start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [gmsd_fr_365] => [X]
HKLM-x32\...\Run: [mbot_fr_602] => [X]
HKLM-x32\...\Run: [gmsd_fr_517] => [X]
HKU\S-1-5-21-3178603350-214956046-2181520742-1001\...\Run: [Gameo] => C:\Users\David\AppData\Roaming\Gameo\gameo.exe [42482176 2015-02-22] ()
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-27]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{21618266-9d29-a4a2-2161-182669d2099a}\hqghumeaylnlf.exe (PC Utilities Software Limited)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-05-09]
ShortcutTarget: SmartWeb.lnk -> C:\Users\David\AppData\Local\SmartWeb\SmartWebHelper.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds&ts=1431189120&z=b5f04cad0320b20dae5c3a8g3zcc8gcgfb9tfg3o7e&from=cmi&uid=ST2000LM003XHN-M201RAD_S34LJ9AFC00181&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds&ts=1431189120&z=b5f04cad0320b20dae5c3a8g3zcc8gcgfb9tfg3o7e&from=cmi&uid=ST2000LM003XHN-M201RAD_S34LJ9AFC00181&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1431189120&z=b5f04cad0320b20dae5c3a8g3zcc8gcgfb9tfg3o7e&from=cmi&uid=ST2000LM003XHN-M201RAD_S34LJ9AFC00181&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1431189120&z=b5f04cad0320b20dae5c3a8g3zcc8gcgfb9tfg3o7e&from=cmi&uid=ST2000LM003XHN-M201RAD_S34LJ9AFC00181&q={searchTerms}
HKU\S-1-5-21-3178603350-214956046-2181520742-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=dspp&ts=1431189148&z=05efb725d875598d5e861bbgcz5c7g3gbb8t5gdzfm&from=cmi&uid=ST2000LM003XHN-M201RAD_S34LJ9AFC00181&q={searchTerms}
HKU\S-1-5-21-3178603350-214956046-2181520742-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=dspp&ts=1431189148&z=05efb725d875598d5e861bbgcz5c7g3gbb8t5gdzfm&from=cmi&uid=ST2000LM003XHN-M201RAD_S34LJ9AFC00181&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-search.net/search?sid=498&aid=156&itype=n&ver=16064&tm=-15857&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-search.net/search?sid=498&aid=156&itype=n&ver=16064&tm=-15857&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3178603350-214956046-2181520742-1001 -> DefaultScope {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3330124&octid=EB_ORIGINAL_CTID&ISID=M35DDCFE8-F547-4239-B009-0726BFCCD815&SearchSource=58&CUI=&UM=8&UP=SPD5D3506F-4B92-40DB-B5B1-EDF73C125EE4&q={searchTerms}&D=042715&SSPV=
SearchScopes: HKU\S-1-5-21-3178603350-214956046-2181520742-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3330124&octid=EB_ORIGINAL_CTID&ISID=M35DDCFE8-F547-4239-B009-0726BFCCD815&SearchSource=58&CUI=&UM=8&UP=SPD5D3506F-4B92-40DB-B5B1-EDF73C125EE4&q={searchTerms}&D=042715&SSPV=
SearchScopes: HKU\S-1-5-21-3178603350-214956046-2181520742-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL =
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF user.js: detected! => C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j1i295cf.default\user.js [2015-05-14]
FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j1i295cf.default\searchplugins\oursurfing.xml [2015-05-14]
FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j1i295cf.default\searchplugins\trovi.xml [2015-05-09]
FF Extension: freEdeliVerey - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j1i295cf.default\Extensions\SS54@w2.com [2015-05-01]
FF Extension: Search Enginer - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j1i295cf.default\Extensions\sweetsearch@gmail.com [2015-05-09]
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j1i295cf.default\extensions\sweetsearch@gmail.com
CHR Extension: (pooljnboifbodgifngpppfklhifechoe) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pooljnboifbodgifngpppfklhifechoe [2015-04-04]
R2 bky; c:\windows\bky.exe [531456 2015-04-10] () [File not signed]
R2 ClaraUpdater; C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe [887408 2015-04-16] (ClaraLabs)
R2 hehopove; C:\Users\David\AppData\Roaming\34444335-1431188590-3335-4639-3863BBAF762D\jnsd8302.tmp [541696 2015-05-09] () [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158816 2015-04-20] (XTab system)
R2 mbky; c:\windows\mbky.exe [523264 2015-04-10] () [File not signed]
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024 2015-01-14] (Reimage®)
S2 392f5ca0; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\CutterSystem\CutterSystem.dll",serv
2015-05-14 18:46 - 2015-05-14 18:46 - 00003436 _____ () C:\Windows\System32\Tasks\Reimage Reminder
2015-05-14 18:45 - 2015-05-14 18:45 - 00004276 _____ () C:\Windows\System32\Tasks\ReimageUpdater
2015-05-14 18:44 - 2015-05-14 18:46 - 00000000 ____D () C:\rei
2015-05-14 18:44 - 2015-05-14 18:45 - 00000000 ____D () C:\Program Files\Reimage
2015-05-14 18:44 - 2015-05-14 18:44 - 00001924 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2015-05-14 18:44 - 2015-05-14 18:44 - 00000000 ____D () C:\ProgramData\Reimage Protector
2015-05-14 18:44 - 2015-05-14 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2015-05-14 18:43 - 2015-05-14 18:46 - 00000165 _____ () C:\Windows\Reimage.ini
2015-05-14 18:43 - 2015-05-14 18:43 - 00768512 _____ (Reimage®) C:\Users\David\Desktop\ReimageRepair.exe
2015-05-12 20:41 - 2015-05-15 17:41 - 00000350 _____ () C:\Windows\Tasks\EWPARSTVM1.job
2015-05-12 20:41 - 2015-05-12 20:41 - 00003560 _____ () C:\Windows\System32\Tasks\JEBDBZ
2015-05-12 20:41 - 2015-05-12 20:41 - 00002864 _____ () C:\Windows\System32\Tasks\EWPARSTVM1
2015-05-12 20:41 - 2015-05-12 20:41 - 00000000 ____D () C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-10 20:54 - 2015-05-10 20:54 - 00000942 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2015-05-09 18:40 - 2015-05-09 19:43 - 00000000 ____D () C:\http_filter
2015-05-09 18:40 - 2015-05-09 18:40 - 00002090 _____ () C:\Users\David\Desktop\Media Player Z.lnk
2015-05-09 18:36 - 2015-05-09 18:36 - 00000000 __SHD () C:\Users\David\AppData\Roaming\AnyProtectEx
2015-05-09 18:36 - 2015-05-09 18:36 - 00000000 ____D () C:\Program Files (x86)\CinemaPlus-3.2cV07.05
2015-05-09 18:36 - 2015-05-09 18:36 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2015-05-09 18:35 - 2015-05-09 18:35 - 00000000 ____D () C:\Program Files (x86)\Edu App
2015-05-09 18:34 - 2015-05-09 18:34 - 00000000 ____D () C:\Program Files (x86)\Media Player Z
2015-05-09 18:32 - 2015-05-13 21:24 - 00000000 ____D () C:\Users\David\AppData\Local\SmartWeb
2015-05-09 18:32 - 2015-05-09 18:32 - 00004036 _____ () C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-05-09 18:32 - 2015-05-09 18:32 - 00000000 ____D () C:\Users\David\AppData\Roaming\oursurfing
2015-05-09 18:32 - 2015-05-09 18:32 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-05-09 18:32 - 2015-05-09 18:32 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-05-09 18:26 - 2015-05-14 19:14 - 00000000 ____D () C:\Users\David\AppData\Local\34444335-1431196010-3335-4639-3863BBAF762D
2015-05-09 18:23 - 2015-05-10 19:46 - 00000000 ____D () C:\Users\David\AppData\Roaming\34444335-1431188590-3335-4639-3863BBAF762D
2015-04-27 21:13 - 2015-04-27 21:13 - 00000000 ____D () C:\Users\David\AppData\Local\Boxore
2015-04-27 21:12 - 2015-05-01 20:17 - 00000000 ____D () C:\Program Files (x86)\Software
2015-04-27 21:11 - 2015-05-04 16:08 - 00000000 ____D () C:\ProgramData\{21618266-9d29-a4a2-2161-182669d2099a}
2015-04-20 18:16 - 2015-05-02 21:38 - 00000000 ____D () C:\Program Files (x86)\Oafferapp
2015-04-20 18:16 - 2015-05-02 21:38 - 00000000 ____D () C:\Program Files (x86)\nicenfrEe
2015-04-20 18:16 - 2015-04-20 20:21 - 00000000 ____D () C:\Program Files (x86)\freEdeliVerey
2015-04-20 18:16 - 2015-04-20 18:17 - 00000000 ____D () C:\ProgramData\14497563028378842797
2015-04-19 20:20 - 2015-05-09 18:17 - 00000020 _____ () C:\Users\David\AppData\Roaming\appdataFr3.bin
2015-04-19 20:15 - 2015-04-19 20:15 - 00000000 ____D () C:\ProgramData\coupcoup
2015-04-19 19:55 - 2015-04-25 21:15 - 00000000 ____D () C:\Program Files (x86)\CutterSystem
C:\Program Files (x86)\Common Files\ClaraUpdater
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\Pro PC Cleaner
C:\Program Files (x86)\I - Cinema
C:\ProgramData\TVWizard
C:\ProgramData\NetEngine
C:\ProgramData\FlashBeat
C:\ProgramData\16903758884f4d61a2bd5e3b965c09a6
C:\Users\David\AppData\Roaming\Gameo
C:\Users\David\AppData\Local\UnicoBrowser
c:\windows\bky.exe
c:\windows\mbky.exe
Task: {1A9676F1-404F-438F-AEEF-147001D396A6} - System32\Tasks\{A2E3670E-A3D4-4FF7-B16D-19357D50DAE4} => pcalua.exe -a C:\Users\David\AppData\Roaming\Gameo\uninstall.exe
Task: {225F82A1-3E67-4A04-A865-8C17130D742F} - System32\Tasks\{5AE47689-6CBF-4A47-AA65-105259CF1A11} => pcalua.exe -a "C:\Program Files\Reimage\Reimage Repair\uninst.exe"
Task: {392CE416-3262-406C-A4A1-31FAA9422B7A} - System32\Tasks\{3AF16250-6632-46FB-A00A-68AA447F31B8} => pcalua.exe -a C:\ProgramData\TVWizard\uninstall.exe -c /kb=y /ic=1
Task: {40CCCF2A-2B2B-4817-ADEA-04C5D8995208} - \24fd4e22-16e0-4807-8532-21395255273d-1-7 No Task File
Task: {47C85B0F-3EC3-4D3E-AC98-6AAEE305D226} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe
Task: {5EC78B63-A449-461E-9E10-65D322CCC6C0} - System32\Tasks\gameo_update => C:\Users\David\AppData\Roaming\Gameo\gameo.exe [2015-02-22] ()
Task: {6B7C7B37-6C56-4652-85E4-D5E798AD2B6E} - \24fd4e22-16e0-4807-8532-21395255273d-10_user No Task File
Task: {734BD4A1-6B14-42E9-B05E-641CAD8CE07E} - System32\Tasks\NetEngine => C:\ProgramData\NetEngine\bin\D6\netengine.exe [2015-04-11] ()
Task: {81851335-0ADB-4031-A757-5220584CC91C} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®)
Task: {90F8523F-E299-4E67-979C-29B97D56D414} - System32\Tasks\EWPARSTVM1 => C:\ProgramData\FlashBeat\FlashBeat.exe
Task: {9A1FEB82-CA13-43B9-B23E-445F32194B96} - \24fd4e22-16e0-4807-8532-21395255273d-5 No Task File
Task: {A071FBB7-93E6-48FA-BAA7-68456955DA60} - System32\Tasks\Run_Browser => C:\Users\David\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
Task: {A7F3882F-1752-4681-A1AB-FAFBDBDB2F95} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\David\AppData\Local\SmartWeb\SmartWebHelper.exe
Task: {AB07A28F-D127-4CD8-B8D7-21C2A687C63E} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {B613B794-D469-4587-BF8B-34B6B39329C9} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2015-03-16] (Reimage ltd.)
Task: {C51E7EBB-A6B3-4500-9B11-C6109471F2DF} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
Task: {D4263614-5FCE-45BD-B931-133D80BFF25C} - \851bdf95-a740-4a9c-a8f7-345b82de113d-10_user No Task File
Task: {DD05FA6A-AF2B-440A-A1F9-79376C434F8A} - System32\Tasks\JEBDBZ => C:\ProgramData\16903758884f4d61a2bd5e3b965c09a6\16903758884f4d61a2bd5e3b965c09a6.exe
Task: {E0A4FB8A-A2F0-4ADD-99FF-8C3EF58EA23C} - \24fd4e22-16e0-4807-8532-21395255273d-5_user No Task File
Task: {F0AC49EE-5D12-42AE-A48E-4F2A553910B8} - \24fd4e22-16e0-4807-8532-21395255273d-1-6 No Task File
Task: C:\Windows\Tasks\24fd4e22-16e0-4807-8532-21395255273d-1-6.job => C:\Program Files (x86)\I - Cinema\24fd4e22-16e0-4807-8532-21395255273d-1-6.exe
Task: C:\Windows\Tasks\24fd4e22-16e0-4807-8532-21395255273d-1-7.job => C:\Program Files (x86)\I - Cinema\24fd4e22-16e0-4807-8532-21395255273d-1-7.exe
Task: C:\Windows\Tasks\24fd4e22-16e0-4807-8532-21395255273d-10_user.job => T:\}“I•WM
ÛHÞFÜ<
€þÿÿÿ� €!ß)4±NC:\Program Files (x86)\I - Cinema\24fd4e22-16e0-4807-8532-21395255273d-10.exe
Task: C:\Windows\Tasks\24fd4e22-16e0-4807-8532-21395255273d-5.job => C:\Program Files (x86)\I - Cinema\24fd4e22-16e0-4807-8532-21395255273d-5.exe
Task: C:\Windows\Tasks\24fd4e22-16e0-4807-8532-21395255273d-5_user.job => C:\Program Files (x86)\I - Cinema\24fd4e22-16e0-4807-8532-21395255273d-5.exe
Task: C:\Windows\Tasks\851bdf95-a740-4a9c-a8f7-345b82de113d-10_user.job => C:\Program Files (x86)\System NotifierV30.03\851bdf95-a740-4a9c-a8f7-345b82de113d-10.exe
Task: C:\Windows\Tasks\EWPARSTVM1.job => C:\ProgramData\FlashBeat\FlashBeat.exe
RemoveProxy:
EmptyTemp:
end