F@stLink\OnlineUpdate\ouc.exe[7] -> Killed [TermProc]
[Proc.Injected] PRTG Server.exe(2308) -- C:\Program Files (x86)\PRTG Network Monitor\PRTG Server.exe[7] -> Killed [TermProc]
[Suspicious.Path] rundll32.exe(4704) -- C:\Users\GEOFFERY\AppData\Local\Temp\mdi064.dll[-] -> Unloaded
[PUP] (SVC) hshld -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[-] -> Stopped

¤¤¤ Registry : 37 ¤¤¤
[PUP] (X64) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Windows\CurrentVersion\Run | se : "C:\Users\GEOFFERY\AppData\Roaming\SkypEmoticons\SE.exe" /minimized -> Not selected
[PUP] (X64) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Windows\CurrentVersion\Run | LiveSupport : "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log -> Not selected
[PUP] (X86) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Windows\CurrentVersion\Run | se : "C:\Users\GEOFFERY\AppData\Roaming\SkypEmoticons\SE.exe" /minimized -> Not selected
[PUP] (X86) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Windows\CurrentVersion\Run | LiveSupport : "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdatem (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hshld (C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HssTrayService (C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HssWd (C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdatem (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hshld (C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HssTrayService (C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HssWd (C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe) -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:8080 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:8080 -> Not selected
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX -> Not selected
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.searchalgo.com/?cid=5072 -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.searchalgo.com/?cid=5072 -> Not selected
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms} -> Not selected
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms} -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms} -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms} -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{46B6BAE7-18EE-4DFE-9350-7A05703EB645} | NameServer : 10.109.5.97 10.109.2.97 [X][X] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{46B6BAE7-18EE-4DFE-9350-7A05703EB645} | DhcpNameServer : 10.109.5.97 10.109.2.97 [X][X] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{80602E45-81AF-4059-A08B-F6CCCD642126} | NameServer : 10.109.2.97 10.109.5.97 [X][X] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{923F1A57-A3B4-45D8-99BA-16FF7BD43085} | NameServer : 10.109.2.97 10.109.5.97 [X][X] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{46B6BAE7-18EE-4DFE-9350-7A05703EB645} | NameServer : 10.109.5.97 10.109.2.97 [X][X] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{46B6BAE7-18EE-4DFE-9350-7A05703EB645} | DhcpNameServer : 10.109.5.97 10.109.2.97 [X][X] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{80602E45-81AF-4059-A08B-F6CCCD642126} | NameServer : 10.109.2.97 10.109.5.97 [X][X] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{923F1A57-A3B4-45D8-99BA-16FF7BD43085} | NameServer : 10.109.2.97 10.109.5.97 [X][X] -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[HJ.FileAsso] (X64) HKEY_CLASSES_ROOT\pezfile\shell\open\command | (default) : "%1" %* -> Replaced ("%1" %*)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 5 ¤¤¤
[C:\Windows\System32\Drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\Drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\Drivers\etc\hosts] 127.0.0.1 localhost127.0.0.1 thislineskipsanyemptylines
[C:\Windows\System32\Drivers\etc\hosts] 127.0.0.1 thislineskipsanyemptylines
[C:\Windows\System32\Drivers\etc\hosts] 127.0.0.1 thislineskipsanyemptylines

¤¤¤ Antirootkit : 21 (Driver: Not loaded [0x20]) ¤¤¤
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - FreeLibrary : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362b90 (jmp 0xffffffffebafe08e)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - GetModuleHandleW : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362b10 (jmp 0xffffffffebafdd9b)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - LoadLibraryW : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362a50 (jmp 0xffffffffebb0310b)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - GetModuleFileNameW : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362ad0 (jmp 0xffffffffebafdd7d)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - GetProcAddress : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362bb0 (jmp 0xffffffffebafddca)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - GetModuleHandleA : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362af0 (jmp 0xffffffffebafdd8c)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - LoadLibraryExA : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362a70 (jmp 0xffffffffebafd749)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - LoadLibraryExW : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362a90 (jmp 0xffffffffebafd758)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - GetModuleHandleExW : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362b60 (jmp 0xffffffffebafddc9)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenFile : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x6135d090 (jmp 0xffffffffea39f250)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - GetModuleFileNameA : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362ab0 (jmp 0xffffffffebafdd6e)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - MoveFileA : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x613624b0 (jmp 0xffffffffebb0618d)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - MoveFileW : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x613624d0 (jmp 0xffffffffebb060c7)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - LoadLibraryA : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362a30 (jmp 0xffffffffebb031ae)
[IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - CreateWindowExW : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x6132e260 (jmp 0xffffffffeb9521db)
[IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - DestroyWindow : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x6132e2c0 (jmp 0xffffffffeb952f9c)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - OpenFile : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362630 (jmp 0xffffffffebb050af)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - MoveFileExW : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362510 (jmp 0xffffffffebafdeb4)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - CopyFileW : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362490 (jmp 0xffffffffebb0559e)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - GetModuleHandleExA : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362b30 (jmp 0xffffffffebafddaa)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - CopyFileA : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362470 (jmp 0xffffffffebb055e7)

¤¤¤ Web browsers : 5 ¤¤¤
[PUP][FIREFX:Addon] cei6nzih.default-1409799015992 : Hotspot Shield Extension [afproxy@anchorfree.com] -> Not selected
[PUM.Proxy][FIREFX:Config] cei6nzih.default-1409799015992 : user_pref("network.proxy.http", "127.0.0.1"); -> Not selected
[PUM.Proxy][FIREFX:Config] cei6nzih.default-1409799015992 : user_pref("network.proxy.http_port", 8080); -> Not selected
[PUM.Proxy][FIREFX:Config] cei6nzih.default-1409799015992 : user_pref("network.proxy.type", 1); -> Not selected
[PUM.HomePage][FIREFX:Config] cei6nzih.default-1409799015992 : user_pref("browser.startup.homepage", "http://www.searchalgo.com/?cid=5072"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS545050A7E680 +++++
--- User ---
[MBR] 03ec3322ce665526c1a812cca896a79e
[BSP] 501eed739870b0f9619753005ff94e3e : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 821248 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1083392 | Size: 472411 MB
4 - Basic data partition | Offset (sectors): 968581120 | Size: 3999 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_04152015_212808.log - RKreport_DEL_04152015_212821.log
 
After using malware remover
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/15/2015
Scan Time: 10:01:40 PM
Logfile: new.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.15.08
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: GEOFFERY

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355577
Time Elapsed: 30 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 92
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{a7e93dc1-bcd4-481f-8ba0-ab52cfd1c9ab}, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A7E93DC1-BCD4-481F-8BA0-AB52CFD1C9AB}, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_.Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_.Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_.9, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_.Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_.Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_.9, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_.Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_.Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_.9, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A7E93DC1-BCD4-481F-8BA0-AB52CFD1C9AB}, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A7E93DC1-BCD4-481F-8BA0-AB52CFD1C9AB}, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{A7E93DC1-BCD4-481F-8BA0-AB52CFD1C9AB}\INPROCSERVER32, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{513e12d2-f079-4adc-a4fc-5771006df6cb}, Quarantined, [42a24a22682267cf6765013d8082a35d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{513E12D2-F079-4ADC-A4FC-5771006DF6CB}, Quarantined, [42a24a22682267cf6765013d8082a35d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P513e12d2_f079_4adc_a4fc_5771006df6cb_.P513e12d2_f079_4adc_a4fc_5771006df6cb_, Quarantined, [42a24a22682267cf6765013d8082a35d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P513e12d2_f079_4adc_a4fc_5771006df6cb_.P513e12d2_f079_4adc_a4fc_5771006df6cb_.9, Quarantined, [42a24a22682267cf6765013d8082a35d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P513e12d2_f079_4adc_a4fc_5771006df6cb_.P513e12d2_f079_4adc_a4fc_5771006df6cb_, Quarantined, [42a24a22682267cf6765013d8082a35d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P513e12d2_f079_4adc_a4fc_5771006df6cb_.P513e12d2_f079_4adc_a4fc_5771006df6cb_.9, Quarantined, [42a24a22682267cf6765013d8082a35d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P513e12d2_f079_4adc_a4fc_5771006df6cb_.P513e12d2_f079_4adc_a4fc_5771006df6cb_, Quarantined, [42a24a22682267cf6765013d8082a35d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P513e12d2_f079_4adc_a4fc_5771006df6cb_.P513e12d2_f079_4adc_a4fc_5771006df6cb_.9, Quarantined, [42a24a22682267cf6765013d8082a35d],
PUP.Optional.Multiplug, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{513E12D2-F079-4ADC-A4FC-5771006DF6CB}, Quarantined, [42a24a22682267cf6765013d8082a35d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{513E12D2-F079-4ADC-A4FC-5771006DF6CB}, Quarantined, [42a24a22682267cf6765013d8082a35d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{513E12D2-F079-4ADC-A4FC-5771006DF6CB}, Quarantined, [42a24a22682267cf6765013d8082a35d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{513E12D2-F079-4ADC-A4FC-5771006DF6CB}\INPROCSERVER32, Quarantined, [42a24a22682267cf6765013d8082a35d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{7f7850e9-0b94-42d1-bb54-f449092c0686}, Quarantined, [806446262f5b999d9933c579b74b21df],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F7850E9-0B94-42D1-BB54-F449092C0686}, Quarantined, [806446262f5b999d9933c579b74b21df],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P7f7850e9_0b94_42d1_bb54_f449092c0686_.P7f7850e9_0b94_42d1_bb54_f449092c0686_, Quarantined, [806446262f5b999d9933c579b74b21df],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P7f7850e9_0b94_42d1_bb54_f449092c0686_.P7f7850e9_0b94_42d1_bb54_f449092c0686_.9, Quarantined, [806446262f5b999d9933c579b74b21df],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P7f7850e9_0b94_42d1_bb54_f449092c0686_.P7f7850e9_0b94_42d1_bb54_f449092c0686_, Quarantined, [806446262f5b999d9933c579b74b21df],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P7f7850e9_0b94_42d1_bb54_f449092c0686_.P7f7850e9_0b94_42d1_bb54_f449092c0686_.9, Quarantined, [806446262f5b999d9933c579b74b21df],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P7f7850e9_0b94_42d1_bb54_f449092c0686_.P7f7850e9_0b94_42d1_bb54_f449092c0686_, Quarantined, [806446262f5b999d9933c579b74b21df],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P7f7850e9_0b94_42d1_bb54_f449092c0686_.P7f7850e9_0b94_42d1_bb54_f449092c0686_.9, Quarantined, [806446262f5b999d9933c579b74b21df],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7F7850E9-0B94-42D1-BB54-F449092C0686}, Quarantined, [806446262f5b999d9933c579b74b21df],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7F7850E9-0B94-42D1-BB54-F449092C0686}, Quarantined, [806446262f5b999d9933c579b74b21df],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{7F7850E9-0B94-42D1-BB54-F449092C0686}\INPROCSERVER32, Quarantined, [806446262f5b999d9933c579b74b21df],
PUP.Optional.Tuvaro, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}, Quarantined, [4f95df8d652500367ffb44f93ac96799],
PUP.Optional.Tuvaro, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}, Quarantined, [4f95df8d652500367ffb44f93ac96799],
PUP.Optional.Tuvaro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}, Quarantined, [4f95df8d652500367ffb44f93ac96799],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{2105FE20-DEBD-4084-A306-61C5DA001CCA}, Quarantined, [756f53192565e05654ece3dcb25105fb],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2234079B-E720-47A7-8BE7-0A18922192C9}, Quarantined, [756f53192565e05654ece3dcb25105fb],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3A96CEBD-D968-4DC8-9ED9-9785E726C381}, Quarantined, [756f53192565e05654ece3dcb25105fb],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8682D1EB-07A1-4518-89C1-D9D9EEF47C06}, Quarantined, [756f53192565e05654ece3dcb25105fb],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D838B01C-11A0-4CAC-BCF1-B5DE0154E9D3}, Quarantined, [756f53192565e05654ece3dcb25105fb],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2234079B-E720-47A7-8BE7-0A18922192C9}, Quarantined, [756f53192565e05654ece3dcb25105fb],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3A96CEBD-D968-4DC8-9ED9-9785E726C381}, Quarantined, [756f53192565e05654ece3dcb25105fb],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8682D1EB-07A1-4518-89C1-D9D9EEF47C06}, Quarantined, [756f53192565e05654ece3dcb25105fb],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D838B01C-11A0-4CAC-BCF1-B5DE0154E9D3}, Quarantined, [756f53192565e05654ece3dcb25105fb],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2234079B-E720-47A7-8BE7-0A18922192C9}, Quarantined, [756f53192565e05654ece3dcb25105fb],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3A96CEBD-D968-4DC8-9ED9-9785E726C381}, Quarantined, [756f53192565e05654ece3dcb25105fb],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8682D1EB-07A1-4518-89C1-D9D9EEF47C06}, Quarantined, [756f53192565e05654ece3dcb25105fb],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D838B01C-11A0-4CAC-BCF1-B5DE0154E9D3}, Quarantined, [756f53192565e05654ece3dcb25105fb],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2105FE20-DEBD-4084-A306-61C5DA001CCA}, Quarantined, [756f53192565e05654ece3dcb25105fb],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{2105FE20-DEBD-4084-A306-61C5DA001CCA}, Quarantined, [756f53192565e05654ece3dcb25105fb],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{318C7F13-3498-459E-BF35-12865E6D005C}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5AE5A3D4-7E07-4B59-98BB-A01928B88F24}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{614B7466-CE8E-49BA-9F26-C1DF872C886D}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6AB41B4A-D344-4B9D-B847-43DA8433A73B}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9F9C0E22-39B1-4C6D-BE79-B9CCA26E067F}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5AE5A3D4-7E07-4B59-98BB-A01928B88F24}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{614B7466-CE8E-49BA-9F26-C1DF872C886D}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6AB41B4A-D344-4B9D-B847-43DA8433A73B}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9F9C0E22-39B1-4C6D-BE79-B9CCA26E067F}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5AE5A3D4-7E07-4B59-98BB-A01928B88F24}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{614B7466-CE8E-49BA-9F26-C1DF872C886D}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6AB41B4A-D344-4B9D-B847-43DA8433A73B}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9F9C0E22-39B1-4C6D-BE79-B9CCA26E067F}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{318C7F13-3498-459E-BF35-12865E6D005C}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{318C7F13-3498-459E-BF35-12865E6D005C}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [c71d0f5d4b3f77bf1e5054bd24e08e72],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, Quarantined, [9252adbfc3c70c2a6f97d00810f36d93],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, Quarantined, [fee6105ca7e3b0862e99ece072910cf4],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Quarantined, [c71dc4a8f991e1556f3b6983ae554db3],
PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [657f78f496f495a16688c680020356aa],
PUP.Optional.PCPerformer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PCPerformer_is1, Quarantined, [e8fc81eb51396ec86a0ab7302ad9847c],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [a3417fed7d0d1026a387a8a00cf9b749],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [18cc16560d7dbc7a66c5ee5af80daa56],
PUP.Optional.PCPerformer.A, HKLM\SOFTWARE\WOW6432NODE\PERFORMERSOFT\PC Performer, Quarantined, [4e960c60474361d574d196918e77a65a],
PUP.Optional.Cinema.A, HKU\S-1-5-18\SOFTWARE\CinemaP-1.9cV16.03-nv, Quarantined, [63810468a8e256e06614e20252b1a45c],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\HomeTab, Quarantined, [469e75f7b0da55e1782a28cef90a817f],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\SearchProtectWS, Quarantined, [756f2a420e7c8ea873404b7e30d3a35d],
PUP.Optional.TNT.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\TNT2, Quarantined, [667ee884e9a191a50b784f7cdc278a76],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\WajIntEnhance, Quarantined, [1cc8ea82afdbd0668147daf2d92ab24e],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [7f6586e65c2e70c6c3a534066d988c74],
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, Quarantined, [20c429430e7c85b100fb38881ce747b9],
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [5094f07cd8b2aa8cbc9d7cb84db80df3],
PUP.Optional.Iminent.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Quarantined, [b3313d2fe9a143f30af3953057ac669a],
PUP.Optional.Iminent.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, Quarantined, [915376f65a300c2ab14d07be59aa49b7],
PUP.Optional.Linkey.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, Quarantined, [83610a6295f5e155c03fc6ffd62df20e],
PUP.Optional.Vosteran.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, Quarantined, [4a9a4428d0bad56152ae1da9ba491ee2],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, Quarantined, [e4008ddf43476ec8de23cef8bd46d828],
PUP.Optional.IStart.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [776d4b211b6f270fbedb93333dc6ee12],
PUP.Optional.PCPerformer.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\PERFORMERSOFT\PC Performer, Quarantined, [00e470fc57338caabd89d84f986d0af6],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, Quarantined, [994bda92c4c6d95de9c617b2c1425da3],

Registry Values: 27
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}, Quarantined, [1acab8b44e3c45f178c40b4933d2d828]
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [c71dc4a8f991e1556f3b6983ae554db3]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}, Quarantined, [687cc0ac0288092d6dcf77dddb2ad62a]
PUP.Optional.CoolSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|FaviconURL, http://websearch.coolsearches.info/favicon.ico, Quarantined, [499bcd9f91f925118b95bf95937222de]
PUP.Optional.CoolSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|FaviconURLFallback, http://websearch.coolsearches.info/favicon.ico, Quarantined, [8c58cca0eb9f310509173a1ad2331ce4]
PUP.Optional.CoolSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|URL, http://websearch.coolsearches.info/...&hid=4751682993849244761&lg=EN&cc=NG&unqvl=85, Quarantined, [a2420f5d0585092db46c95bf9075e31d]
PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com, Quarantined, [b33169036a20b87e71413b16b74efe02]
PUP.Optional.IStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|istart_ffnt@gmail.com, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\istart_ffnt@gmail.com, Quarantined, [c222b0bc7812a88ecf10a71e0cf7768a]
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, Firefox, Quarantined, [20c429430e7c85b100fb38881ce747b9]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}, Quarantined, [b034b0bc74168ea883b8361e7b8a37c9]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}, Quarantined, [7173d89429613ef83803f85c51b46d93]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, http://www.mystartsearch.com//favicon.ico, Quarantined, [eff54527e7a395a1cd6e62f2a65f3fc1]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}, Quarantined, [568eb0bc8802bb7bf14a80d47d88629e]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|TopResultURL, http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}, Quarantined, [677d53196723f34367d4f75d7491827e]
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}|DisplayName, default-search.net, Quarantined, [18ccbfadb5d548ee8812be960bfa7888]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}|URL, http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}, Quarantined, [a440afbd4347ef47f04bcc8810f5d729]
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}|SuggestionsURL_JSON, http://www.default-search.net?sid=4...r=14591&tm=536&src=ds&p={searchTerms}&ft=json, Quarantined, [d311105c3e4c89ad049686ce9e676a96]
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}|TopResultURL, http://www.default-search.net/search?sid=476&aid=107&itype=n&ver=14591&tm=536&src=ds&p={searchTerms}, Quarantined, [667e7fed890182b49a005103e322d828]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}|URL, http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}, Quarantined, [a3419fcd7614c47269d2074dfd087888]
PUP.Optional.CoolSearches.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|FaviconURL, http://websearch.coolsearches.info/favicon.ico, Quarantined, [38ac0765f8927eb852cd9cb87d883bc5]
PUP.Optional.CoolSearches.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|FaviconURLFallback, http://websearch.coolsearches.info/favicon.ico, Quarantined, [6a7a98d40b7fef47a57a3f155aab52ae]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|URL, http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}, Quarantined, [aa3ab7b57a1096a068d3193b9f6652ae]
PUP.Optional.CoolSearches.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|TopResultURL, http://websearch.coolsearches.info/...&hid=4751682993849244761&lg=EN&cc=NG&unqvl=85, Quarantined, [eafa1656afdb3501be6168ec4db8649c]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}, Quarantined, [f7eddd8f048683b387b489cb887d9a66]
PUP.Optional.LiveSupport, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|LiveSupport, "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log, Quarantined, [d41079f391f959ddd8246c9715ef11ef]
PUP.BitcoinMiner, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tsiVideo, C:\Windows\SysWOW64\rundll32.exe C:\Users\GEOFFERY\AppData\Local\Temp\\mdi064.dll,asdasd, Quarantined, [707473f93258a591ff8ff9520df8827e]
PUP.Optional.IStart.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MOZILLA\EXTENDS|appid, istart_ffnt@gmail.com, Quarantined, [776d4b211b6f270fbedb93333dc6ee12]

Registry Data: 17
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...),Replaced,[07dd6408f3975bdb6fa142b658adea16]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?t...),Replaced,[b232e3890a8049ed7f0bfef91beabf41]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=...),Replaced,[e9fb4527aedced493f4b2fc809fc4bb5]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=...),Replaced,[459fbfad29613ef8f9916d8a36cf0cf4]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?t...),Replaced,[855faac26a202e08cac0b1462dd83dc3]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[10d49cd0f59550e6dda36e95c6407789]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...),Replaced,[eafab3b9365440f614fc4eaae2230000]
PUP.Optional.SearchAlgo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://www.searchalgo.com/?cid=5072, Good: (www.google.com), Bad: (http://www.searchalgo.com/?cid=5072),Replaced,[2db79ad2a2e860d616736c9841c5bb45]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?t...),Replaced,[588cf973a9e10f27bbcfe21513f2e719]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=...),Replaced,[ffe50f5d870358de7713fff854b116ea]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=...),Replaced,[7c6885e7cbbfc76f35556295966f05fb]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?t...),Replaced,[e3013a32b0da3ff7d6b44aade71eb34d]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[09db204c1e6c80b6acd4709335d19b65]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?t...),Replaced,[e40092da6624c86ec1ca807749bca25e]
PUP.Optional.SearchAlgo.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.searchalgo.com/?cid=5072, Good: (www.google.com), Bad: (http://www.searchalgo.com/?cid=5072),Replaced,[39abf27ac9c13ff789ff02029e689769]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=...),Replaced,[eff5f17bd7b338fec1ca56a1fd081ae6]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?t...),Replaced,[8460c7a5236788ae424993649c69a858]

Folders: 19
PUP.Optional.SalePlus.A, C:\Program Files (x86)\SaalEPlus, Quarantined, [756f53192565e05654ece3dcb25105fb],
PUP.Optional.SalePlus.A, C:\Program Files (x86)\SalePLus, Quarantined, [558f313bf99153e30f31aa154cb7bc44],
PUP.Optional.SalePlus.A, C:\Program Files (x86)\SalePluus, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpmmhaffdebnmkjelaohgjmndeongip\236, Quarantined, [81639bd18dfd71c578364114b352cf31],
PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpmmhaffdebnmkjelaohgjmndeongip, Quarantined, [81639bd18dfd71c578364114b352cf31],
PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kagejfgngcmkbaacpmcnbpkhmhoeccee\236, Quarantined, [4e966dffc8c21c1a8727db7a9a6bda26],
PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kagejfgngcmkbaacpmcnbpkhmhoeccee, Quarantined, [4e966dffc8c21c1a8727db7a9a6bda26],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
PUP.Optional.PCPerformer, C:\Users\GEOFFERY\AppData\Roaming\Performersoft\PC Performer, Quarantined, [63819cd0d2b86cca53be3e67de25af51],
PUP.Optional.PCPerformer, C:\Users\GEOFFERY\AppData\Roaming\Performersoft\PC Performer\Logs, Quarantined, [63819cd0d2b86cca53be3e67de25af51],
PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
PUP.Optional.EZDownloader, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader, Quarantined, [539135376525c5711d42bceb6f94ca36],
PUP.Optional.SearchEngine.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com, Quarantined, [4c986efe7416d561997b734712f1c937],
PUP.Optional.SearchEngine.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com\chrome, Quarantined, [4c986efe7416d561997b734712f1c937],
PUP.Optional.SearchEngine.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com\chrome\content, Quarantined, [4c986efe7416d561997b734712f1c937],
PUP.Optional.SearchEngine.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com\chrome\skin, Quarantined, [4c986efe7416d561997b734712f1c937],

Files: 78
PUP.Optional.Multiplug, C:\Program Files (x86)\SalePLus\4Rx8vVEQf3HYSw.x64.dll, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
PUP.Optional.Multiplug, C:\Program Files (x86)\SaalEPlus\E6ePluvXeRIsPa.x64.dll, Quarantined, [42a24a22682267cf6765013d8082a35d],
PUP.Optional.Multiplug, C:\Program Files (x86)\SalePluus\rUR0MAu4s7es8o.x64.dll, Quarantined, [806446262f5b999d9933c579b74b21df],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\SaalEPlus\E6ePluvXeRIsPa.exe, Quarantined, [c024c6a6b3d74ee8c50087ab7a88bb45],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\SalePLus\4Rx8vVEQf3HYSw.exe, Quarantined, [ecf85e0ee6a41026d2f367cb28daca36],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\SalePluus\rUR0MAu4s7es8o.exe, Quarantined, [c61e4d1f9ded39fd893ce052a161ec14],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\Silver Bird Plus Twitter Client\Silver Bird Plus Twitter Client.exe, Quarantined, [5094ec80315950e6af16c17130d20000],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\Hey Girl\Hey Girl.exe, Quarantined, [9054c1ab74166ec8e7de003206fc649c],
Trojan.Bitminer, C:\Users\GEOFFERY\AppData\Local\Temp\mdi064.dll, Quarantined, [02e25616dcae82b4a496c62b19e87789],
RiskWare.Miner, C:\Users\GEOFFERY\AppData\Local\Temp\msupdate71\dwm.exe, Quarantined, [25bf9ad28901e551a4092c1d58aac13f],
RiskWare.Miner, C:\Users\GEOFFERY\AppData\Local\Temp\msupdate71\msupdate.7z, Quarantined, [ab39105ccdbdfe388b224bfe010118e8],
RiskWare.Tool.HCK, C:\Users\GEOFFERY\Downloads\keygen 32~64 bits.rar, Quarantined, [edf7501c07830630dd2b4dfa12f0d729],
PUP.Optional.Softonic, C:\Users\GEOFFERY\Downloads\SoftonicDownloader_for_prezi-desktop.exe, Quarantined, [41a336362c5e6fc74037fa62946c53ad],
Hacktool.Agent, C:\Users\GEOFFERY\Downloads\Wind-7 Act.rar, Quarantined, [eef6f577c7c3cf67ff336b0fd42d1be5],
PUP.Optional.SalePlus.A, C:\Program Files (x86)\SaalEPlus\E6ePluvXeRIsPa.tlb, Quarantined, [756f53192565e05654ece3dcb25105fb],
PUP.Optional.SalePlus.A, C:\Program Files (x86)\SaalEPlus\E6ePluvXeRIsPa.dat, Quarantined, [756f53192565e05654ece3dcb25105fb],
PUP.Optional.SalePlus.A, C:\Program Files (x86)\SalePLus\4Rx8vVEQf3HYSw.tlb, Quarantined, [558f313bf99153e30f31aa154cb7bc44],
PUP.Optional.SalePlus.A, C:\Program Files (x86)\SalePLus\4Rx8vVEQf3HYSw.dat, Quarantined, [558f313bf99153e30f31aa154cb7bc44],
PUP.Optional.SalePlus.A, C:\Program Files (x86)\SalePluus\rUR0MAu4s7es8o.tlb, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
PUP.Optional.SalePlus.A, C:\Program Files (x86)\SalePluus\rUR0MAu4s7es8o.dat, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
PUP.Optional.SpeedBit.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\searchplugins\speedbit.xml, Quarantined, [50940f5da2e8290d52d8448f3cc71fe1],
PUP.Optional.MyStartSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystartsearch.xml, Quarantined, [41a35d0f2169053151b311c7ae55fd03],
PUP.Optional.PCPerformer.A, C:\Windows\System32\Tasks\PC Performer Daily Check, Quarantined, [22c296d67713e74f65804d99030013ed],
PUP.Optional.PCPerformer.A, C:\Windows\System32\Tasks\PC Performer Logon Scan, Quarantined, [7b6929434f3be55127bea4425da6827e],
PUP.Optional.PCPerformer.A, C:\Windows\System32\Tasks\PC Performer Scheduled Scan, Quarantined, [b82cd29a6822da5c11d40adc10f37987],
PUP.Optional.PCPerformer, C:\Windows\performersoftsetup.dll, Quarantined, [14d06a0236544de92a48ca1de91af808],
PUP.Optional.DefaultSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, Quarantined, [8c58224a93f7c86e1cc3996af70d33cd],
PUP.Optional.WebSearch.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\searchplugins\WebSearch.xml, Quarantined, [479d82eac3c70e2817fd1ee9e12318e8],
PUP.Optional.EZDownloader.A, C:\Users\Public\Desktop\EZDownloader.lnk, Quarantined, [cf15beaed0ba57dff3d837eebe473dc3],
PUP.Optional.SearchAlgo.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\searchplugins\SearchAlgo.xml, Quarantined, [d1135d0f57336dc94989aa9cfc0946ba],
PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpmmhaffdebnmkjelaohgjmndeongip\236\lsdb.js, Quarantined, [81639bd18dfd71c578364114b352cf31],
PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpmmhaffdebnmkjelaohgjmndeongip\236\background.html, Quarantined, [81639bd18dfd71c578364114b352cf31],
PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpmmhaffdebnmkjelaohgjmndeongip\236\content.js, Quarantined, [81639bd18dfd71c578364114b352cf31],
PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpmmhaffdebnmkjelaohgjmndeongip\236\Mambr.js, Quarantined, [81639bd18dfd71c578364114b352cf31],
PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpmmhaffdebnmkjelaohgjmndeongip\236\manifest.json, Quarantined, [81639bd18dfd71c578364114b352cf31],
PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kagejfgngcmkbaacpmcnbpkhmhoeccee\236\lsdb.js, Quarantined, [4e966dffc8c21c1a8727db7a9a6bda26],
PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kagejfgngcmkbaacpmcnbpkhmhoeccee\236\background.html, Quarantined, [4e966dffc8c21c1a8727db7a9a6bda26],
PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kagejfgngcmkbaacpmcnbpkhmhoeccee\236\content.js, Quarantined, [4e966dffc8c21c1a8727db7a9a6bda26],
PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kagejfgngcmkbaacpmcnbpkhmhoeccee\236\manifest.json, Quarantined, [4e966dffc8c21c1a8727db7a9a6bda26],
PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kagejfgngcmkbaacpmcnbpkhmhoeccee\236\r.js, Quarantined, [4e966dffc8c21c1a8727db7a9a6bda26],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.Core.dll, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.exe, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.exe.config, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.Extension.dll, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.Spider.dll, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\ICSharpCode.SharpZipLib.dll, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\Interop.SHDocVw.dll, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\TabStrip.dll, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\unins000.dat, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\unins000.exe, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
PUP.Optional.PCPerformer, C:\Users\GEOFFERY\AppData\Roaming\Performersoft\PC Performer\IgnoreList.dat, Quarantined, [63819cd0d2b86cca53be3e67de25af51],
PUP.Optional.PCPerformer, C:\Users\GEOFFERY\AppData\Roaming\Performersoft\PC Performer\LastScan.dat, Quarantined, [63819cd0d2b86cca53be3e67de25af51],
PUP.Optional.PCPerformer, C:\Users\GEOFFERY\AppData\Roaming\Performersoft\PC Performer\Logs\PC Performer.log, Quarantined, [63819cd0d2b86cca53be3e67de25af51],
PUP.Optional.PCPerformer, C:\Users\GEOFFERY\AppData\Roaming\Performersoft\PC Performer\Logs\PSCheckUp.log, Quarantined, [63819cd0d2b86cca53be3e67de25af51],
PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\chrome.manifest, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\install.rdf, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\DnsBHO.js, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\Error404BHO.js, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\MainBHO.js, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\NativeHelper.js, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\NewTabBHO.js, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\overlay.js, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\overlay.xul, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\RelatedSearch.js, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\RequestPreserver.js, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\SearchBHO.js, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\SettingManager.js, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
PUP.Optional.EZDownloader, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader\EZDownloader.lnk, Quarantined, [539135376525c5711d42bceb6f94ca36],
PUP.Optional.SearchEngine.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com\chrome.manifest, Quarantined, [4c986efe7416d561997b734712f1c937],
PUP.Optional.SearchEngine.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com\install.rdf, Quarantined, [4c986efe7416d561997b734712f1c937],
PUP.Optional.SearchEngine.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com\chrome\content\toolbar.js, Quarantined, [4c986efe7416d561997b734712f1c937],
PUP.Optional.SearchEngine.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com\chrome\content\toolbar.xul, Quarantined, [4c986efe7416d561997b734712f1c937],
PUP.Optional.SearchEngine.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com\chrome\skin\icon.png, Quarantined, [4c986efe7416d561997b734712f1c937],
PUP.Optional.SearchFix.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://websearch.searchfix.info/?unqvl=63&idate=2015/03/24&l=1&q=");), Replaced,[479d4d1ff49654e202e21e226f9728d8]
PUP.Optional.CrossRider.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14c9983d2efea2f4ffdf485c5d64d4d9");), Replaced,[e5ff83e98ffb55e16e89c181c93d0cf4]
PUP.Optional.SearchAlgo.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.searchalgo.com/?cid=5072");), Replaced,[5e8608643d4d87afeb5e8eb6689e6898]
PUP.Optional.SearchAlgo.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.searchalgo.com/?cid=5072");), Replaced,[c1230a624743fa3cc78387bd39cd2dd3]
PUP.Optional.MyStartSearch.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\search.json, Good: (), Bad: (mystartsearch), Replaced,[697b6ffd7b0fe25451163f00788e31cf]

Physical Sectors: 0
(No malicious items detected)


(end)
 
AFTER ADCLEANER
# AdwCleaner v4.201 - Logfile created 15/04/2015 at 22:57:15
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Local]
# Operating system : Windows 8 Pro (x64)
# Username : GEOFFERY - UDENWANI
# Running from : C:\Users\GEOFFERY\Downloads\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : globalUpdatem
Service Deleted : hshld

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\SeekerProc
Folder Deleted : C:\Program Files (x86)\BuyNNsavE
Folder Deleted : C:\Program Files (x86)\BuyNNssave
Folder Deleted : C:\Program Files (x86)\YoutubeAdBlocke
Folder Deleted : C:\Users\GEOFFERY\AppData\Local\globalUpdate
Folder Deleted : C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar
Folder Deleted : C:\Users\GEOFFERY\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\GEOFFERY\AppData\Roaming\SkypEmoticons
Folder Deleted : C:\Users\GEOFFERY\AppData\Roaming\WebExtend
File Deleted : C:\Users\GEOFFERY\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\GEOFFERY\AppData\Roaming\regsvr32.exe_log.txt

***** [ Scheduled tasks ] *****

Task Deleted : PC Performer Daily Check
Task Deleted : PC Performer Logon Scan
Task Deleted : PC Performer Scheduled Scan

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [se]
Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Deleted : HKLM\SOFTWARE\38471acb-07b7-e725-a131-3b9ecdadf0c4
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{a8177b71-ee19-4e0f-b2f9-02d533eb946D}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\PerformerSoft
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\SpeedBit
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\PerformerSoft
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\SpeedBit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : [x64] HKLM\SOFTWARE\SpeedBit
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:8080
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17183


-\\ Mozilla Firefox v37.0.1 (x86 en-US)

[cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchfix.info/?unqvl=63&idate=2015/03/24&l=1&q=");
[cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "SearchAlgo");
[cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.alias", "mystartsearch");
[cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.name", "mystartsearch");
[cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1427386365&from=wpc&uid=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}");
[cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "SearchAlgo");
[cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("extensions.eW4NsvKcCG2bMr6o.scode", "(function(){try{if(window.self.location.href.indexOf(\"qdC8rjg5rTU4rHY9pjs9qdC7rn\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\"[...]
[cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("extensions.qPozVH4AwixxTNNu.scode", "(function(){try{if(window.self.location.href.indexOf(\"qdC8rjg5rTU4rHY9pjs9qdC7rn\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\"[...]
[cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\GEOFFERY\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cei6nzih.default-1409799015992\\\\exte[...]

-\\ Google Chrome v

[C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1416439136&from=wpc&uid=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
[C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1416439136&from=wpc&uid=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
[C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.searchfix.info/?unqvl=63&idate=2015/03/24&l=1&q={searchTerms}
[C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://go.speedbit.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
[C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Homepage] : hxxp://go.speedbit.com/?pid=s
[C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Startup_URLs] : hxxp://go.speedbit.com/?pid=s
[C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Default_Search_Provider_Data] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1416439136&from=wpc&uid=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}

*************************

AdwCleaner[R0].txt - [12676 bytes] - [15/04/2015 22:55:53]
AdwCleaner[S0].txt - [12345 bytes] - [15/04/2015 22:57:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12405 bytes] ##########
 
After scanning with jrt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.5 (04.15.2015:1)
OS: Windows 8 Pro x64
Ran by GEOFFERY on Wed 04/15/2015 at 23:13:25.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HD-UpdaterService_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HD-UpdaterService_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HD-UpdaterService_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HD-UpdaterService_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\tencent
Successfully deleted: [Folder] C:\Users\GEOFFERY\AppData\Roaming\tencent



~~~ FireFox

Successfully deleted the following from C:\Users\GEOFFERY\AppData\Roaming\mozilla\firefox\profiles\cei6nzih.default-1409799015992\prefs.js

user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.ptid, wpc);
user_pref(browser.search.searchengine.uid, HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX);
user_pref(extensions.18R0KVE3jzMYWlZ1.scode, (function(){try{if(window.self.location.href.indexOf(\qdC8rjg5rTU4rHY9pjs9qdC7rn\)>-1){return;}}catch(e){}try{var d=[[\trian
user_pref(extensions.3JiaepS9trQaygRq.scode, (function(){try{if(window.self.location.href.indexOf(\qdC8rjg5rTU4rHY9pjs9qdC7rn\)>-1){return;}}catch(e){}try{var d=[[\trian
user_pref(extensions.xpiState, {\app-profile\:{\abs@avira.com\:{\d\:\C:\\\\Users\\\\GEOFFERY\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cei6nzih.defa
Emptied folder: C:\Users\GEOFFERY\AppData\Roaming\mozilla\firefox\profiles\cei6nzih.default-1409799015992\minidumps [1 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/15/2015 at 23:16:20.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
is it safe now?
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.
Back