TechSpot

Malware dwm.exe and indexer.exe

By nolly190
Apr 14, 2015
  1. Please here is the log file
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2015
    Ran by GEOFFERY (administrator) on UDENWANI on 15-04-2015 02:36:30
    Running from C:\Users\GEOFFERY\Desktop
    Loaded Profiles: GEOFFERY (Available profiles: GEOFFERY)
    Platform: Windows 8 Pro (X64) OS Language: English (United States)
    Internet Explorer Version 10 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    () C:\ProgramData\Airtel Broadband\OnlineUpdate\ouc.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
    (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
    (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    () C:\ProgramData\DatacardService\HWDeviceService64.exe
    () C:\ProgramData\MTN F@stLink\OnlineUpdate\ouc.exe
    (Proxy Labs) C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe
    (Paessler AG) C:\Program Files (x86)\PRTG Network Monitor\PRTG Server.exe
    (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    (Paessler AG) C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (Speedbit Ltd.) C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
    () C:\Program Files (x86)\Tether\TBService.exe
    (TorchMedia Inc.) C:\Users\GEOFFERY\AppData\Local\Torch\Update\TorchCrashHandler.exe
    () C:\Program Files (x86)\MTN F@stLink\AssistantServices.exe
    (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
    (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    () C:\Program Files (x86)\MTN F@stLink\UIExec.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
    (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
    () C:\Program Files (x86)\MTN F@stLink\MTN F@stLink.exe
    () C:\Users\GEOFFERY\Desktop\BIS+SS\SimpleServer.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [ProxyCap] => C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe [2599936 2014-07-06] (Proxy Labs)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
    HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-18] (Research In Motion Limited)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\MTN F@stLink\UIExec.exe [139088 2011-03-17] ()
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [835288 2014-08-13] (BlueStack Systems, Inc.)
    HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Qualcomm®Atheros®))
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21644384 2014-07-02] (Skype Technologies S.A.)
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [se] => C:\Users\GEOFFERY\AppData\Roaming\SkypEmoticons\SE.exe [5679008 2014-11-20] (SkypEmoticons)
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [LiveSupport] => "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [uTorrent] => C:\Users\GEOFFERY\AppData\Roaming\uTorrent\uTorrent.exe [1728336 2014-12-21] (BitTorrent Inc.)
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3890768 2015-02-23] (Tonec Inc.)
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [9882448 2014-10-06] (Visicom Media Inc.)
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [4242064 2015-01-29] (Speedbit Ltd.)
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [1163072 2012-04-12] (DT Soft Ltd)
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Run: [tsiVideo] => C:\Windows\SysWOW64\rundll32.exe C:\Users\GEOFFERY\AppData\Local\Temp\\mdi064.dll,asdasd <===== ATTENTION
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {1dada5ae-8f72-11e4-bea2-b8ee656c9248} - "F:\Windows\AutoRun.exe"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {2c027a55-8689-11e4-be9b-b8ee656ce068} - "F:\AutoRun.exe"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {383fcbd2-53d1-11e4-be77-b8ee656ce068} - "F:\AutoRun.exe"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {40422c21-7233-11e4-be8c-c4346b4849e3} - "F:\AutoRun.exe"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {43cdebcb-acab-11e4-bec6-c4346b4849e3} - "G:\laucher.exe"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {43dfe6fa-68b9-11e4-be88-b8ee656ce068} - "F:\AutoRun.exe"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {600cbd8d-bf21-11e4-bed5-b8ee656ce068} - "F:\AutoRun.exe"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {62f1d66d-d3b1-11e4-beee-b8ee656ce068} - "G:\setup.exe"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {666d76e0-69e1-11e4-be8a-c4346b4849e3} - "G:\AutoRun.exe"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {666d7952-69e1-11e4-be8a-c4346b4849e3} - "I:\AutoRun.exe"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {83b72845-2eec-11e4-be6e-b8ee656ce068} - "F:\AutoRun.exe"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {bc96256e-2411-11e4-be6a-b8ee656ce068} - "F:\AutoRun.exe"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {bc9625e0-2411-11e4-be6a-b8ee656ce068} - "F:\AutoRun.exe"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {d2b27d90-74ce-11e4-be8d-b8ee656c9248} - "F:\AutoRun.exe"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {f183abe2-9b45-11e4-bea5-c4346b4849e3} - "F:\AutoRun.exe"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {f183ac23-9b45-11e4-bea5-c4346b4849e3} - "F:\AutoRun.exe"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\MountPoints2: {f89c9ff5-33d8-11e4-be72-b8ee656ce068} - "I:\AutoRun.exe"
    Startup: C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk
    ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    Startup: C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
    ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
    ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [S-1-5-21-2198692194-3404810195-2407512553-1001] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-2198692194-3404810195-2407512553-1001] => 127.0.0.1:8080
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchalgo.com/?cid=5072
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
    SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
    SearchScopes: HKLM-x32 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=F1Ra1&q={searchTerms}
    SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?unqvl=63&idate=2015/03/24&l=1&q={searchTerms}
    SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coolsearches.info/...&hid=4751682993849244761&lg=EN&cc=NG&unqvl=85
    SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> DefaultScope {a8177b71-ee19-4e0f-b2f9-02d533eb946D} URL = http://www.searchalgo.com/search.html?q={searchTerms}&cid=5072
    SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {a8177b71-ee19-4e0f-b2f9-02d533eb946D} URL = http://www.searchalgo.com/search.html?q={searchTerms}&cid=5072
    SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
    BHO: SaalEPlus -> {513e12d2-f079-4adc-a4fc-5771006df6cb} -> C:\Program Files (x86)\SaalEPlus\E6ePluvXeRIsPa.x64.dll [2015-03-24] ()
    BHO: SalePluus -> {7f7850e9-0b94-42d1-bb54-f449092c0686} -> C:\Program Files (x86)\SalePluus\rUR0MAu4s7es8o.x64.dll [2015-03-26] ()
    BHO: youtubeadblocker -> {a57942b0-1098-464f-bddd-36e85047f2bc} -> C:\Program Files (x86)\youtubeadblocker\SlB36L7zeIVN8c.x64.dll No File
    BHO: SalePLus -> {a7e93dc1-bcd4-481f-8ba0-ab52cfd1c9ab} -> C:\Program Files (x86)\SalePLus\4Rx8vVEQf3HYSw.x64.dll [2015-03-24] ()
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
    BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll [2015-01-28] (Speedbit Ltd.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 10.109.2.97 10.109.5.97
    Tcpip\..\Interfaces\{46B6BAE7-18EE-4DFE-9350-7A05703EB645}: [NameServer] 10.109.2.97 10.109.5.97
    Tcpip\..\Interfaces\{55067579-DA9A-4E67-94A4-DD8A03A165AB}: [NameServer] 208.67.222.222,208.67.220.220
    Tcpip\..\Interfaces\{80602E45-81AF-4059-A08B-F6CCCD642126}: [NameServer] 10.109.2.97 10.109.5.97
    Tcpip\..\Interfaces\{923F1A57-A3B4-45D8-99BA-16FF7BD43085}: [NameServer] 10.109.2.97 10.109.5.97
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX

    FireFox:
    ========
    FF ProfilePath: C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992
    FF NewTab: hxxp://www.searchalgo.com/?cid=5072
    FF DefaultSearchEngine,S: WebSearch
    FF DefaultSearchUrl: hxxp://websearch.searchfix.info/?unqvl=63&idate=2015/03/24&l=1&q=
    FF SearchEngineOrder.1: SearchAlgo
    FF SearchEngineOrder.1,S: WebSearch
    FF SelectedSearchEngine: SearchAlgo
    FF SelectedSearchEngine,S: WebSearch
    FF Homepage: hxxp://www.searchalgo.com/?cid=5072
    FF Keyword.URL: hxxp://websearch.searchfix.info/?unqvl=63&idate=2015/03/24&l=1&q=
    FF NetworkProxy: "backup.ftp", "127.0.0.1"
    FF NetworkProxy: "backup.ftp_port", 8080
    FF NetworkProxy: "backup.socks", "127.0.0.1"
    FF NetworkProxy: "backup.socks_port", 8080
    FF NetworkProxy: "backup.ssl", "127.0.0.1"
    FF NetworkProxy: "backup.ssl_port", 8080
    FF NetworkProxy: "ftp", "127.0.0.1"
    FF NetworkProxy: "ftp_port", 8080
    FF NetworkProxy: "http", "127.0.0.1"
    FF NetworkProxy: "http_port", 8080
    FF NetworkProxy: "share_proxy_settings", true
    FF NetworkProxy: "socks", "127.0.0.1"
    FF NetworkProxy: "socks_port", 8080
    FF NetworkProxy: "ssl", "127.0.0.1"
    FF NetworkProxy: "ssl_port", 8080
    FF NetworkProxy: "type", 1
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
    FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
    FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin-x32: TorchVLC -> C:\Users\GEOFFERY\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-30] (VideoLAN)
    FF SearchPlugin: C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\searchplugins\SearchAlgo.xml [2015-04-03]
    FF SearchPlugin: C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\searchplugins\speedbit.xml [2015-01-28]
    FF SearchPlugin: C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\searchplugins\WebSearch.xml [2015-03-24]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml [2014-11-19]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2014-11-20]
     
  2. nolly190

    nolly190 TS Rookie Topic Starter

    FF Extension: Avira Browser Safety - C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\Extensions\abs@avira.com [2015-03-31]
    FF Extension: IDM CC - C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\Extensions\mozilla_cc@internetdownloadmanager.com [2015-04-06]
    FF Extension: Search Enginer - C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\Extensions\searchengine@gmail.com [2015-03-24]
    FF Extension: SaveFrom.net helper - C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\Extensions\helper@savefrom.net.xpi [2015-01-07]
    FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-04-07]
    FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
    FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2015-01-28]
    FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
    FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-02-27]
    FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\istart_ffnt@gmail.com
    FF HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\GEOFFERY\AppData\Roaming\IDM\idmmzcc5
    FF Extension: IDM CC - C:\Users\GEOFFERY\AppData\Roaming\IDM\idmmzcc5 [2015-03-06]
    FF HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox
    FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files (x86)\DAP\DAPFireFox [2015-01-28]
    FF HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\GEOFFERY\AppData\Roaming\IDM\idmmzcc5
    FF Extension: No Name - C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com [Not Found]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR DefaultSearchKeyword: Default -> 83D3D3ABA70EA83BA55755152DCD77B8E3F87FE811EE750AA4509DFE54865952
    CHR DefaultSearchURL: Default -> D658ED442F74A7E98CEEE3F92EB9BE37766FF914DEEA28E16AEDF77F00244BE0
    CHR Profile: C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-15]
    CHR Extension: (Google Docs) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-15]
    CHR Extension: (Google Drive) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-15]
    CHR Extension: (YouTube) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-15]
    CHR Extension: (Google Search) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-15]
    CHR Extension: (Tampermonkey) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-01-07]
    CHR Extension: (Xdebug helper) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadndfjplgieldjbigjakmdgkmoaaaoc [2014-11-15]
    CHR Extension: (Google Sheets) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-15]
    CHR Extension: (Avira Browser Safety) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-15]
    CHR Extension: (NetBeans Connector) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hafdlehgocfcodbgjnpecfajgkeejnaa [2014-11-15]
    CHR Extension: (Hey Girl) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpmmhaffdebnmkjelaohgjmndeongip [2015-03-24]
    CHR Extension: (Silver Bird Plus Twitter Client) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kagejfgngcmkbaacpmcnbpkhmhoeccee [2015-03-24]
    CHR Extension: (mpajngnpcmjjeoflljdjpnehcfaldcia) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpajngnpcmjjeoflljdjpnehcfaldcia [2015-04-12]
    CHR Extension: (IDM Integration Module) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-03-06]
    CHR Extension: (Google Wallet) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-15]
    CHR Extension: (Gmail) - C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-15]
    CHR Extension: (SaalEPlus) - C:\ProgramData\gfklgjjghanjhlkepkbmbacgnhbmadga\ []
    CHR Extension: (BuyNNssave) - C:\ProgramData\icmdfnaocbhjdijlbhjhcnoadjkbaeip\ []
    CHR Extension: (GoSave) - C:\ProgramData\ieoagbfafmkoplmimfiooggffdjmmbkn\ []
    CHR Extension: (SalePluus) - C:\ProgramData\kiemmhkanngdinianilpblpdnadfohoa\ []
    CHR Extension: (SalePLus) - C:\ProgramData\lmgogmohjfpcfmghbijnecleffggoofd\ []
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-24]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-24]
    CHR HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - http://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [kbhplonhjleiopohgmppianogioknked] - C:\Program Files\Common Files\SpeedBit\SBUpdate\NewTabLaunch.crx [2014-01-24]
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-24]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 Airtel Broadband. RunOuc; C:\Program Files (x86)\Airtel Broadband\UpdateDog\ouc.exe [656976 2013-08-21] ()
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
    R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed]
    R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
    S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-19] (Research In Motion Limited) [File not signed]
    R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
    S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-08-13] (BlueStack Systems, Inc.)
    R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-08-13] (BlueStack Systems, Inc.)
    R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-08-13] (BlueStack Systems, Inc.)
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-12-08] (Macrovision Europe Ltd.) [File not signed]
    R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed]
    S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
    R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
    R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-02-06] ()
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
    S2 MTN F@stLink. RunOuc; C:\Program Files (x86)\MTN F@stLink\UpdateDog\ouc.exe [246112 2015-01-21] ()
    R2 pcapsvc; C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe [2401792 2014-07-06] (Proxy Labs) [File not signed]
    R2 PRTGCoreService; C:\Program Files (x86)\PRTG Network Monitor\PRTG Server.exe [7630048 2015-03-31] (Paessler AG)
    R2 PRTGProbeService; C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe [9700576 2015-03-31] (Paessler AG)
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
    R2 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [2545272 2014-04-15] (Speedbit Ltd.)
    R2 Tether; C:\Program Files (x86)\Tether\TBService.exe [50416 2011-09-29] () [File not signed]
    R2 TorchCrashHandler; C:\Users\GEOFFERY\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2014-12-04] (TorchMedia Inc.) <==== ATTENTION
    R2 UI Assistant Service; C:\Program Files (x86)\MTN F@stLink\AssistantServices.exe [261456 2011-03-17] ()
    S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
    S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
    S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
    R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-08-13] (BlueStack Systems)
    R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
    R3 BthMtpEnum; C:\Windows\system32\DRIVERS\BthMtpEnum.sys [64512 2012-07-26] (Microsoft Corporation)
    R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-03-26] (DT Soft Ltd)
    R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
    R3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [246272 2013-08-21] (Huawei Technologies Co., Ltd.)
    R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49776 2014-07-25] (Visicom Media Inc.)
    R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
    R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-08-26] (Realtek Semiconductor Corp.)
    R3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [41368 2014-04-15] ()
    R1 sbwfpc; C:\Windows\system32\drivers\sbwfpc.sys [47392 2014-07-06] ()
    R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-08-07] (Hewlett-Packard Development Company, L.P.)
    R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [35344 2015-04-15] ()

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-15 02:36 - 2015-04-15 02:37 - 00036288 _____ () C:\Users\GEOFFERY\Desktop\FRST.txt
    2015-04-15 02:36 - 2015-04-15 02:36 - 00000000 ____D () C:\FRST
    2015-04-15 02:33 - 2015-04-15 02:33 - 02096640 _____ (Farbar) C:\Users\GEOFFERY\Downloads\FRST64.exe
    2015-04-15 02:33 - 2015-04-15 02:33 - 02096640 _____ (Farbar) C:\Users\GEOFFERY\Desktop\FRST64.exe
    2015-04-15 02:18 - 2015-04-15 02:18 - 00000117 _____ () C:\Windows\system32\netcfg-956343.txt
    2015-04-15 02:07 - 2015-04-15 02:07 - 00096784 _____ (CACE Technologies) C:\Windows\SysWOW64\WPRO_41_2001woem.tmp
    2015-04-14 22:59 - 2015-04-14 22:59 - 00000117 _____ () C:\Windows\system32\netcfg-6687843.txt
    2015-04-14 22:00 - 2015-04-14 22:04 - 14958592 _____ () C:\Users\GEOFFERY\Downloads\RogueKiller.exe
    2015-04-14 21:15 - 2015-04-14 21:15 - 00000117 _____ () C:\Windows\system32\netcfg-482140.txt
    2015-04-14 21:11 - 2015-04-15 02:07 - 00035344 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
    2015-04-14 20:48 - 2015-04-14 20:48 - 00000117 _____ () C:\Windows\system32\netcfg-14177890.txt
    2015-04-14 20:24 - 2015-04-14 20:24 - 00000117 _____ () C:\Windows\system32\netcfg-12731687.txt
    2015-04-14 20:17 - 2015-04-14 20:17 - 00000117 _____ () C:\Windows\system32\netcfg-12325859.txt
    2015-04-14 17:04 - 2015-04-14 17:04 - 00000117 _____ () C:\Windows\system32\netcfg-730343.txt
    2015-04-14 16:59 - 2015-04-14 16:59 - 00000156 _____ () C:\Windows\system32\netcfg-424218.txt
    2015-04-14 16:58 - 2015-04-14 16:58 - 00000117 _____ () C:\Windows\system32\netcfg-380234.txt
    2015-04-14 16:56 - 2015-04-14 16:56 - 00000117 _____ () C:\Windows\system32\netcfg-270718.txt
    2015-04-14 16:42 - 2015-04-14 16:42 - 00000117 _____ () C:\Windows\system32\netcfg-6938734.txt
    2015-04-14 15:50 - 2015-04-14 15:50 - 00000117 _____ () C:\Windows\system32\netcfg-3841078.txt
    2015-04-14 10:52 - 2015-04-14 10:52 - 00000117 _____ () C:\Windows\system32\netcfg-89432609.txt
    2015-04-14 08:47 - 2015-04-14 08:48 - 00000117 _____ () C:\Windows\system32\netcfg-81954218.txt
    2015-04-13 22:21 - 2015-04-13 22:21 - 00000117 _____ () C:\Windows\system32\netcfg-44361812.txt
    2015-04-13 20:54 - 2015-04-13 20:54 - 00000117 _____ () C:\Windows\system32\netcfg-39160468.txt
    2015-04-13 13:14 - 2015-04-13 13:14 - 00000117 _____ () C:\Windows\system32\netcfg-11556328.txt
    2015-04-13 13:13 - 2015-04-13 13:13 - 00000117 _____ () C:\Windows\system32\netcfg-11508406.txt
    2015-04-13 13:08 - 2015-04-13 13:08 - 00000117 _____ () C:\Windows\system32\netcfg-11209640.txt
    2015-04-13 13:08 - 2015-04-13 13:08 - 00000117 _____ () C:\Windows\system32\netcfg-11208171.txt
    2015-04-13 13:08 - 2015-04-13 13:08 - 00000117 _____ () C:\Windows\system32\netcfg-11190250.txt
    2015-04-13 13:08 - 2015-04-13 13:08 - 00000117 _____ () C:\Windows\system32\netcfg-11188796.txt
    2015-04-13 12:47 - 2015-04-13 12:47 - 00000117 _____ () C:\Windows\system32\netcfg-9933296.txt
    2015-04-13 12:47 - 2015-04-13 12:47 - 00000117 _____ () C:\Windows\system32\netcfg-9920218.txt
    2015-04-13 12:40 - 2015-04-13 12:40 - 00000131 _____ () C:\Windows\system32\netcfg-9508250.txt
    2015-04-13 12:38 - 2015-04-13 12:38 - 00000117 _____ () C:\Windows\system32\netcfg-9432890.txt
    2015-04-13 12:35 - 2015-04-13 12:35 - 00000117 _____ () C:\Windows\system32\netcfg-9205953.txt
    2015-04-13 12:05 - 2015-04-13 12:05 - 00000156 _____ () C:\Windows\system32\netcfg-7443453.txt
    2015-04-13 12:05 - 2015-04-13 12:05 - 00000156 _____ () C:\Windows\system32\netcfg-7414125.txt
    2015-04-13 12:04 - 2015-04-13 12:04 - 00000131 _____ () C:\Windows\system32\netcfg-7395734.txt
    2015-04-13 12:04 - 2015-04-13 12:04 - 00000131 _____ () C:\Windows\system32\netcfg-7365125.txt
    2015-04-13 12:03 - 2015-04-13 12:03 - 00000131 _____ () C:\Windows\system32\netcfg-7296281.txt
    2015-04-13 12:02 - 2015-04-13 12:03 - 00000156 _____ () C:\Windows\system32\netcfg-7275437.txt
    2015-04-13 12:02 - 2015-04-13 12:02 - 00000156 _____ () C:\Windows\system32\netcfg-7236421.txt
    2015-04-13 12:01 - 2015-04-13 12:01 - 00000156 _____ () C:\Windows\system32\netcfg-7195812.txt
    2015-04-13 12:00 - 2015-04-13 12:00 - 00000117 _____ () C:\Windows\system32\netcfg-7119453.txt
    2015-04-13 11:59 - 2015-04-13 11:59 - 00000117 _____ () C:\Windows\system32\netcfg-7047671.txt
    2015-04-13 11:05 - 2015-04-13 10:57 - 00701216 _____ () C:\Users\GEOFFERY\Desktop\Adobe CS6 All Products Activator (x32 & x64).rar
    2015-04-13 10:38 - 2015-04-13 10:38 - 00000156 _____ () C:\Windows\system32\netcfg-2215250.txt
    2015-04-13 10:26 - 2015-04-13 10:33 - 39620744 _____ () C:\Users\GEOFFERY\Downloads\Firefox Setup 38.0b3.exe
    2015-04-13 10:26 - 2015-04-13 10:33 - 39620744 _____ () C:\Users\GEOFFERY\Desktop\Firefox Setup 38.0b3.exe
    2015-04-13 10:08 - 2015-04-13 10:08 - 00000117 _____ () C:\Windows\system32\netcfg-415343.txt
    2015-04-13 10:06 - 2015-04-13 10:06 - 00000117 _____ () C:\Windows\system32\netcfg-306812.txt
    2015-04-13 10:04 - 2015-04-13 10:04 - 00000117 _____ () C:\Windows\system32\netcfg-173375.txt
    2015-04-13 10:01 - 2015-04-13 10:01 - 00000117 _____ () C:\Windows\system32\netcfg-37768703.txt
    2015-04-13 07:51 - 2015-04-13 07:51 - 00000117 _____ () C:\Windows\system32\netcfg-29989984.txt
    2015-04-13 06:21 - 2015-04-13 06:21 - 00000117 _____ () C:\Windows\system32\netcfg-24577968.txt
    2015-04-13 06:21 - 2015-04-13 06:21 - 00000117 _____ () C:\Windows\system32\netcfg-24574968.txt
    2015-04-13 06:21 - 2015-04-13 06:21 - 00000117 _____ () C:\Windows\system32\netcfg-24559109.txt
    2015-04-13 00:12 - 2015-04-13 00:12 - 00000117 _____ () C:\Windows\system32\netcfg-2472406.txt
    2015-04-12 23:35 - 2015-04-12 23:35 - 00000117 _____ () C:\Windows\system32\netcfg-202609.txt
    2015-04-12 23:27 - 2015-04-12 23:27 - 01563673 _____ ( ) C:\Users\GEOFFERY\Downloads\mytxtsetup.exe
    2015-04-12 23:10 - 2015-04-12 23:17 - 39156855 _____ () C:\Users\GEOFFERY\Downloads\spb.zip
    2015-04-12 21:35 - 2015-04-12 21:35 - 00000156 _____ () C:\Windows\system32\netcfg-121474015.txt
    2015-04-12 21:34 - 2015-04-12 21:34 - 00000117 _____ () C:\Windows\system32\netcfg-121417234.txt
    2015-04-12 21:34 - 2015-04-12 21:34 - 00000117 _____ () C:\Windows\system32\netcfg-121386406.txt
    2015-04-12 14:05 - 2015-04-12 14:05 - 00000117 _____ () C:\Windows\system32\netcfg-94506250.txt
    2015-04-12 14:02 - 2015-04-12 14:02 - 00000117 _____ () C:\Windows\system32\netcfg-94303593.txt
    2015-04-12 14:01 - 2015-04-12 14:01 - 00000117 _____ () C:\Windows\system32\netcfg-94222062.txt
    2015-04-12 00:57 - 2015-04-12 00:57 - 00000117 _____ () C:\Windows\system32\netcfg-47195593.txt
    2015-04-12 00:47 - 2015-04-12 00:47 - 00000117 _____ () C:\Windows\system32\netcfg-46580468.txt
    2015-04-12 00:45 - 2015-04-12 00:45 - 00000117 _____ () C:\Windows\system32\netcfg-46483484.txt
    2015-04-12 00:35 - 2015-04-12 00:36 - 14576979 _____ () C:\Users\GEOFFERY\Downloads\com.creapp.photoeditor-4.3.2-APK4Fun.com.apk
    2015-04-11 19:44 - 2015-04-11 19:44 - 00002644 _____ () C:\Users\GEOFFERY\Downloads\example_php.zip
    2015-04-11 19:18 - 2015-04-11 19:19 - 00000069 _____ () C:\Users\GEOFFERY\Desktop\prtg license.txt
    2015-04-11 19:03 - 2015-04-11 19:03 - 00000117 _____ () C:\Windows\system32\netcfg-25980781.txt
    2015-04-11 19:01 - 2015-04-11 19:01 - 00000117 _____ () C:\Windows\system32\netcfg-25871296.txt
    2015-04-11 19:01 - 2015-04-11 19:01 - 00000117 _____ () C:\Windows\system32\netcfg-25869843.txt
    2015-04-11 19:01 - 2015-04-11 19:01 - 00000117 _____ () C:\Windows\system32\netcfg-25825750.txt
    2015-04-11 19:01 - 2015-04-11 19:01 - 00000117 _____ () C:\Windows\system32\netcfg-25824078.txt
    2015-04-11 19:00 - 2015-04-11 19:00 - 00000117 _____ () C:\Windows\system32\netcfg-25812062.txt
    2015-04-11 18:58 - 2015-04-11 18:58 - 00000117 _____ () C:\Windows\system32\netcfg-25662421.txt
    2015-04-11 18:47 - 2015-04-11 18:47 - 00001024 _____ () C:\.rnd
    2015-04-11 18:47 - 2015-04-11 18:47 - 00000000 ____D () C:\ProgramData\Paessler
    2015-04-11 18:47 - 2015-04-11 18:47 - 00000000 ____D () C:\ProgramData\Licenses
    2015-04-11 18:46 - 2015-04-11 18:46 - 00001170 _____ () C:\Users\Public\Desktop\PRTG Enterprise Console.lnk
    2015-04-11 18:46 - 2015-04-11 18:46 - 00001135 _____ () C:\Users\Public\Desktop\PRTG Network Monitor.lnk
    2015-04-11 18:46 - 2015-04-11 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRTG Network Monitor
    2015-04-11 18:45 - 2015-04-15 02:03 - 00000000 ____D () C:\Program Files (x86)\PRTG Network Monitor
    2015-04-11 18:36 - 2015-04-11 18:36 - 00000117 _____ () C:\Windows\system32\netcfg-24370593.txt
    2015-04-11 18:33 - 2015-04-11 18:33 - 00000117 _____ () C:\Windows\system32\netcfg-24144609.txt
    2015-04-11 13:15 - 2015-04-11 13:15 - 00000117 _____ () C:\Windows\system32\netcfg-5077375.txt
    2015-04-11 12:20 - 2015-04-11 12:25 - 161148503 _____ () C:\Users\GEOFFERY\Downloads\prtg.zip
    2015-04-11 11:58 - 2015-04-11 11:58 - 00000156 _____ () C:\Windows\system32\netcfg-478656.txt
    2015-04-11 11:57 - 2015-04-11 11:57 - 00000117 _____ () C:\Windows\system32\netcfg-400343.txt
    2015-04-11 11:56 - 2015-04-11 11:56 - 00000117 _____ () C:\Windows\system32\netcfg-376609.txt
    2015-04-11 11:53 - 2015-04-11 11:53 - 00000117 _____ () C:\Windows\system32\netcfg-175234.txt
    2015-04-11 11:53 - 2015-04-11 11:53 - 00000117 _____ () C:\Windows\system32\netcfg-153093.txt
    2015-04-11 11:48 - 2015-04-11 11:48 - 00000117 _____ () C:\Windows\system32\netcfg-177565625.txt
    2015-04-11 11:47 - 2015-04-11 11:47 - 00000117 _____ () C:\Windows\system32\netcfg-177520500.txt
    2015-04-10 20:51 - 2015-04-10 20:51 - 00000117 _____ () C:\Windows\system32\netcfg-123763796.txt
    2015-04-10 20:32 - 2015-04-10 20:33 - 00000117 _____ () C:\Windows\system32\netcfg-122644140.txt
    2015-04-10 18:58 - 2015-04-10 18:58 - 00000117 _____ () C:\Windows\system32\netcfg-116988718.txt
    2015-04-10 17:35 - 2015-04-10 17:35 - 00000117 _____ () C:\Windows\system32\netcfg-111989718.txt
    2015-04-10 15:24 - 2015-04-10 15:24 - 00000117 _____ () C:\Windows\system32\netcfg-104171265.txt
    2015-04-10 13:39 - 2015-04-10 13:39 - 00000117 _____ () C:\Windows\system32\netcfg-97818218.txt
    2015-04-10 13:36 - 2015-04-10 13:36 - 00000117 _____ () C:\Windows\system32\netcfg-97686812.txt
    2015-04-10 01:53 - 2015-04-10 01:53 - 00000117 _____ () C:\Windows\system32\netcfg-55491500.txt
    2015-04-10 00:54 - 2015-04-10 00:54 - 00000117 _____ () C:\Windows\system32\netcfg-51935000.txt
    2015-04-10 00:52 - 2015-04-10 00:52 - 00000117 _____ () C:\Windows\system32\netcfg-51823984.txt
    2015-04-10 00:48 - 2015-04-10 00:48 - 00001082 _____ () C:\Users\GEOFFERY\Desktop\DC-Unlocker client.lnk
    2015-04-10 00:48 - 2015-04-10 00:48 - 00000000 ____D () C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC-Unlocker
    2015-04-10 00:48 - 2015-04-10 00:48 - 00000000 ____D () C:\Program Files (x86)\DC-Unlocker
    2015-04-10 00:46 - 2015-04-10 00:46 - 03695488 _____ (UAB Digiteka) C:\Users\GEOFFERY\Downloads\dc-unlocker_client-1.00.1084.exe
    2015-04-09 21:43 - 2015-04-13 21:18 - 00003252 _____ () C:\Windows\System32\Tasks\PC Performer Logon Scan
    2015-04-09 20:05 - 2015-04-09 20:05 - 00000156 _____ () C:\Windows\system32\netcfg-34620812.txt
    2015-04-09 20:05 - 2015-04-09 20:05 - 00000131 _____ () C:\Windows\system32\netcfg-34587875.txt
    2015-04-09 20:04 - 2015-04-09 20:04 - 00000117 _____ () C:\Windows\system32\netcfg-34561718.txt
    2015-04-09 20:04 - 2015-04-09 20:04 - 00000117 _____ () C:\Windows\system32\netcfg-34541765.txt
    2015-04-09 20:04 - 2015-04-09 20:04 - 00000117 _____ () C:\Windows\system32\netcfg-34538671.txt
    2015-04-09 20:04 - 2015-04-09 20:04 - 00000117 _____ () C:\Windows\system32\netcfg-34522359.txt
    2015-04-09 15:09 - 2015-04-09 15:09 - 00000117 _____ () C:\Windows\system32\netcfg-16847750.txt
    2015-04-09 12:09 - 2015-04-09 12:09 - 00000117 _____ () C:\Windows\system32\netcfg-6048187.txt
    2015-04-09 11:20 - 2015-04-09 11:21 - 00000156 _____ () C:\Windows\system32\netcfg-3152328.txt
    2015-04-09 11:05 - 2015-04-09 11:05 - 00000117 _____ () C:\Windows\system32\netcfg-2209921.txt
    2015-04-09 11:03 - 2015-04-09 11:03 - 00000117 _____ () C:\Windows\system32\netcfg-2087656.txt
    2015-04-09 11:00 - 2015-04-09 11:00 - 00000114 _____ () C:\Users\GEOFFERY\Desktop\hotspot.txt
    2015-04-09 10:58 - 2015-04-09 10:58 - 00000117 _____ () C:\Windows\system32\netcfg-1801171.txt
    2015-04-09 10:58 - 2015-04-09 10:58 - 00000000 ____D () C:\Users\GEOFFERY\Downloads\01299-Modern-Combat-4-Zero-Hour-v1-1-7c-cache1
    2015-04-09 10:45 - 2015-04-09 10:45 - 00000117 _____ () C:\Windows\system32\netcfg-998921.txt
    2015-04-09 10:29 - 2015-04-09 10:29 - 00000117 _____ () C:\Windows\system32\netcfg-91578.txt
    2015-04-09 10:29 - 2015-04-09 10:29 - 00000117 _____ () C:\Windows\system32\netcfg-90468.txt
    2015-04-09 10:10 - 2015-04-09 10:11 - 00000156 _____ () C:\Windows\system32\netcfg-43134687.txt
    2015-04-09 10:04 - 2015-04-09 10:04 - 00000117 _____ () C:\Windows\system32\netcfg-42749578.txt
    2015-04-09 10:03 - 2015-04-09 10:03 - 00000117 _____ () C:\Windows\system32\netcfg-42732531.txt
    2015-04-09 10:01 - 2015-04-09 10:01 - 05770505 _____ () C:\Users\GEOFFERY\Downloads\01299-Modern-Combat-4-Zero-Hour-v1-1-7c-patch.zip
    2015-04-09 09:59 - 2015-04-09 10:26 - 1240318998 _____ () C:\Users\GEOFFERY\Downloads\01299-Modern-Combat-4-Zero-Hour-v1-1-7c-cache1.zip
    2015-04-09 09:57 - 2015-04-09 09:58 - 00000156 _____ () C:\Windows\system32\netcfg-42358671.txt
    2015-04-09 09:55 - 2015-04-09 09:55 - 00000117 _____ () C:\Windows\system32\netcfg-42253468.txt
    2015-04-09 09:55 - 2015-04-09 09:55 - 00000117 _____ () C:\Windows\system32\netcfg-42253156.txt
    2015-04-09 09:55 - 2015-04-09 09:55 - 00000117 _____ () C:\Windows\system32\netcfg-42246906.txt
    2015-04-09 09:52 - 2015-04-09 09:52 - 01821360 _____ () C:\Users\GEOFFERY\Downloads\SimpleAndroidServer-2.0_com.simpleandroidserver.simpleandroidserver-2.apk
    2015-04-09 09:20 - 2015-04-09 09:23 - 23975306 _____ () C:\Users\GEOFFERY\Downloads\Modern_Combat_4_Zero_Hour_1.1.7c_www.revdl.com.apk
    2015-04-09 09:03 - 2015-04-09 09:03 - 00000117 _____ () C:\Windows\system32\netcfg-39097671.txt
    2015-04-09 01:24 - 2015-04-09 01:24 - 00000117 _____ () C:\Windows\system32\netcfg-11578000.txt
    2015-04-09 00:53 - 2015-04-09 00:53 - 00000117 _____ () C:\Windows\system32\netcfg-9716890.txt
    2015-04-09 00:52 - 2015-04-09 00:52 - 00000117 _____ () C:\Windows\system32\netcfg-9655187.txt
    2015-04-08 23:56 - 2015-04-08 23:56 - 00000117 _____ () C:\Windows\system32\netcfg-6323031.txt
    2015-04-08 22:23 - 2015-04-08 22:23 - 00001131 _____ () C:\Users\Public\Desktop\Avira.lnk
    2015-04-08 22:17 - 2015-04-08 22:17 - 00000156 _____ () C:\Windows\system32\netcfg-376296.txt
    2015-04-08 22:17 - 2015-04-08 22:17 - 00000117 _____ () C:\Windows\system32\netcfg-340359.txt
    2015-04-08 22:14 - 2015-04-08 22:14 - 00000117 _____ () C:\Windows\system32\netcfg-195359.txt
    2015-04-08 22:11 - 2015-04-08 22:11 - 00000117 _____ () C:\Windows\system32\netcfg-23276515.txt
    2015-04-08 21:44 - 2015-04-08 21:44 - 00000117 _____ () C:\Windows\system32\netcfg-21678484.txt
    2015-04-08 21:35 - 2015-04-08 21:35 - 00000117 _____ () C:\Windows\system32\netcfg-21128796.txt
    2015-04-08 21:26 - 2015-04-08 21:26 - 00000117 _____ () C:\Windows\system32\netcfg-20579937.txt
    2015-04-08 21:25 - 2015-04-08 21:25 - 00000117 _____ () C:\Windows\system32\netcfg-20533359.txt
    2015-04-08 18:23 - 2015-04-08 18:23 - 00389941 _____ () C:\Users\GEOFFERY\Downloads\iAndroGames.CreeHack.v1.1.apk
    2015-04-08 18:00 - 2015-04-08 18:03 - 04342172 _____ () C:\Users\GEOFFERY\Downloads\Lucky+Patcher+v5.5.3(http___apkdownloads.wap-ka.apk
    2015-04-08 17:10 - 2015-04-08 17:10 - 04522309 _____ () C:\Users\GEOFFERY\Downloads\com.rhmsoft.fm-v2.1.0.185-Android-2.3.apk
    2015-04-08 16:39 - 2015-04-08 16:39 - 00289260 _____ () C:\Users\GEOFFERY\Downloads\game-killer.apk
    2015-04-08 15:51 - 2015-04-08 15:51 - 00000117 _____ () C:\Windows\system32\netcfg-485968.txt
    2015-04-08 15:48 - 2015-04-14 14:47 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
    2015-04-08 15:44 - 2015-04-08 15:44 - 00000117 _____ () C:\Windows\system32\netcfg-97906.txt
    2015-04-08 15:39 - 2014-09-06 21:12 - 28574669 _____ () C:\Users\GEOFFERY\Desktop\GUNSHIP-BATTLE-1.1.9 MOD-APK-oym.apk
    2015-04-08 15:35 - 2015-04-08 15:35 - 00000000 ____D () C:\Users\GEOFFERY\AppData\Local\globalUpdate
    2015-04-08 15:32 - 2015-04-08 15:32 - 01980416 _____ () C:\Users\GEOFFERY\Downloads\VIPGunshipBattleHelicopter3D2015__7934_il64464(1).exe
    2015-04-08 15:32 - 2015-04-08 15:32 - 00001222 _____ () C:\Users\GEOFFERY\Desktop\Continue installation .lnk
    2015-04-08 15:03 - 2015-04-08 15:10 - 25472569 _____ () C:\Users\GEOFFERY\Downloads\GUNSHIP-BATTLE-1.1.9 MOD-APK-oym.rar
    2015-04-08 14:58 - 2015-04-08 14:58 - 03724394 _____ () C:\Users\GEOFFERY\Downloads\Gunship-Battle-Helicopter-3D-Hack.zip
    2015-04-08 14:47 - 2015-04-08 14:47 - 04490434 _____ () C:\Users\GEOFFERY\Downloads\Gunship-Battle-Helicopter-3D-Hack-AndroidiOS.rar
    2015-04-08 14:34 - 2015-04-08 14:34 - 02048000 _____ () C:\Users\GEOFFERY\Downloads\VIPGunshipBattleHelicopter3D2015__7934_il64464.exe
    2015-04-08 14:22 - 2015-04-08 14:22 - 00000117 _____ () C:\Windows\system32\netcfg-26089109.txt
    2015-04-08 14:09 - 2015-04-08 14:09 - 00000117 _____ () C:\Windows\system32\netcfg-25274093.txt
    2015-04-08 13:30 - 2015-04-08 13:30 - 00000117 _____ () C:\Windows\system32\netcfg-22941468.txt
    2015-04-08 11:19 - 2015-04-08 11:19 - 00000117 _____ () C:\Windows\system32\netcfg-15134156.txt
    2015-04-08 11:04 - 2015-04-08 11:04 - 01760040 _____ () C:\Users\GEOFFERY\Downloads\wrar521.exe
    2015-04-08 11:03 - 2015-04-08 11:03 - 00000117 _____ () C:\Windows\system32\netcfg-14152796.txt
    2015-04-08 11:03 - 2015-04-08 11:03 - 00000117 _____ () C:\Windows\system32\netcfg-14119984.txt
     
  3. nolly190

    nolly190 TS Rookie Topic Starter

    (x86)\SalePLus
    2015-03-24 23:29 - 2015-03-24 23:29 - 00000000 ____D () C:\ProgramData\lmgogmohjfpcfmghbijnecleffggoofd
    2015-03-24 23:27 - 2015-03-25 14:53 - 00000000 ____D () C:\ProgramData\{ada660f2-0618-148b-ada6-660f206183c8}
    2015-03-24 23:27 - 2015-03-25 14:53 - 00000000 ____D () C:\ProgramData\{00a01f91-90cd-cdab-00a0-01f9190c7e46}
    2015-03-24 22:28 - 2015-03-24 22:28 - 00000117 _____ () C:\Windows\system32\netcfg-23035265.txt
    2015-03-24 22:27 - 2015-03-24 22:27 - 00000117 _____ () C:\Windows\system32\netcfg-23012250.txt
    2015-03-24 21:32 - 2015-03-24 21:32 - 00000117 _____ () C:\Windows\system32\netcfg-19656484.txt
    2015-03-24 21:01 - 2015-03-24 21:01 - 00000117 _____ () C:\Windows\system32\netcfg-17828000.txt
    2015-03-24 20:07 - 2015-03-24 20:07 - 00000117 _____ () C:\Windows\system32\netcfg-14572531.txt
    2015-03-24 16:48 - 2015-03-24 16:48 - 00000117 _____ () C:\Windows\system32\netcfg-2668859.txt
    2015-03-24 16:42 - 2015-03-24 16:42 - 00016259 _____ () C:\Users\GEOFFERY\Desktop\JAMB 2015 Unified Tertiary Matriculation Examination e-Registration - Result Slip Page.htm
    2015-03-24 16:42 - 2015-03-24 16:42 - 00000000 ____D () C:\Users\GEOFFERY\Desktop\JAMB 2015 Unified Tertiary Matriculation Examination e-Registration - Result Slip Page_files
    2015-03-24 16:32 - 2015-03-24 16:32 - 00000117 _____ () C:\Windows\system32\netcfg-1711687.txt
    2015-03-24 15:40 - 2015-03-24 15:40 - 00000117 _____ () C:\Windows\system32\netcfg-84588953.txt
    2015-03-24 15:27 - 2015-03-24 15:27 - 02653293 _____ () C:\Users\GEOFFERY\Downloads\11030256_361464694037351_1818682728_n.mp4
    2015-03-24 14:18 - 2015-03-24 14:22 - 28509232 _____ () C:\Users\GEOFFERY\Downloads\vlc-2.2.0-win32.exe
    2015-03-24 14:17 - 2015-03-24 14:22 - 19133578 _____ () C:\Users\GEOFFERY\Downloads\wowslider-win-setup(2).zip
    2015-03-24 13:04 - 2015-03-24 13:08 - 00761595 _____ () C:\Users\GEOFFERY\Downloads\10625976_10153692136807977_1356325534_n.mp4
    2015-03-24 12:42 - 2015-03-24 12:42 - 00000117 _____ () C:\Windows\system32\netcfg-73944296.txt
    2015-03-23 20:56 - 2015-03-23 20:56 - 00000117 _____ () C:\Windows\system32\netcfg-17182796.txt
    2015-03-23 20:55 - 2015-03-23 20:55 - 00000117 _____ () C:\Windows\system32\netcfg-17150593.txt
    2015-03-23 20:55 - 2015-03-23 20:55 - 00000117 _____ () C:\Windows\system32\netcfg-17108281.txt
    2015-03-23 20:48 - 2015-03-23 20:48 - 00000117 _____ () C:\Windows\system32\netcfg-16702140.txt
    2015-03-23 20:39 - 2015-03-23 20:39 - 00000117 _____ () C:\Windows\system32\netcfg-16159515.txt
    2015-03-23 20:25 - 2015-03-23 20:25 - 00000117 _____ () C:\Windows\system32\netcfg-15336968.txt
    2015-03-23 16:12 - 2015-03-23 16:12 - 00000117 _____ () C:\Windows\system32\netcfg-149843.txt
    2015-03-23 16:02 - 2015-03-23 16:07 - 79974543 _____ () C:\Users\GEOFFERY\Downloads\Wande Coal - Baby Hello [Official Video].mp4.part
    2015-03-23 16:02 - 2015-03-23 16:02 - 00000117 _____ () C:\Windows\system32\netcfg-67592015.txt
    2015-03-23 13:18 - 2015-03-23 13:18 - 00000000 ____D () C:\Users\GEOFFERY\Documents\NFCS
    2015-03-23 13:00 - 2015-03-23 13:00 - 00000117 _____ () C:\Windows\system32\netcfg-56688187.txt
    2015-03-23 12:17 - 2015-03-23 12:17 - 00000117 _____ () C:\Windows\system32\netcfg-54098171.txt
    2015-03-23 12:10 - 2015-03-23 12:10 - 00000117 _____ () C:\Windows\system32\netcfg-53723234.txt
    2015-03-23 11:42 - 2015-03-23 11:42 - 00000000 ____D () C:\Users\GEOFFERY\AppData\Local\Qualcomm Atheros
    2015-03-23 11:28 - 2015-03-23 11:28 - 00000117 _____ () C:\Windows\system32\netcfg-51182953.txt
    2015-03-22 23:48 - 2015-03-22 23:48 - 00000117 _____ () C:\Windows\system32\netcfg-9170859.txt
    2015-03-22 22:14 - 2015-03-22 22:14 - 00000117 _____ () C:\Windows\system32\netcfg-3542625.txt
    2015-03-22 22:13 - 2015-03-22 22:13 - 00000117 _____ () C:\Windows\system32\netcfg-3503109.txt
    2015-03-22 22:12 - 2015-03-22 22:12 - 00000117 _____ () C:\Windows\system32\netcfg-3428062.txt
    2015-03-22 22:07 - 2015-03-22 22:07 - 00000117 _____ () C:\Windows\system32\netcfg-3109062.txt
    2015-03-22 22:03 - 2015-03-22 22:03 - 00000117 _____ () C:\Windows\system32\netcfg-2874546.txt
    2015-03-22 21:12 - 2015-03-22 21:12 - 00000117 _____ () C:\Windows\system32\netcfg-144109.txt
    2015-03-22 20:39 - 2015-03-22 20:43 - 58669568 _____ () C:\Users\GEOFFERY\Downloads\Sia - Elastic Heart feat. Shia LaBeouf & Maddie Ziegler (Official Video).mp4
    2015-03-22 20:19 - 2015-03-22 20:19 - 00000117 _____ () C:\Windows\system32\netcfg-5586484.txt
    2015-03-22 16:23 - 2015-03-22 16:23 - 00000117 _____ () C:\Windows\system32\netcfg-182088156.txt
    2015-03-22 15:19 - 2015-03-22 15:19 - 00000117 _____ () C:\Windows\system32\netcfg-178239031.txt
    2015-03-22 15:19 - 2015-03-22 15:19 - 00000117 _____ () C:\Windows\system32\netcfg-178238812.txt
    2015-03-22 15:18 - 2015-03-22 15:18 - 00000117 _____ () C:\Windows\system32\netcfg-178221937.txt
    2015-03-22 14:53 - 2015-03-22 14:53 - 00000117 _____ () C:\Windows\system32\netcfg-176736421.txt
    2015-03-22 13:56 - 2015-03-22 13:56 - 00000117 _____ () C:\Windows\system32\netcfg-173259312.txt
    2015-03-22 01:07 - 2015-03-22 01:07 - 00000117 _____ () C:\Windows\system32\netcfg-127173531.txt
    2015-03-21 21:13 - 2015-03-21 21:14 - 00000117 _____ () C:\Windows\system32\netcfg-113145750.txt
    2015-03-21 21:05 - 2015-03-21 21:05 - 00000117 _____ () C:\Windows\system32\netcfg-112645828.txt
    2015-03-21 21:01 - 2015-03-21 21:01 - 00000117 _____ () C:\Windows\system32\netcfg-112388468.txt
    2015-03-20 19:28 - 2015-03-20 19:28 - 00000117 _____ () C:\Windows\system32\netcfg-20431031.txt
    2015-03-20 19:04 - 2015-03-20 19:04 - 00015516 _____ () C:\Users\GEOFFERY\Downloads\[limetorrents.cc]Avengers.Age.of.Ultron.2015.Movie.2014.DVDRip.XviD.torrent
    2015-03-20 18:28 - 2015-03-20 18:28 - 00000117 _____ () C:\Windows\system32\netcfg-16879031.txt
    2015-03-20 03:22 - 2015-03-20 03:22 - 00000117 _____ () C:\Windows\system32\netcfg-46725687.txt
    2015-03-19 21:41 - 2015-03-19 21:41 - 00000117 _____ () C:\Windows\system32\netcfg-26221734.txt
    2015-03-19 21:41 - 2015-03-19 21:41 - 00000117 _____ () C:\Windows\system32\netcfg-26218609.txt
    2015-03-19 21:40 - 2015-03-19 21:40 - 00000117 _____ () C:\Windows\system32\netcfg-26202203.txt
    2015-03-19 21:40 - 2015-03-19 21:40 - 00000117 _____ () C:\Windows\system32\netcfg-26160656.txt
    2015-03-19 20:58 - 2015-03-19 20:58 - 00000117 _____ () C:\Windows\system32\netcfg-23650406.txt
    2015-03-19 14:20 - 2015-03-19 14:20 - 00000165 ____H () C:\Users\GEOFFERY\Desktop\~$THE ASSOCIATION OF PROFESSIONAL WOMEN ENGINEERS OF NIGERIA.pptx
    2015-03-19 14:13 - 2015-03-19 14:13 - 00000165 ____H () C:\Users\GEOFFERY\Desktop\~$APWEN.pptx
    2015-03-19 14:06 - 2015-03-19 14:06 - 00000000 ____D () C:\Users\GEOFFERY\Desktop\WORK
    2015-03-19 12:25 - 2015-03-18 11:31 - 85006587 _____ () C:\Users\GEOFFERY\Desktop\APWEN.pptx
    2015-03-18 20:45 - 2015-03-18 20:45 - 00000117 _____ () C:\Windows\system32\netcfg-251021468.txt
    2015-03-18 20:27 - 2015-03-18 20:27 - 00000117 _____ () C:\Windows\system32\netcfg-249935687.txt
    2015-03-18 15:32 - 2015-03-18 15:32 - 00000117 _____ () C:\Windows\system32\netcfg-232259437.txt
    2015-03-18 15:17 - 2015-03-18 15:17 - 00000117 _____ () C:\Windows\system32\netcfg-231305031.txt
    2015-03-18 15:15 - 2015-03-18 15:15 - 00000117 _____ () C:\Windows\system32\netcfg-231237968.txt
    2015-03-18 14:53 - 2015-03-18 14:53 - 00000117 _____ () C:\Windows\system32\netcfg-229908578.txt
    2015-03-18 14:44 - 2015-03-18 14:44 - 00003674 _____ () C:\Users\GEOFFERY\Documents\SLIDER.wowsl
    2015-03-18 14:22 - 2015-03-18 14:22 - 00000117 _____ () C:\Windows\system32\netcfg-228032968.txt
    2015-03-18 14:05 - 2015-03-18 14:05 - 00000000 ____D () C:\Users\GEOFFERY\Documents\WOW Slider
    2015-03-18 13:56 - 2015-03-18 13:56 - 00000000 ____D () C:\Program Files\WOW Slider
    2015-03-18 13:33 - 2015-03-18 13:33 - 00000117 _____ () C:\Windows\system32\netcfg-225087484.txt
    2015-03-18 11:44 - 2015-03-18 11:44 - 00000117 _____ () C:\Windows\system32\netcfg-218581250.txt
    2015-03-18 10:58 - 2015-03-18 10:58 - 00000117 _____ () C:\Windows\system32\netcfg-215794921.txt
    2015-03-18 00:51 - 2015-03-18 00:51 - 00000117 _____ () C:\Windows\system32\netcfg-179366593.txt
    2015-03-17 22:37 - 2015-03-17 22:37 - 00013017 _____ () C:\Users\GEOFFERY\Downloads\[kickass.to]pirates.xxx.dvdrip.avi.torrent
    2015-03-17 22:23 - 2015-03-17 22:23 - 00197852 _____ () C:\Users\GEOFFERY\Downloads\pirates 3 xxx Full.exe
    2015-03-17 20:31 - 2015-03-17 20:31 - 00000000 ____D () C:\Users\GEOFFERY\Prezi
    2015-03-17 20:29 - 2015-03-17 20:29 - 00001865 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prezi.lnk
    2015-03-17 20:29 - 2015-03-17 20:29 - 00001853 _____ () C:\Users\Public\Desktop\Prezi.lnk
    2015-03-17 20:26 - 2015-03-17 20:29 - 00000000 ____D () C:\Program Files (x86)\Prezi
    2015-03-17 20:15 - 2015-03-17 20:20 - 36888746 _____ () C:\Users\GEOFFERY\Downloads\PRESIDENT GOODLUCK JONATHAN AND PATIENCE, ARE PLANNING TO ASSASSINATE FATHER MBAKA- REV FR MBAK - YouTube.3gp
    2015-03-17 19:44 - 2015-03-17 19:44 - 00000117 _____ () C:\Windows\system32\netcfg-160967406.txt
    2015-03-16 21:14 - 2015-03-16 21:14 - 00000117 _____ () C:\Windows\system32\netcfg-80006328.txt
    2015-03-16 21:10 - 2015-03-16 21:10 - 00000117 _____ () C:\Windows\system32\netcfg-79723890.txt

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-15 02:28 - 2015-02-02 07:23 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-04-15 02:28 - 2015-02-02 07:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-04-15 02:28 - 2014-08-15 01:23 - 01562488 _____ () C:\Windows\WindowsUpdate.log
    2015-04-15 02:15 - 2012-07-26 08:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-15 02:08 - 2014-08-15 05:57 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2198692194-3404810195-2407512553-1001
    2015-04-15 02:08 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
    2015-04-15 02:04 - 2014-12-21 09:58 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
    2015-04-15 02:03 - 2015-01-28 01:13 - 00000000 ____D () C:\ProgramData\TEMP
    2015-04-15 02:02 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-14 22:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
    2015-04-14 21:21 - 2014-12-23 21:03 - 00000000 ____D () C:\Users\GEOFFERY\AppData\Roaming\IDM
    2015-04-14 21:21 - 2014-10-26 16:51 - 00000000 ____D () C:\Users\GEOFFERY\AppData\Local\CrashDumps
    2015-04-14 20:49 - 2014-11-15 08:20 - 00000000 ____D () C:\Users\GEOFFERY\AppData\Roaming\DMCache
    2015-04-14 20:48 - 2014-11-15 08:20 - 00000000 ____D () C:\Users\GEOFFERY\Downloads\Video
    2015-04-14 20:17 - 2014-08-30 17:46 - 00000755 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
    2015-04-14 16:54 - 2014-10-16 03:21 - 00000000 ____D () C:\Users\GEOFFERY\AppData\Roaming\vlc
    2015-04-14 15:34 - 2014-08-07 22:39 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2015-04-14 14:51 - 2015-01-19 16:14 - 00000194 _____ () C:\Users\GEOFFERY\.packettracer
    2015-04-14 14:46 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2015-04-13 22:19 - 2014-08-28 22:06 - 00000000 ____D () C:\Users\GEOFFERY\Desktop\example - php
    2015-04-13 21:19 - 2012-07-26 06:26 - 00000230 _____ () C:\Windows\win.ini
    2015-04-13 10:47 - 2015-02-22 22:37 - 00000000 ___RD () C:\Users\GEOFFERY\Desktop\New folder
    2015-04-13 10:35 - 2014-11-15 08:20 - 00000000 ____D () C:\Users\GEOFFERY\Downloads\Compressed
    2015-04-13 06:23 - 2015-01-21 19:02 - 00000000 ____D () C:\Users\GEOFFERY\AppData\Local\Adobe
    2015-04-12 23:38 - 2014-08-15 01:26 - 00000000 ____D () C:\Users\GEOFFERY\AppData\Roaming\Atheros
    2015-04-12 21:40 - 2014-08-15 01:26 - 00000000 ____D () C:\Users\GEOFFERY\Documents\Bluetooth Folder
    2015-04-12 21:27 - 2014-10-17 03:11 - 00000000 ____D () C:\Windows\Minidump
    2015-04-11 12:23 - 2015-01-17 01:55 - 00000000 ____D () C:\My Web Sites
    2015-04-10 00:53 - 2014-08-22 04:05 - 00000000 ____D () C:\ProgramData\DatacardService
    2015-04-08 22:22 - 2014-10-29 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    2015-04-08 22:22 - 2014-10-29 10:25 - 00000000 ____D () C:\Program Files (x86)\Avira
    2015-04-08 22:21 - 2014-10-29 10:25 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-04-08 15:43 - 2014-08-30 17:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-04-08 07:08 - 2015-01-31 15:39 - 00000000 ____D () C:\ProgramData\OnlineUpdate
    2015-04-07 21:02 - 2014-11-03 03:00 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
    2015-04-02 13:38 - 2015-03-15 22:24 - 00000000 ____D () C:\Users\GEOFFERY\Desktop\TABLET
    2015-03-29 07:55 - 2015-01-25 20:17 - 00000000 ____D () C:\Users\GEOFFERY\Desktop\corel draw
    2015-03-26 14:26 - 2014-08-15 01:23 - 00000000 ____D () C:\Users\GEOFFERY
    2015-03-26 14:09 - 2015-03-11 09:46 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
    2015-03-24 23:52 - 2014-11-15 20:28 - 00002475 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-03-24 23:52 - 2014-08-30 17:19 - 00001379 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-03-24 23:52 - 2014-08-24 23:48 - 00001367 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-03-24 23:52 - 2014-08-15 01:23 - 00001650 _____ () C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-03-24 23:29 - 2014-11-20 00:11 - 00000000 ____D () C:\ProgramData\12404305945144379873
    2015-03-19 14:23 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
    2015-03-18 15:11 - 2015-02-05 09:16 - 00000000 ____D () C:\Users\GEOFFERY\Desktop\NFCS
    2015-03-18 13:56 - 2015-02-08 23:29 - 00000831 _____ () C:\Users\Public\Desktop\WOW Slider.lnk
    2015-03-18 13:56 - 2015-02-08 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WOW Slider
    2015-03-18 13:55 - 2015-02-08 23:29 - 00000000 ____D () C:\Program Files (x86)\WOW Slider

    ==================== Files in the root of some directories =======

    2015-04-06 17:59 - 2015-04-06 17:59 - 0003868 _____ () C:\Users\GEOFFERY\AppData\Roaming\gns3.ini
    2014-11-20 00:18 - 2014-11-20 01:29 - 0000942 _____ () C:\Users\GEOFFERY\AppData\Roaming\LiveSupport.exe_log.txt
    2014-11-20 00:18 - 2014-11-20 01:29 - 0000092 _____ () C:\Users\GEOFFERY\AppData\Roaming\regsvr32.exe_log.txt
    2014-10-27 07:31 - 2015-03-03 20:38 - 0000539 _____ () C:\Users\GEOFFERY\AppData\Roaming\Rim.Desktop.Exception.log
    2014-10-27 07:25 - 2014-10-27 07:25 - 0001111 _____ () C:\Users\GEOFFERY\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2014-10-27 07:31 - 2015-03-03 20:38 - 0000539 _____ () C:\Users\GEOFFERY\AppData\Roaming\Rim.DesktopHelper.Exception.log
    2014-10-27 08:05 - 2015-03-03 20:38 - 0000462 _____ () C:\Users\GEOFFERY\AppData\Roaming\Rim.Transcoder.Exception.log
    2014-10-27 07:53 - 2014-12-19 12:23 - 0034816 _____ () C:\Users\GEOFFERY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-01-21 20:28 - 2015-01-21 20:28 - 0000057 _____ () C:\ProgramData\Ament.ini

    Some content of TEMP:
    ====================
    C:\Users\GEOFFERY\AppData\Local\Temp\avgnt.exe
    C:\Users\GEOFFERY\AppData\Local\Temp\mdi064.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-11 18:57

    ==================== End Of Log ============================
    ADDITION
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2015
    Ran by GEOFFERY at 2015-04-15 02:38:19
    Running from C:\Users\GEOFFERY\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)


    ==================== Installed Programs ======================


    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\uTorrent) (Version: 3.4.2.37252 - BitTorrent Inc.)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
    Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
    Corel Graphics - Windows Shell Extension 64 Bit (Version: 16.1.843 - Corel Corporation) Hidden
    GNS3 0.8.7 (HKLM-x32\...\GNS3) (Version: 0.8.7 - )
    HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
    KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.135 - PandoraTV)
    Kodi (HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Kodi) (Version: - XBMC-Foundation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
    Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{446CCB22-B632-4A1D-BF84-DA8DB0575F98}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
    ProxyCap (HKLM\...\{DFBFBC41-DFE4-408C-A1F7-C02B1BF82921}) (Version: 5.2.70 - Proxy Labs)
    PRTG Network Monitor (HKLM-x32\...\{5EC294B8-98F8-4C20-BE73-F11A04295CA5}_is1) (Version: 9 - Paessler AG)
    PuTTY release 0.64 (HKLM-x32\...\PuTTY_is1) (Version: 0.64 - Simon Tatham)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
    SolarWinds Response Time Viewer (HKLM-x32\...\{5B415E10-D1C1-4E54-9061-AE0FB3D7F2B2}) (Version: 1.0.0.162 - SolarWinds)
    Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
    TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
    Torch (HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\Torch) (Version: 36.0.0.8455 - Torch Media, Inc) <==== ATTENTION
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
    WinHTTrack Website Copier 3.48-19 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.19 - HTTrack)
    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
    WinRAR 5.20 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.3 - win.rar GmbH)

    ==================== Custom CLSID (selected items): ==========================


    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2198692194-3404810195-2407512553-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

    ==================== Restore Points =========================

    31-03-2015 22:02:22 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
    06-04-2015 17:04:53 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-26 06:26 - 2015-01-17 20:49 - 00001073 ___RA C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 localhost
    127.0.0.1 localhost127.0.0.1 thislineskipsanyemptylines
    127.0.0.1 thislineskipsanyemptylines
    127.0.0.1 thislineskipsanyemptylines


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {4A8B532A-159F-48A7-8D0A-07A0C700F316} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
    Task: {5574C74C-8188-4F6D-BDEF-39FFE05D7C6F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
    Task: {609BD935-A842-4DFC-91BB-3D32EFA65911} - System32\Tasks\{FB9FD685-E055-4845-9E11-24A5568968A0} => pcalua.exe -a "C:\Program Files (x86)\Shuame\Uninst.exe"
    Task: {61987F66-7E81-4D17-BEE5-91246F36FA09} - System32\Tasks\SBWUpdateTask_Logon_e64e45cf-5AEE656C9248 => C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe [2013-07-08] (Speedbit Ltd.) <==== ATTENTION
    Task: {6BFE9216-8053-4399-828D-FCF175902DB6} - System32\Tasks\PC Performer Scheduled Scan => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION
    Task: {7F3400FB-8FE6-4AA3-BB26-FE4F3A357B58} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
    Task: {846FEA69-1E98-4AAC-B86F-13CC15CF1B49} - System32\Tasks\PC Performer Daily Check => C:\Program Files (x86)\PC Performer\PSCheckUp.exe <==== ATTENTION
    Task: {854EFE30-3EB5-4B7B-B462-B5A522ACD037} - System32\Tasks\PC Performer Logon Scan => C:\Program Files (x86)\PC Performer\PSCheckUp.exe <==== ATTENTION
    Task: {C0B28F17-364F-43D6-8007-295D89CE9044} - System32\Tasks\AdobeAAMUpdater-1.0-UDENWANI-GEOFFERY => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
    Task: {EDF447B4-10A6-4BBC-BC1D-159577661E8C} - System32\Tasks\SBW_UpdateTask_Time_323038343239313537392d7850235757324a6c412a5045 => Wscript.exe //B "C:\ProgramData\SpeedBit\sbhe.js" sbu.exe /invoke /f:check_services /l:0
    Task: {F2564D4F-3728-42E3-A8D3-CEA1E4E83C7F} - System32\Tasks\SBWUpdateTask_Time_e64e45cf-5AEE656C9248 => C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe [2013-07-08] (Speedbit Ltd.) <==== ATTENTION
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2014-08-22 04:07 - 2013-08-21 05:18 - 00656976 _____ () C:\ProgramData\Airtel Broadband\OnlineUpdate\ouc.exe
    2014-05-16 23:34 - 2014-05-16 23:34 - 00430344 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    2013-02-06 07:10 - 2013-02-06 07:10 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
    2014-11-19 20:12 - 2015-01-21 15:50 - 00246112 _____ () C:\ProgramData\MTN F@stLink\OnlineUpdate\ouc.exe
    2015-04-04 10:40 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
    2015-04-04 10:40 - 2012-01-29 16:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
    2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
    2014-10-26 03:31 - 2011-09-29 21:29 - 00050416 _____ () C:\Program Files (x86)\Tether\TBService.exe
    2015-01-14 11:13 - 2011-03-17 15:41 - 00261456 _____ () C:\Program Files (x86)\MTN F@stLink\AssistantServices.exe
    2013-09-07 09:48 - 2013-09-07 09:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
    2013-09-07 09:45 - 2013-09-07 09:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
    2013-09-07 09:52 - 2013-09-07 09:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
    2014-04-15 21:26 - 2014-04-15 21:26 - 01014904 _____ () C:\Program Files\Common Files\SpeedBit\SBUpdate\sbei64.dll
    2015-01-14 11:13 - 2011-03-17 15:41 - 00139088 _____ () C:\Program Files (x86)\MTN F@stLink\UIExec.exe
    2014-04-14 20:41 - 2014-04-14 20:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
    2014-11-19 20:11 - 2014-11-19 20:12 - 00514048 _____ () C:\Program Files (x86)\MTN F@stLink\MTN
    F@stLink.exe
    2014-11-22 14:03 - 2013-07-18 16:41 - 04062708 _____ () C:\Users\GEOFFERY\Desktop\BIS+SS\SimpleServer.exe
    2014-08-22 04:07 - 2009-01-10 19:32 - 00011362 _____ () C:\ProgramData\Airtel Broadband\OnlineUpdate\mingwm10.dll
    2014-08-22 04:07 - 2009-06-23 03:42 - 00043008 _____ () C:\ProgramData\Airtel Broadband\OnlineUpdate\libgcc_s_dw2-1.dll
    2014-08-22 04:07 - 2012-10-31 10:11 - 02417152 _____ () C:\ProgramData\Airtel Broadband\OnlineUpdate\QtCore4.dll
    2014-08-22 04:07 - 2012-10-31 10:14 - 01148416 _____ () C:\ProgramData\Airtel Broadband\OnlineUpdate\QtNetwork4.dll
    2014-08-22 04:07 - 2013-08-21 05:18 - 00839680 _____ () C:\ProgramData\Airtel Broadband\OnlineUpdate\QueryStrategy.dll
    2014-08-22 04:07 - 2012-10-31 10:11 - 00398336 _____ () C:\ProgramData\Airtel Broadband\OnlineUpdate\QtXml4.dll
    2014-05-17 01:11 - 2014-05-17 01:11 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
    2014-05-17 01:37 - 2014-05-17 01:37 - 00506664 _____ () C:\Program Files (x86)\Hotspot Shield\bin\HssRep.dll
    2014-11-19 20:12 - 2014-11-19 20:11 - 00011362 _____ () C:\ProgramData\MTN F@stLink\OnlineUpdate\mingwm10.dll
    2014-11-19 20:12 - 2014-11-19 20:11 - 00043008 _____ () C:\ProgramData\MTN F@stLink\OnlineUpdate\libgcc_s_dw2-1.dll
    2014-11-19 20:12 - 2014-11-19 20:11 - 02415104 _____ () C:\ProgramData\MTN F@stLink\OnlineUpdate\QtCore4.dll
    2014-11-19 20:12 - 2014-11-19 20:11 - 01148416 _____ () C:\ProgramData\MTN F@stLink\OnlineUpdate\QtNetwork4.dll
    2014-11-19 20:12 - 2014-11-19 20:11 - 00384512 _____ () C:\ProgramData\MTN F@stLink\OnlineUpdate\QueryStrategy.dll
    2014-11-19 20:12 - 2014-11-19 20:11 - 00398336 _____ () C:\ProgramData\MTN F@stLink\OnlineUpdate\QtXml4.dll
    2015-04-11 18:46 - 2015-03-31 16:26 - 00781024 _____ () C:\Program Files (x86)\PRTG Network Monitor\PaesslerSNMP.dll
    2015-04-15 02:03 - 2015-03-31 16:26 - 00781024 _____ () C:\Program Files (x86)\PRTG Network Monitor\dlltemp\snmp1.dll
    2014-04-15 21:26 - 2014-04-15 21:26 - 00688248 _____ () C:\Program Files\Common Files\SpeedBit\SBUpdate\sbei32.dll
    2015-04-14 12:51 - 2015-04-14 12:51 - 02923520 _____ () C:\Users\GEOFFERY\AppData\Local\Temp\mdi064.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00439296 _____ () C:\Program Files (x86)\MTN F@stLink\core.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00261632 _____ () C:\Program Files (x86)\MTN F@stLink\sdk.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00011362 _____ () C:\Program Files (x86)\MTN F@stLink\mingwm10.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00043008 _____ () C:\Program Files (x86)\MTN F@stLink\libgcc_s_dw2-1.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 02415104 _____ () C:\Program Files (x86)\MTN F@stLink\QtCore4.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 09515520 _____ () C:\Program Files (x86)\MTN F@stLink\QtGui4.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00381952 _____ () C:\Program Files (x86)\MTN F@stLink\Proxy.DLL
    2014-11-19 20:11 - 2015-01-21 15:50 - 00218112 _____ () C:\Program Files (x86)\MTN F@stLink\Common.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00135168 _____ () C:\Program Files (x86)\MTN F@stLink\Trace.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00545280 _____ () C:\Program Files (x86)\MTN F@stLink\PluginContainer.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00238080 _____ () C:\Program Files (x86)\MTN F@stLink\AtCodec.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00301056 _____ () C:\Program Files (x86)\MTN F@stLink\DeviceSrvPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00235008 _____ () C:\Program Files (x86)\MTN F@stLink\NetSrvPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00133120 _____ () C:\Program Files (x86)\MTN F@stLink\OSDialup.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00159232 _____ () C:\Program Files (x86)\MTN F@stLink\XCodec.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00157184 _____ () C:\Program Files (x86)\MTN F@stLink\DataServicePlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00176128 _____ () C:\Program Files (x86)\MTN F@stLink\CallSrvPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00264704 _____ () C:\Program Files (x86)\MTN F@stLink\AddrBookSrvPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00217600 _____ () C:\Program Files (x86)\MTN F@stLink\SmsSrvPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00142336 _____ () C:\Program Files (x86)\MTN F@stLink\USSDSrvPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00156672 _____ () C:\Program Files (x86)\MTN F@stLink\STKSrvPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00154624 _____ () C:\Program Files (x86)\MTN F@stLink\GpsSrvPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00338432 _____ () C:\Program Files (x86)\MTN F@stLink\DeviceAppPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00065536 _____ () C:\Program Files (x86)\MTN F@stLink\OSPowerMgr.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00106496 _____ () C:\Program Files (x86)\MTN F@stLink\Win7Support.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 01077248 _____ () C:\Program Files (x86)\MTN F@stLink\AddrBookPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00670720 _____ () C:\Program Files (x86)\MTN F@stLink\SmsAppPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00550400 _____ () C:\Program Files (x86)\MTN F@stLink\CallAppPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00547840 _____ () C:\Program Files (x86)\MTN F@stLink\CallLogSrvPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00158720 _____ () C:\Program Files (x86)\MTN F@stLink\NetConnectSrvPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00211968 _____ () C:\Program Files (x86)\MTN F@stLink\DialUpPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00101376 _____ () C:\Program Files (x86)\MTN F@stLink\OSAdapt.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00180224 _____ () C:\Program Files (x86)\MTN F@stLink\NDISPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00131072 _____ () C:\Program Files (x86)\MTN F@stLink\OSNDIS.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 01101824 _____ () C:\Program Files (x86)\MTN F@stLink\NDISAPI.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00278528 _____ () C:\Program Files (x86)\MTN F@stLink\NetInfoSrvPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00062976 _____ () C:\Program Files (x86)\MTN F@stLink\OSCall.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00521728 _____ () C:\Program Files (x86)\MTN F@stLink\DeviceMgrUIPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00123392 _____ () C:\Program Files (x86)\MTN F@stLink\ATR2SMgr.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00185856 _____ () C:\Program Files (x86)\MTN F@stLink\XFramePlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00313856 _____ () C:\Program Files (x86)\MTN F@stLink\StatusBarMgrPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00119296 _____ () C:\Program Files (x86)\MTN F@stLink\LayoutPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00437760 _____ () C:\Program Files (x86)\MTN F@stLink\DialupUIPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00307200 _____ () C:\Program Files (x86)\MTN F@stLink\DiagnosisPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00093184 _____ () C:\Program Files (x86)\MTN F@stLink\NotifyServicePlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00351744 _____ () C:\Program Files (x86)\MTN F@stLink\NetConnectPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00307712 _____ () C:\Program Files (x86)\MTN F@stLink\ToolBarMgrPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00642560 _____ () C:\Program Files (x86)\MTN F@stLink\USSDUIPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00249856 _____ () C:\Program Files (x86)\MTN F@stLink\MenuMgrPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00577024 _____ () C:\Program Files (x86)\MTN F@stLink\NetInfoUIExPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00840192 _____ () C:\Program Files (x86)\MTN F@stLink\SMSUIPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00798208 _____ () C:\Program Files (x86)\MTN F@stLink\AddrBookUIPlugin.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00269824 _____ () C:\Program Files (x86)\MTN F@stLink\LiveUpdateInterface.DLL
    2014-11-19 20:11 - 2015-01-21 15:50 - 01148416 _____ () C:\Program Files (x86)\MTN F@stLink\QtNetwork4.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00082944 _____ () C:\Program Files (x86)\MTN F@stLink\plugins\imageformats\qgif4.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00081920 _____ () C:\Program Files (x86)\MTN F@stLink\plugins\imageformats\qico4.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00192000 _____ () C:\Program Files (x86)\MTN F@stLink\plugins\imageformats\qjpeg4.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00350720 _____ () C:\Program Files (x86)\MTN F@stLink\plugins\imageformats\qmng4.dll
    2014-11-19 20:11 - 2015-01-21 15:50 - 00370176 _____ () C:\Program Files (x86)\MTN F@stLink\plugins\imageformats\qtiff4.dll
    2014-04-15 21:26 - 2014-04-15 21:26 - 00527480 _____ () C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
    AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B
    AlternateDataStreams: C:\Users\GEOFFERY\Downloads\VIPGunshipBattleHelicopter3D2015__7934_il64464(1).exe:typelib

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
    DNS Servers: 10.109.2.97 - 10.109.5.97

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "ProxyCap"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "RIMBBLaunchAgent.exe"
    HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
    HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\StartupApproved\StartupFolder: => "PdaNet Desktop.lnk"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\StartupApproved\Run: => "IDMan"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\StartupApproved\Run: => "se"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\StartupApproved\Run: => "uTorrent"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\StartupApproved\Run: => "Connectify"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\StartupApproved\Run: => "ManyCam"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\StartupApproved\Run: => "DownloadAccelerator"
    HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-2198692194-3404810195-2407512553-500 - Administrator - Disabled)
    GEOFFERY (S-1-5-21-2198692194-3404810195-2407512553-1001 - Administrator - Enabled) => C:\Users\GEOFFERY
    Guest (S-1-5-21-2198692194-3404810195-2407512553-501 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: Tether Ethernet Adapter
    Description: Tether Ethernet Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Tether
    Service: qrkis
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/15/2015 02:38:42 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
    Description: Failed to schedule Software Protection service for re-start at 2015-04-16T01:22:42Z. Error Code: 0x80041316.


    ==================== Drives ================================

    Drive c: () (Fixed) (Total:461.34 GB) (Free:227.73 GB) NTFS
    Drive d: (HP_TOOLS) (Fixed) (Total:3.91 GB) (Free:2.08 GB) NTFS
    Drive f: (MTN F@stLink) (CDROM) (Total:0.07 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 0FDED070)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,902   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] Uninstall Torch.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  5. nolly190

    nolly190 TS Rookie Topic Starter

    After using rogue killer
    RogueKiller V10.5.10.0 [Apr 14 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8 (6.2.9200 ) 64 bits version
    Started in : Normal mode
    User : GEOFFERY [Administrator]
    Started from : C:\Users\GEOFFERY\Downloads\RogueKiller(1).exe
    Mode : Delete -- Date : 04/15/2015 21:28:28

    ¤¤¤ Processes : 5 ¤¤¤
    [Suspicious.Path] ouc.exe(1864) -- C:\ProgramData\Airtel Broadband\OnlineUpdate\ouc.exe[7] -> Killed [TermProc]
    [Suspicious.Path] ouc.exe(2196) -- C:\ProgramData\MTN F@stLink\OnlineUpdate\ouc.exe[7] -> Killed [TermProc]
    [Proc.Injected] PRTG Server.exe(2308) -- C:\Program Files (x86)\PRTG Network Monitor\PRTG Server.exe[7] -> Killed [TermProc]
    [Suspicious.Path] rundll32.exe(4704) -- C:\Users\GEOFFERY\AppData\Local\Temp\mdi064.dll[-] -> Unloaded
    [PUP] (SVC) hshld -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[-] -> Stopped

    ¤¤¤ Registry : 37 ¤¤¤
    [PUP] (X64) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Windows\CurrentVersion\Run | se : "C:\Users\GEOFFERY\AppData\Roaming\SkypEmoticons\SE.exe" /minimized -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Windows\CurrentVersion\Run | LiveSupport : "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Windows\CurrentVersion\Run | se : "C:\Users\GEOFFERY\AppData\Roaming\SkypEmoticons\SE.exe" /minimized -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Windows\CurrentVersion\Run | LiveSupport : "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdatem (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hshld (C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HssTrayService (C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HssWd (C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdatem (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hshld (C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HssTrayService (C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HssWd (C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe) -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:8080 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:8080 -> Not selected
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX -> Not selected
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.searchalgo.com/?cid=5072 -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.searchalgo.com/?cid=5072 -> Not selected
    [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms} -> Not selected
    [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms} -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms} -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2198692194-3404810195-2407512553-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms} -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{46B6BAE7-18EE-4DFE-9350-7A05703EB645} | NameServer : 10.109.5.97 10.109.2.97 [X][X] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{46B6BAE7-18EE-4DFE-9350-7A05703EB645} | DhcpNameServer : 10.109.5.97 10.109.2.97 [X][X] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{80602E45-81AF-4059-A08B-F6CCCD642126} | NameServer : 10.109.2.97 10.109.5.97 [X][X] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{923F1A57-A3B4-45D8-99BA-16FF7BD43085} | NameServer : 10.109.2.97 10.109.5.97 [X][X] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{46B6BAE7-18EE-4DFE-9350-7A05703EB645} | NameServer : 10.109.5.97 10.109.2.97 [X][X] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{46B6BAE7-18EE-4DFE-9350-7A05703EB645} | DhcpNameServer : 10.109.5.97 10.109.2.97 [X][X] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{80602E45-81AF-4059-A08B-F6CCCD642126} | NameServer : 10.109.2.97 10.109.5.97 [X][X] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{923F1A57-A3B4-45D8-99BA-16FF7BD43085} | NameServer : 10.109.2.97 10.109.5.97 [X][X] -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [HJ.FileAsso] (X64) HKEY_CLASSES_ROOT\pezfile\shell\open\command | (default) : "%1" %* -> Replaced ("%1" %*)

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 5 ¤¤¤
    [C:\Windows\System32\Drivers\etc\hosts] 127.0.0.1 localhost
    [C:\Windows\System32\Drivers\etc\hosts] 127.0.0.1 localhost
    [C:\Windows\System32\Drivers\etc\hosts] 127.0.0.1 localhost127.0.0.1 thislineskipsanyemptylines
    [C:\Windows\System32\Drivers\etc\hosts] 127.0.0.1 thislineskipsanyemptylines
    [C:\Windows\System32\Drivers\etc\hosts] 127.0.0.1 thislineskipsanyemptylines

    ¤¤¤ Antirootkit : 21 (Driver: Not loaded [0x20]) ¤¤¤
    [IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - FreeLibrary : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362b90 (jmp 0xffffffffebafe08e)
    [IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - GetModuleHandleW : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362b10 (jmp 0xffffffffebafdd9b)
    [IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - LoadLibraryW : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362a50 (jmp 0xffffffffebb0310b)
    [IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - GetModuleFileNameW : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362ad0 (jmp 0xffffffffebafdd7d)
    [IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - GetProcAddress : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362bb0 (jmp 0xffffffffebafddca)
    [IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - GetModuleHandleA : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362af0 (jmp 0xffffffffebafdd8c)
    [IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - LoadLibraryExA : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362a70 (jmp 0xffffffffebafd749)
    [IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - LoadLibraryExW : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362a90 (jmp 0xffffffffebafd758)
    [IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - GetModuleHandleExW : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362b60 (jmp 0xffffffffebafddc9)
    [IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenFile : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x6135d090 (jmp 0xffffffffea39f250)
    [IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - GetModuleFileNameA : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362ab0 (jmp 0xffffffffebafdd6e)
    [IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - MoveFileA : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x613624b0 (jmp 0xffffffffebb0618d)
    [IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - MoveFileW : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x613624d0 (jmp 0xffffffffebb060c7)
    [IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - LoadLibraryA : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362a30 (jmp 0xffffffffebb031ae)
    [IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - CreateWindowExW : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x6132e260 (jmp 0xffffffffeb9521db)
    [IAT:Inl(Hook.IEAT)] (firefox.exe) USER32.dll - DestroyWindow : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x6132e2c0 (jmp 0xffffffffeb952f9c)
    [IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - OpenFile : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362630 (jmp 0xffffffffebb050af)
    [IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - MoveFileExW : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362510 (jmp 0xffffffffebafdeb4)
    [IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - CopyFileW : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362490 (jmp 0xffffffffebb0559e)
    [IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - GetModuleHandleExA : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362b30 (jmp 0xffffffffebafddaa)
    [IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.DLL - CopyFileA : C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll @ 0x61362470 (jmp 0xffffffffebb055e7)

    ¤¤¤ Web browsers : 5 ¤¤¤
    [PUP][FIREFX:Addon] cei6nzih.default-1409799015992 : Hotspot Shield Extension [afproxy@anchorfree.com] -> Not selected
    [PUM.Proxy][FIREFX:Config] cei6nzih.default-1409799015992 : user_pref("network.proxy.http", "127.0.0.1"); -> Not selected
    [PUM.Proxy][FIREFX:Config] cei6nzih.default-1409799015992 : user_pref("network.proxy.http_port", 8080); -> Not selected
    [PUM.Proxy][FIREFX:Config] cei6nzih.default-1409799015992 : user_pref("network.proxy.type", 1); -> Not selected
    [PUM.HomePage][FIREFX:Config] cei6nzih.default-1409799015992 : user_pref("browser.startup.homepage", "http://www.searchalgo.com/?cid=5072"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: HGST HTS545050A7E680 +++++
    --- User ---
    [MBR] 03ec3322ce665526c1a812cca896a79e
    [BSP] 501eed739870b0f9619753005ff94e3e : Empty MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
    1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 100 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 821248 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 1083392 | Size: 472411 MB
    4 - Basic data partition | Offset (sectors): 968581120 | Size: 3999 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_04152015_212808.log - RKreport_DEL_04152015_212821.log
     
  6. nolly190

    nolly190 TS Rookie Topic Starter

    After using malware remover
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 4/15/2015
    Scan Time: 10:01:40 PM
    Logfile: new.txt
    Administrator: Yes

    Version: 2.01.4.1018
    Malware Database: v2015.04.15.08
    Rootkit Database: v2015.03.31.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8
    CPU: x64
    File System: NTFS
    User: GEOFFERY

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 355577
    Time Elapsed: 30 min, 54 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 92
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{a7e93dc1-bcd4-481f-8ba0-ab52cfd1c9ab}, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A7E93DC1-BCD4-481F-8BA0-AB52CFD1C9AB}, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_.Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_.Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_.9, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_.Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_.Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_.9, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_.Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_.Pa7e93dc1_bcd4_481f_8ba0_ab52cfd1c9ab_.9, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A7E93DC1-BCD4-481F-8BA0-AB52CFD1C9AB}, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A7E93DC1-BCD4-481F-8BA0-AB52CFD1C9AB}, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{A7E93DC1-BCD4-481F-8BA0-AB52CFD1C9AB}\INPROCSERVER32, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{513e12d2-f079-4adc-a4fc-5771006df6cb}, Quarantined, [42a24a22682267cf6765013d8082a35d],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{513E12D2-F079-4ADC-A4FC-5771006DF6CB}, Quarantined, [42a24a22682267cf6765013d8082a35d],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P513e12d2_f079_4adc_a4fc_5771006df6cb_.P513e12d2_f079_4adc_a4fc_5771006df6cb_, Quarantined, [42a24a22682267cf6765013d8082a35d],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P513e12d2_f079_4adc_a4fc_5771006df6cb_.P513e12d2_f079_4adc_a4fc_5771006df6cb_.9, Quarantined, [42a24a22682267cf6765013d8082a35d],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P513e12d2_f079_4adc_a4fc_5771006df6cb_.P513e12d2_f079_4adc_a4fc_5771006df6cb_, Quarantined, [42a24a22682267cf6765013d8082a35d],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P513e12d2_f079_4adc_a4fc_5771006df6cb_.P513e12d2_f079_4adc_a4fc_5771006df6cb_.9, Quarantined, [42a24a22682267cf6765013d8082a35d],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P513e12d2_f079_4adc_a4fc_5771006df6cb_.P513e12d2_f079_4adc_a4fc_5771006df6cb_, Quarantined, [42a24a22682267cf6765013d8082a35d],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P513e12d2_f079_4adc_a4fc_5771006df6cb_.P513e12d2_f079_4adc_a4fc_5771006df6cb_.9, Quarantined, [42a24a22682267cf6765013d8082a35d],
    PUP.Optional.Multiplug, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{513E12D2-F079-4ADC-A4FC-5771006DF6CB}, Quarantined, [42a24a22682267cf6765013d8082a35d],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{513E12D2-F079-4ADC-A4FC-5771006DF6CB}, Quarantined, [42a24a22682267cf6765013d8082a35d],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{513E12D2-F079-4ADC-A4FC-5771006DF6CB}, Quarantined, [42a24a22682267cf6765013d8082a35d],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{513E12D2-F079-4ADC-A4FC-5771006DF6CB}\INPROCSERVER32, Quarantined, [42a24a22682267cf6765013d8082a35d],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{7f7850e9-0b94-42d1-bb54-f449092c0686}, Quarantined, [806446262f5b999d9933c579b74b21df],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F7850E9-0B94-42D1-BB54-F449092C0686}, Quarantined, [806446262f5b999d9933c579b74b21df],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P7f7850e9_0b94_42d1_bb54_f449092c0686_.P7f7850e9_0b94_42d1_bb54_f449092c0686_, Quarantined, [806446262f5b999d9933c579b74b21df],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P7f7850e9_0b94_42d1_bb54_f449092c0686_.P7f7850e9_0b94_42d1_bb54_f449092c0686_.9, Quarantined, [806446262f5b999d9933c579b74b21df],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P7f7850e9_0b94_42d1_bb54_f449092c0686_.P7f7850e9_0b94_42d1_bb54_f449092c0686_, Quarantined, [806446262f5b999d9933c579b74b21df],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P7f7850e9_0b94_42d1_bb54_f449092c0686_.P7f7850e9_0b94_42d1_bb54_f449092c0686_.9, Quarantined, [806446262f5b999d9933c579b74b21df],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P7f7850e9_0b94_42d1_bb54_f449092c0686_.P7f7850e9_0b94_42d1_bb54_f449092c0686_, Quarantined, [806446262f5b999d9933c579b74b21df],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P7f7850e9_0b94_42d1_bb54_f449092c0686_.P7f7850e9_0b94_42d1_bb54_f449092c0686_.9, Quarantined, [806446262f5b999d9933c579b74b21df],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7F7850E9-0B94-42D1-BB54-F449092C0686}, Quarantined, [806446262f5b999d9933c579b74b21df],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7F7850E9-0B94-42D1-BB54-F449092C0686}, Quarantined, [806446262f5b999d9933c579b74b21df],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{7F7850E9-0B94-42D1-BB54-F449092C0686}\INPROCSERVER32, Quarantined, [806446262f5b999d9933c579b74b21df],
    PUP.Optional.Tuvaro, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}, Quarantined, [4f95df8d652500367ffb44f93ac96799],
    PUP.Optional.Tuvaro, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}, Quarantined, [4f95df8d652500367ffb44f93ac96799],
    PUP.Optional.Tuvaro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}, Quarantined, [4f95df8d652500367ffb44f93ac96799],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{2105FE20-DEBD-4084-A306-61C5DA001CCA}, Quarantined, [756f53192565e05654ece3dcb25105fb],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2234079B-E720-47A7-8BE7-0A18922192C9}, Quarantined, [756f53192565e05654ece3dcb25105fb],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3A96CEBD-D968-4DC8-9ED9-9785E726C381}, Quarantined, [756f53192565e05654ece3dcb25105fb],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8682D1EB-07A1-4518-89C1-D9D9EEF47C06}, Quarantined, [756f53192565e05654ece3dcb25105fb],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D838B01C-11A0-4CAC-BCF1-B5DE0154E9D3}, Quarantined, [756f53192565e05654ece3dcb25105fb],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2234079B-E720-47A7-8BE7-0A18922192C9}, Quarantined, [756f53192565e05654ece3dcb25105fb],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3A96CEBD-D968-4DC8-9ED9-9785E726C381}, Quarantined, [756f53192565e05654ece3dcb25105fb],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8682D1EB-07A1-4518-89C1-D9D9EEF47C06}, Quarantined, [756f53192565e05654ece3dcb25105fb],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D838B01C-11A0-4CAC-BCF1-B5DE0154E9D3}, Quarantined, [756f53192565e05654ece3dcb25105fb],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2234079B-E720-47A7-8BE7-0A18922192C9}, Quarantined, [756f53192565e05654ece3dcb25105fb],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3A96CEBD-D968-4DC8-9ED9-9785E726C381}, Quarantined, [756f53192565e05654ece3dcb25105fb],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8682D1EB-07A1-4518-89C1-D9D9EEF47C06}, Quarantined, [756f53192565e05654ece3dcb25105fb],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D838B01C-11A0-4CAC-BCF1-B5DE0154E9D3}, Quarantined, [756f53192565e05654ece3dcb25105fb],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2105FE20-DEBD-4084-A306-61C5DA001CCA}, Quarantined, [756f53192565e05654ece3dcb25105fb],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{2105FE20-DEBD-4084-A306-61C5DA001CCA}, Quarantined, [756f53192565e05654ece3dcb25105fb],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{318C7F13-3498-459E-BF35-12865E6D005C}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5AE5A3D4-7E07-4B59-98BB-A01928B88F24}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{614B7466-CE8E-49BA-9F26-C1DF872C886D}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6AB41B4A-D344-4B9D-B847-43DA8433A73B}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9F9C0E22-39B1-4C6D-BE79-B9CCA26E067F}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5AE5A3D4-7E07-4B59-98BB-A01928B88F24}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{614B7466-CE8E-49BA-9F26-C1DF872C886D}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6AB41B4A-D344-4B9D-B847-43DA8433A73B}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9F9C0E22-39B1-4C6D-BE79-B9CCA26E067F}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5AE5A3D4-7E07-4B59-98BB-A01928B88F24}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{614B7466-CE8E-49BA-9F26-C1DF872C886D}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6AB41B4A-D344-4B9D-B847-43DA8433A73B}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9F9C0E22-39B1-4C6D-BE79-B9CCA26E067F}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{318C7F13-3498-459E-BF35-12865E6D005C}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
    PUP.Optional.SalePlus.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{318C7F13-3498-459E-BF35-12865E6D005C}, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
    PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [c71d0f5d4b3f77bf1e5054bd24e08e72],
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, Quarantined, [9252adbfc3c70c2a6f97d00810f36d93],
    PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, Quarantined, [fee6105ca7e3b0862e99ece072910cf4],
    PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Quarantined, [c71dc4a8f991e1556f3b6983ae554db3],
    PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [657f78f496f495a16688c680020356aa],
    PUP.Optional.PCPerformer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PCPerformer_is1, Quarantined, [e8fc81eb51396ec86a0ab7302ad9847c],
    PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [a3417fed7d0d1026a387a8a00cf9b749],
    PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [18cc16560d7dbc7a66c5ee5af80daa56],
    PUP.Optional.PCPerformer.A, HKLM\SOFTWARE\WOW6432NODE\PERFORMERSOFT\PC Performer, Quarantined, [4e960c60474361d574d196918e77a65a],
    PUP.Optional.Cinema.A, HKU\S-1-5-18\SOFTWARE\CinemaP-1.9cV16.03-nv, Quarantined, [63810468a8e256e06614e20252b1a45c],
    PUP.Optional.HomeTab.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\HomeTab, Quarantined, [469e75f7b0da55e1782a28cef90a817f],
    PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\SearchProtectWS, Quarantined, [756f2a420e7c8ea873404b7e30d3a35d],
    PUP.Optional.TNT.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\TNT2, Quarantined, [667ee884e9a191a50b784f7cdc278a76],
    PUP.Optional.Wajam.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\WajIntEnhance, Quarantined, [1cc8ea82afdbd0668147daf2d92ab24e],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [7f6586e65c2e70c6c3a534066d988c74],
    PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, Quarantined, [20c429430e7c85b100fb38881ce747b9],
    PUP.Optional.WebSearchInfo, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [5094f07cd8b2aa8cbc9d7cb84db80df3],
    PUP.Optional.Iminent.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Quarantined, [b3313d2fe9a143f30af3953057ac669a],
    PUP.Optional.Iminent.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, Quarantined, [915376f65a300c2ab14d07be59aa49b7],
    PUP.Optional.Linkey.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, Quarantined, [83610a6295f5e155c03fc6ffd62df20e],
    PUP.Optional.Vosteran.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, Quarantined, [4a9a4428d0bad56152ae1da9ba491ee2],
    PUP.Optional.Wajam.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, Quarantined, [e4008ddf43476ec8de23cef8bd46d828],
    PUP.Optional.IStart.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [776d4b211b6f270fbedb93333dc6ee12],
    PUP.Optional.PCPerformer.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\PERFORMERSOFT\PC Performer, Quarantined, [00e470fc57338caabd89d84f986d0af6],
    PUP.Optional.Wajam.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, Quarantined, [994bda92c4c6d95de9c617b2c1425da3],

    Registry Values: 27
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}, Quarantined, [1acab8b44e3c45f178c40b4933d2d828]
    PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [c71dc4a8f991e1556f3b6983ae554db3]
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}, Quarantined, [687cc0ac0288092d6dcf77dddb2ad62a]
    PUP.Optional.CoolSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|FaviconURL, http://websearch.coolsearches.info/favicon.ico, Quarantined, [499bcd9f91f925118b95bf95937222de]
    PUP.Optional.CoolSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|FaviconURLFallback, http://websearch.coolsearches.info/favicon.ico, Quarantined, [8c58cca0eb9f310509173a1ad2331ce4]
    PUP.Optional.CoolSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|URL, http://websearch.coolsearches.info/...&hid=4751682993849244761&lg=EN&cc=NG&unqvl=85, Quarantined, [a2420f5d0585092db46c95bf9075e31d]
    PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com, Quarantined, [b33169036a20b87e71413b16b74efe02]
    PUP.Optional.IStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|istart_ffnt@gmail.com, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\istart_ffnt@gmail.com, Quarantined, [c222b0bc7812a88ecf10a71e0cf7768a]
    PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, Firefox, Quarantined, [20c429430e7c85b100fb38881ce747b9]
    PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}, Quarantined, [b034b0bc74168ea883b8361e7b8a37c9]
    PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}, Quarantined, [7173d89429613ef83803f85c51b46d93]
    PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, http://www.mystartsearch.com//favicon.ico, Quarantined, [eff54527e7a395a1cd6e62f2a65f3fc1]
    PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}, Quarantined, [568eb0bc8802bb7bf14a80d47d88629e]
    PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|TopResultURL, http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}, Quarantined, [677d53196723f34367d4f75d7491827e]
    PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}|DisplayName, default-search.net, Quarantined, [18ccbfadb5d548ee8812be960bfa7888]
    PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}|URL, http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}, Quarantined, [a440afbd4347ef47f04bcc8810f5d729]
    PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}|SuggestionsURL_JSON, http://www.default-search.net?sid=4...r=14591&tm=536&src=ds&p={searchTerms}&ft=json, Quarantined, [d311105c3e4c89ad049686ce9e676a96]
    PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}|TopResultURL, http://www.default-search.net/search?sid=476&aid=107&itype=n&ver=14591&tm=536&src=ds&p={searchTerms}, Quarantined, [667e7fed890182b49a005103e322d828]
    PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}|URL, http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}, Quarantined, [a3419fcd7614c47269d2074dfd087888]
    PUP.Optional.CoolSearches.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|FaviconURL, http://websearch.coolsearches.info/favicon.ico, Quarantined, [38ac0765f8927eb852cd9cb87d883bc5]
    PUP.Optional.CoolSearches.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|FaviconURLFallback, http://websearch.coolsearches.info/favicon.ico, Quarantined, [6a7a98d40b7fef47a57a3f155aab52ae]
    PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|URL, http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}, Quarantined, [aa3ab7b57a1096a068d3193b9f6652ae]
    PUP.Optional.CoolSearches.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|TopResultURL, http://websearch.coolsearches.info/...&hid=4751682993849244761&lg=EN&cc=NG&unqvl=85, Quarantined, [eafa1656afdb3501be6168ec4db8649c]
    PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, http://www.mystartsearch.com/web/?u...MX&ts=1427237621&type=default&q={searchTerms}, Quarantined, [f7eddd8f048683b387b489cb887d9a66]
    PUP.Optional.LiveSupport, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|LiveSupport, "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log, Quarantined, [d41079f391f959ddd8246c9715ef11ef]
    PUP.BitcoinMiner, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tsiVideo, C:\Windows\SysWOW64\rundll32.exe C:\Users\GEOFFERY\AppData\Local\Temp\\mdi064.dll,asdasd, Quarantined, [707473f93258a591ff8ff9520df8827e]
    PUP.Optional.IStart.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MOZILLA\EXTENDS|appid, istart_ffnt@gmail.com, Quarantined, [776d4b211b6f270fbedb93333dc6ee12]

    Registry Data: 17
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...),Replaced,[07dd6408f3975bdb6fa142b658adea16]
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?t...),Replaced,[b232e3890a8049ed7f0bfef91beabf41]
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=...),Replaced,[e9fb4527aedced493f4b2fc809fc4bb5]
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=...),Replaced,[459fbfad29613ef8f9916d8a36cf0cf4]
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?t...),Replaced,[855faac26a202e08cac0b1462dd83dc3]
    PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[10d49cd0f59550e6dda36e95c6407789]
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...),Replaced,[eafab3b9365440f614fc4eaae2230000]
    PUP.Optional.SearchAlgo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://www.searchalgo.com/?cid=5072, Good: (www.google.com), Bad: (http://www.searchalgo.com/?cid=5072),Replaced,[2db79ad2a2e860d616736c9841c5bb45]
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?t...),Replaced,[588cf973a9e10f27bbcfe21513f2e719]
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=...),Replaced,[ffe50f5d870358de7713fff854b116ea]
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=...),Replaced,[7c6885e7cbbfc76f35556295966f05fb]
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?t...),Replaced,[e3013a32b0da3ff7d6b44aade71eb34d]
    PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[09db204c1e6c80b6acd4709335d19b65]
    PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?t...),Replaced,[e40092da6624c86ec1ca807749bca25e]
    PUP.Optional.SearchAlgo.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.searchalgo.com/?cid=5072, Good: (www.google.com), Bad: (http://www.searchalgo.com/?cid=5072),Replaced,[39abf27ac9c13ff789ff02029e689769]
    PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=...id=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=...),Replaced,[eff5f17bd7b338fec1ca56a1fd081ae6]
    PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2198692194-3404810195-2407512553-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?t...0A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?t...),Replaced,[8460c7a5236788ae424993649c69a858]

    Folders: 19
    PUP.Optional.SalePlus.A, C:\Program Files (x86)\SaalEPlus, Quarantined, [756f53192565e05654ece3dcb25105fb],
    PUP.Optional.SalePlus.A, C:\Program Files (x86)\SalePLus, Quarantined, [558f313bf99153e30f31aa154cb7bc44],
    PUP.Optional.SalePlus.A, C:\Program Files (x86)\SalePluus, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
    PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpmmhaffdebnmkjelaohgjmndeongip\236, Quarantined, [81639bd18dfd71c578364114b352cf31],
    PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpmmhaffdebnmkjelaohgjmndeongip, Quarantined, [81639bd18dfd71c578364114b352cf31],
    PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kagejfgngcmkbaacpmcnbpkhmhoeccee\236, Quarantined, [4e966dffc8c21c1a8727db7a9a6bda26],
    PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kagejfgngcmkbaacpmcnbpkhmhoeccee, Quarantined, [4e966dffc8c21c1a8727db7a9a6bda26],
    PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
    PUP.Optional.PCPerformer, C:\Users\GEOFFERY\AppData\Roaming\Performersoft\PC Performer, Quarantined, [63819cd0d2b86cca53be3e67de25af51],
    PUP.Optional.PCPerformer, C:\Users\GEOFFERY\AppData\Roaming\Performersoft\PC Performer\Logs, Quarantined, [63819cd0d2b86cca53be3e67de25af51],
    PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
    PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
    PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
    PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
    PUP.Optional.EZDownloader, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader, Quarantined, [539135376525c5711d42bceb6f94ca36],
    PUP.Optional.SearchEngine.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com, Quarantined, [4c986efe7416d561997b734712f1c937],
    PUP.Optional.SearchEngine.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com\chrome, Quarantined, [4c986efe7416d561997b734712f1c937],
    PUP.Optional.SearchEngine.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com\chrome\content, Quarantined, [4c986efe7416d561997b734712f1c937],
    PUP.Optional.SearchEngine.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com\chrome\skin, Quarantined, [4c986efe7416d561997b734712f1c937],

    Files: 78
    PUP.Optional.Multiplug, C:\Program Files (x86)\SalePLus\4Rx8vVEQf3HYSw.x64.dll, Quarantined, [5b89b3b9addd00362f9d62dc2bd73ac6],
    PUP.Optional.Multiplug, C:\Program Files (x86)\SaalEPlus\E6ePluvXeRIsPa.x64.dll, Quarantined, [42a24a22682267cf6765013d8082a35d],
    PUP.Optional.Multiplug, C:\Program Files (x86)\SalePluus\rUR0MAu4s7es8o.x64.dll, Quarantined, [806446262f5b999d9933c579b74b21df],
    PUP.Optional.Multiplug.A, C:\Program Files (x86)\SaalEPlus\E6ePluvXeRIsPa.exe, Quarantined, [c024c6a6b3d74ee8c50087ab7a88bb45],
    PUP.Optional.Multiplug.A, C:\Program Files (x86)\SalePLus\4Rx8vVEQf3HYSw.exe, Quarantined, [ecf85e0ee6a41026d2f367cb28daca36],
    PUP.Optional.Multiplug.A, C:\Program Files (x86)\SalePluus\rUR0MAu4s7es8o.exe, Quarantined, [c61e4d1f9ded39fd893ce052a161ec14],
    PUP.Optional.Multiplug.A, C:\Program Files (x86)\Silver Bird Plus Twitter Client\Silver Bird Plus Twitter Client.exe, Quarantined, [5094ec80315950e6af16c17130d20000],
    PUP.Optional.Multiplug.A, C:\Program Files (x86)\Hey Girl\Hey Girl.exe, Quarantined, [9054c1ab74166ec8e7de003206fc649c],
    Trojan.Bitminer, C:\Users\GEOFFERY\AppData\Local\Temp\mdi064.dll, Quarantined, [02e25616dcae82b4a496c62b19e87789],
    RiskWare.Miner, C:\Users\GEOFFERY\AppData\Local\Temp\msupdate71\dwm.exe, Quarantined, [25bf9ad28901e551a4092c1d58aac13f],
    RiskWare.Miner, C:\Users\GEOFFERY\AppData\Local\Temp\msupdate71\msupdate.7z, Quarantined, [ab39105ccdbdfe388b224bfe010118e8],
    RiskWare.Tool.HCK, C:\Users\GEOFFERY\Downloads\keygen 32~64 bits.rar, Quarantined, [edf7501c07830630dd2b4dfa12f0d729],
    PUP.Optional.Softonic, C:\Users\GEOFFERY\Downloads\SoftonicDownloader_for_prezi-desktop.exe, Quarantined, [41a336362c5e6fc74037fa62946c53ad],
    Hacktool.Agent, C:\Users\GEOFFERY\Downloads\Wind-7 Act.rar, Quarantined, [eef6f577c7c3cf67ff336b0fd42d1be5],
    PUP.Optional.SalePlus.A, C:\Program Files (x86)\SaalEPlus\E6ePluvXeRIsPa.tlb, Quarantined, [756f53192565e05654ece3dcb25105fb],
    PUP.Optional.SalePlus.A, C:\Program Files (x86)\SaalEPlus\E6ePluvXeRIsPa.dat, Quarantined, [756f53192565e05654ece3dcb25105fb],
    PUP.Optional.SalePlus.A, C:\Program Files (x86)\SalePLus\4Rx8vVEQf3HYSw.tlb, Quarantined, [558f313bf99153e30f31aa154cb7bc44],
    PUP.Optional.SalePlus.A, C:\Program Files (x86)\SalePLus\4Rx8vVEQf3HYSw.dat, Quarantined, [558f313bf99153e30f31aa154cb7bc44],
    PUP.Optional.SalePlus.A, C:\Program Files (x86)\SalePluus\rUR0MAu4s7es8o.tlb, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
    PUP.Optional.SalePlus.A, C:\Program Files (x86)\SalePluus\rUR0MAu4s7es8o.dat, Quarantined, [7c68e8841e6c67cf2719a51af60d36ca],
    PUP.Optional.SpeedBit.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\searchplugins\speedbit.xml, Quarantined, [50940f5da2e8290d52d8448f3cc71fe1],
    PUP.Optional.MyStartSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystartsearch.xml, Quarantined, [41a35d0f2169053151b311c7ae55fd03],
    PUP.Optional.PCPerformer.A, C:\Windows\System32\Tasks\PC Performer Daily Check, Quarantined, [22c296d67713e74f65804d99030013ed],
    PUP.Optional.PCPerformer.A, C:\Windows\System32\Tasks\PC Performer Logon Scan, Quarantined, [7b6929434f3be55127bea4425da6827e],
    PUP.Optional.PCPerformer.A, C:\Windows\System32\Tasks\PC Performer Scheduled Scan, Quarantined, [b82cd29a6822da5c11d40adc10f37987],
    PUP.Optional.PCPerformer, C:\Windows\performersoftsetup.dll, Quarantined, [14d06a0236544de92a48ca1de91af808],
    PUP.Optional.DefaultSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, Quarantined, [8c58224a93f7c86e1cc3996af70d33cd],
    PUP.Optional.WebSearch.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\searchplugins\WebSearch.xml, Quarantined, [479d82eac3c70e2817fd1ee9e12318e8],
    PUP.Optional.EZDownloader.A, C:\Users\Public\Desktop\EZDownloader.lnk, Quarantined, [cf15beaed0ba57dff3d837eebe473dc3],
    PUP.Optional.SearchAlgo.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\searchplugins\SearchAlgo.xml, Quarantined, [d1135d0f57336dc94989aa9cfc0946ba],
    PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpmmhaffdebnmkjelaohgjmndeongip\236\lsdb.js, Quarantined, [81639bd18dfd71c578364114b352cf31],
    PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpmmhaffdebnmkjelaohgjmndeongip\236\background.html, Quarantined, [81639bd18dfd71c578364114b352cf31],
    PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpmmhaffdebnmkjelaohgjmndeongip\236\content.js, Quarantined, [81639bd18dfd71c578364114b352cf31],
    PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpmmhaffdebnmkjelaohgjmndeongip\236\Mambr.js, Quarantined, [81639bd18dfd71c578364114b352cf31],
    PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpmmhaffdebnmkjelaohgjmndeongip\236\manifest.json, Quarantined, [81639bd18dfd71c578364114b352cf31],
    PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kagejfgngcmkbaacpmcnbpkhmhoeccee\236\lsdb.js, Quarantined, [4e966dffc8c21c1a8727db7a9a6bda26],
    PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kagejfgngcmkbaacpmcnbpkhmhoeccee\236\background.html, Quarantined, [4e966dffc8c21c1a8727db7a9a6bda26],
    PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kagejfgngcmkbaacpmcnbpkhmhoeccee\236\content.js, Quarantined, [4e966dffc8c21c1a8727db7a9a6bda26],
    PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kagejfgngcmkbaacpmcnbpkhmhoeccee\236\manifest.json, Quarantined, [4e966dffc8c21c1a8727db7a9a6bda26],
    PUP.Optional.MultiPlug.A, C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kagejfgngcmkbaacpmcnbpkhmhoeccee\236\r.js, Quarantined, [4e966dffc8c21c1a8727db7a9a6bda26],
    PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.Core.dll, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
    PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.exe, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
    PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.exe.config, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
    PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.Extension.dll, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
    PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\EZDownloader.Spider.dll, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
    PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\ICSharpCode.SharpZipLib.dll, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
    PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\Interop.SHDocVw.dll, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
    PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\TabStrip.dll, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
    PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\unins000.dat, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
    PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader\unins000.exe, Quarantined, [3ba9d89439517bbb3dc22d5e857e2ad6],
    PUP.Optional.PCPerformer, C:\Users\GEOFFERY\AppData\Roaming\Performersoft\PC Performer\IgnoreList.dat, Quarantined, [63819cd0d2b86cca53be3e67de25af51],
    PUP.Optional.PCPerformer, C:\Users\GEOFFERY\AppData\Roaming\Performersoft\PC Performer\LastScan.dat, Quarantined, [63819cd0d2b86cca53be3e67de25af51],
    PUP.Optional.PCPerformer, C:\Users\GEOFFERY\AppData\Roaming\Performersoft\PC Performer\Logs\PC Performer.log, Quarantined, [63819cd0d2b86cca53be3e67de25af51],
    PUP.Optional.PCPerformer, C:\Users\GEOFFERY\AppData\Roaming\Performersoft\PC Performer\Logs\PSCheckUp.log, Quarantined, [63819cd0d2b86cca53be3e67de25af51],
    PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\chrome.manifest, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
    PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\install.rdf, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
    PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\DnsBHO.js, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
    PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\Error404BHO.js, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
    PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\MainBHO.js, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
    PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\NativeHelper.js, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
    PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\NewTabBHO.js, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
    PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\overlay.js, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
    PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\overlay.xul, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
    PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\RelatedSearch.js, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
    PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\RequestPreserver.js, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
    PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\SearchBHO.js, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
    PUP.Optional.SettingsManager.A, C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\SettingManager.js, Quarantined, [03e1ce9e8ffb8da92e423d68b94a45bb],
    PUP.Optional.EZDownloader, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader\EZDownloader.lnk, Quarantined, [539135376525c5711d42bceb6f94ca36],
    PUP.Optional.SearchEngine.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com\chrome.manifest, Quarantined, [4c986efe7416d561997b734712f1c937],
    PUP.Optional.SearchEngine.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com\install.rdf, Quarantined, [4c986efe7416d561997b734712f1c937],
    PUP.Optional.SearchEngine.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com\chrome\content\toolbar.js, Quarantined, [4c986efe7416d561997b734712f1c937],
    PUP.Optional.SearchEngine.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com\chrome\content\toolbar.xul, Quarantined, [4c986efe7416d561997b734712f1c937],
    PUP.Optional.SearchEngine.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\extensions\searchengine@gmail.com\chrome\skin\icon.png, Quarantined, [4c986efe7416d561997b734712f1c937],
    PUP.Optional.SearchFix.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://websearch.searchfix.info/?unqvl=63&idate=2015/03/24&l=1&q=");), Replaced,[479d4d1ff49654e202e21e226f9728d8]
    PUP.Optional.CrossRider.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14c9983d2efea2f4ffdf485c5d64d4d9");), Replaced,[e5ff83e98ffb55e16e89c181c93d0cf4]
    PUP.Optional.SearchAlgo.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.searchalgo.com/?cid=5072");), Replaced,[5e8608643d4d87afeb5e8eb6689e6898]
    PUP.Optional.SearchAlgo.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.searchalgo.com/?cid=5072");), Replaced,[c1230a624743fa3cc78387bd39cd2dd3]
    PUP.Optional.MyStartSearch.A, C:\Users\GEOFFERY\AppData\Roaming\Mozilla\Firefox\Profiles\cei6nzih.default-1409799015992\search.json, Good: (), Bad: (mystartsearch), Replaced,[697b6ffd7b0fe25451163f00788e31cf]

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  7. nolly190

    nolly190 TS Rookie Topic Starter

    AFTER ADCLEANER
    # AdwCleaner v4.201 - Logfile created 15/04/2015 at 22:57:15
    # Updated 08/04/2015 by Xplode
    # Database : 2015-04-08.1 [Local]
    # Operating system : Windows 8 Pro (x64)
    # Username : GEOFFERY - UDENWANI
    # Running from : C:\Users\GEOFFERY\Downloads\adwcleaner_4.201.exe
    # Option : Cleaning

    ***** [ Services ] *****

    [#] Service Deleted : globalUpdatem
    Service Deleted : hshld

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons
    Folder Deleted : C:\Program Files (x86)\MyPC Backup
    Folder Deleted : C:\Program Files (x86)\SeekerProc
    Folder Deleted : C:\Program Files (x86)\BuyNNsavE
    Folder Deleted : C:\Program Files (x86)\BuyNNssave
    Folder Deleted : C:\Program Files (x86)\YoutubeAdBlocke
    Folder Deleted : C:\Users\GEOFFERY\AppData\Local\globalUpdate
    Folder Deleted : C:\Users\GEOFFERY\AppData\Roaming\FirefoxToolbar
    Folder Deleted : C:\Users\GEOFFERY\AppData\Roaming\PerformerSoft
    Folder Deleted : C:\Users\GEOFFERY\AppData\Roaming\SkypEmoticons
    Folder Deleted : C:\Users\GEOFFERY\AppData\Roaming\WebExtend
    File Deleted : C:\Users\GEOFFERY\AppData\Roaming\LiveSupport.exe_log.txt
    File Deleted : C:\Users\GEOFFERY\AppData\Roaming\regsvr32.exe_log.txt

    ***** [ Scheduled tasks ] *****

    Task Deleted : PC Performer Daily Check
    Task Deleted : PC Performer Logon Scan
    Task Deleted : PC Performer Scheduled Scan

    ***** [ Shortcuts ] *****

    Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
    Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk
    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox.lnk
    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
    Shortcut Disinfected : C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    Shortcut Disinfected : C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    Shortcut Disinfected : C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    Shortcut Disinfected : C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    Shortcut Disinfected : C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
    Shortcut Disinfected : C:\Users\GEOFFERY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

    ***** [ Registry ] *****

    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [se]
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
    Key Deleted : HKLM\SOFTWARE\38471acb-07b7-e725-a131-3b9ecdadf0c4
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{a8177b71-ee19-4e0f-b2f9-02d533eb946D}
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\GlobalUpdate
    Key Deleted : HKCU\Software\PerformerSoft
    Key Deleted : HKCU\Software\simplytech
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\torch
    Key Deleted : HKCU\Software\SpeedBit
    Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\PerformerSoft
    Key Deleted : HKLM\SOFTWARE\SearchProtect
    Key Deleted : HKLM\SOFTWARE\torch
    Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    Key Deleted : HKLM\SOFTWARE\SpeedBit
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Deleted : [x64] HKLM\SOFTWARE\SpeedBit
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:8080
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v10.0.9200.17183


    -\\ Mozilla Firefox v37.0.1 (x86 en-US)

    [cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
    [cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchfix.info/?unqvl=63&idate=2015/03/24&l=1&q=");
    [cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "SearchAlgo");
    [cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
    [cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.alias", "mystartsearch");
    [cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
    [cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.name", "mystartsearch");
    [cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1427386365&from=wpc&uid=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}");
    [cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "SearchAlgo");
    [cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
    [cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("extensions.eW4NsvKcCG2bMr6o.scode", "(function(){try{if(window.self.location.href.indexOf(\"qdC8rjg5rTU4rHY9pjs9qdC7rn\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\"[...]
    [cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("extensions.qPozVH4AwixxTNNu.scode", "(function(){try{if(window.self.location.href.indexOf(\"qdC8rjg5rTU4rHY9pjs9qdC7rn\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\"[...]
    [cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
    [cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
    [cei6nzih.default-1409799015992\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\GEOFFERY\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cei6nzih.default-1409799015992\\\\exte[...]

    -\\ Google Chrome v

    [C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1416439136&from=wpc&uid=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
    [C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1416439136&from=wpc&uid=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}
    [C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.searchfix.info/?unqvl=63&idate=2015/03/24&l=1&q={searchTerms}
    [C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://go.speedbit.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    [C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Homepage] : hxxp://go.speedbit.com/?pid=s
    [C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Startup_URLs] : hxxp://go.speedbit.com/?pid=s
    [C:\Users\GEOFFERY\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Default_Search_Provider_Data] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1416439136&from=wpc&uid=HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX&q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [12676 bytes] - [15/04/2015 22:55:53]
    AdwCleaner[S0].txt - [12345 bytes] - [15/04/2015 22:57:15]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12405 bytes] ##########
     
  8. nolly190

    nolly190 TS Rookie Topic Starter

    After scanning with jrt
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.5.5 (04.15.2015:1)
    OS: Windows 8 Pro x64
    Ran by GEOFFERY on Wed 04/15/2015 at 23:13:25.68
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HD-UpdaterService_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HD-UpdaterService_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HD-UpdaterService_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HD-UpdaterService_RASMANCS
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] C:\ProgramData\tencent
    Successfully deleted: [Folder] C:\Users\GEOFFERY\AppData\Roaming\tencent



    ~~~ FireFox

    Successfully deleted the following from C:\Users\GEOFFERY\AppData\Roaming\mozilla\firefox\profiles\cei6nzih.default-1409799015992\prefs.js

    user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
    user_pref(browser.search.searchengine.ptid, wpc);
    user_pref(browser.search.searchengine.uid, HGSTXHTS545050A7E680_TM85134TH5R48MH5R48MX);
    user_pref(extensions.18R0KVE3jzMYWlZ1.scode, (function(){try{if(window.self.location.href.indexOf(\qdC8rjg5rTU4rHY9pjs9qdC7rn\)>-1){return;}}catch(e){}try{var d=[[\trian
    user_pref(extensions.3JiaepS9trQaygRq.scode, (function(){try{if(window.self.location.href.indexOf(\qdC8rjg5rTU4rHY9pjs9qdC7rn\)>-1){return;}}catch(e){}try{var d=[[\trian
    user_pref(extensions.xpiState, {\app-profile\:{\abs@avira.com\:{\d\:\C:\\\\Users\\\\GEOFFERY\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cei6nzih.defa
    Emptied folder: C:\Users\GEOFFERY\AppData\Roaming\mozilla\firefox\profiles\cei6nzih.default-1409799015992\minidumps [1 files]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 04/15/2015 at 23:16:20.84
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    is it safe now?
     
  9. Broni

    Broni Malware Annihilator Posts: 52,902   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,902   +344

    Still with me?
     
  11. Broni

    Broni Malware Annihilator Posts: 52,902   +344

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...