start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [mbot_fr_636] => [X]
HKLM-x32\...\Run: [gmsd_fr_596] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
CHR HKU\S-1-5-21-4149186439-2392420858-2605180521-1002\SOFTWARE\Policies\Google: Policy restriction
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1408474871&from=exp&uid=HitachiXHTS545050A7E380_TE85113Q08EXSR08EXSRX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1408474871&from=exp&uid=HitachiXHTS545050A7E380_TE85113Q08EXSR08EXSRX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1408474871&from=exp&uid=HitachiXHTS545050A7E380_TE85113Q08EXSR08EXSRX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1408474871&from=exp&uid=HitachiXHTS545050A7E380_TE85113Q08EXSR08EXSRX&q={searchTerms}
HKU\S-1-5-21-4149186439-2392420858-2605180521-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3330124&octid=EB_ORIGINAL_CTID&ISID=M259C1140-A70E-42EE-954B-93C07753AFD7&SearchSource=55&CUI=&UM=8&UP=SP928E9A27-5E8D-4E62-BA31-96A2DB663182&D=060115&SSPV=SPJSBT2B_sp_ie
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1408474871&from=exp&uid=HitachiXHTS545050A7E380_TE85113Q08EXSR08EXSRX&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_25_ff&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzztDtBzztAzytByE0CyB0BtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyCyEzytCtBtA0DtGyD0Dzz0AtG0E0C0E0CtG0CtCzyyEtGtC0FyCyEtCyD0A0Bzz0BtDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDtDzytA0F0C0EtGzzzytCzytGyBzytC0DtGzy0DtCyBtGyCyBtB0AtByE0A0CzyzzyEyB2Q&cr=95153207&ir=
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1408474871&from=exp&uid=HitachiXHTS545050A7E380_TE85113Q08EXSR08EXSRX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1408474871&from=exp&uid=HitachiXHTS545050A7E380_TE85113Q08EXSR08EXSRX&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-4149186439-2392420858-2605180521-1002 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3330124&octid=EB_ORIGINAL_CTID&ISID=M259C1140-A70E-42EE-954B-93C07753AFD7&SearchSource=58&CUI=&UM=8&UP=SP928E9A27-5E8D-4E62-BA31-96A2DB663182&D=060115&q={searchTerms}&SSPV=SPJSBT2B_sp_ie
SearchScopes: HKU\S-1-5-21-4149186439-2392420858-2605180521-1002 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3330124&octid=EB_ORIGINAL_CTID&ISID=M259C1140-A70E-42EE-954B-93C07753AFD7&SearchSource=58&CUI=&UM=8&UP=SP928E9A27-5E8D-4E62-BA31-96A2DB663182&D=060115&q={searchTerms}&SSPV=SPJSBT2B_sp_ie
SearchScopes: HKU\S-1-5-21-4149186439-2392420858-2605180521-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_25_ff&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzztDtBzztAzytByE0CyB0BtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyCyEzytCtBtA0DtGyD0Dzz0AtG0E0C0E0CtG0CtCzyyEtGtC0FyCyEtCyD0A0Bzz0BtDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDtDzytA0F0C0EtGzzzytCzytGyBzytC0DtGzy0DtCyBtGyCyBtB0AtByE0A0CzyzzyEyB2Q&cr=95153207&ir=
SearchScopes: HKU\S-1-5-21-4149186439-2392420858-2605180521-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1A0B84A6C802838F&affID=123706&tt=240913_246&tsp=5016
SearchScopes: HKU\S-1-5-21-4149186439-2392420858-2605180521-1002 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKU\S-1-5-21-4149186439-2392420858-2605180521-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1408474871&from=exp&uid=HitachiXHTS545050A7E380_TE85113Q08EXSR08EXSRX&q={searchTerms}
BHO: rocketDeal -> {23570091-4f5c-4b22-84ad-b3388dd8f97c} -> C:\ProgramData\rocketDeal\Xm3SuHq2kMjj3E.x64.dll No File
BHO: prizEceouPon -> {3fca2b71-87be-46e4-b616-782d47d235ef} -> C:\ProgramData\prizEceouPon\Ip90tZZkPGuMGw.x64.dll No File
BHO-x32: No Name -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> No File
Toolbar: HKLM-x32 - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKU\S-1-5-21-4149186439-2392420858-2605180521-1002 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-06-01] ()
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-06-01] ()
FF user.js: detected! => C:\Users\Manon\AppData\Roaming\Mozilla\Firefox\Profiles\uoaa0lbt.default-1433236209777\user.js [2015-06-02]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml [2014-08-19]
FF Extension: CinemaPlus-3.2cV01.06 - C:\Users\Manon\AppData\Roaming\Mozilla\Firefox\Profiles\uoaa0lbt.default-1433236209777\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-06-03]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Manon\AppData\Roaming\Mozilla\Firefox\Profiles\it671xug.default\extensions\faststartff@gmail.com
CHR Extension: (CinemaPlus-3.2cV01.06) - C:\Users\Manon\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-06-02]
CHR HKLM-x32\...\Chrome\Extension: [bebnnlollpcjnfpkafhoclljaojgnfok] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx [Not Found]
R2 tyvozyno; C:\Users\Manon\AppData\Roaming\ABAAAB00-1433155742-81E3-2CEC-50465DE07517\jnsjDEE4.tmp [129536 2015-06-01] () [File not signed]
S2 Util Edu App; "C:\Program Files (x86)\Edu App\bin\utilEduApp.exe" [X]
R1 {8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64; C:\Windows\System32\drivers\{8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64.sys [48784 2014-12-16] () [File not signed]
R1 {eb01aed1-bba3-4e72-8323-a77bb027b1d4}Gw64; C:\Windows\System32\drivers\{eb01aed1-bba3-4e72-8323-a77bb027b1d4}Gw64.sys [48776 2015-06-01] () [File not signed]
S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
2015-06-02 11:07 - 2015-06-02 11:07 - 00613255 _____ (CMI Limited) C:\Users\Manon\AppData\Local\nsoC287.tmp
2015-06-02 09:46 - 2015-06-02 09:46 - 00000000 ____D () C:\Program Files (x86)\predm
2015-06-02 09:44 - 2015-06-02 09:56 - 00000000 ____D () C:\Program Files (x86)\GUPlayer
2015-06-02 09:43 - 2015-06-02 09:43 - 00002127 _____ () C:\Users\Manon\Desktop\Continue Mybest Offerstoday Uninstaller.lnk
2015-06-02 09:39 - 2015-06-02 09:39 - 00000000 ____D () C:\ProgramData\61c80b2c000004b5
2015-06-01 21:47 - 2015-06-01 21:47 - 00613255 _____ (CMI Limited) C:\Users\Manon\AppData\Local\nsjA193.tmp
2015-06-01 21:42 - 2015-06-01 05:39 - 00048776 ____N () C:\WINDOWS\system32\Drivers\{eb01aed1-bba3-4e72-8323-a77bb027b1d4}Gw64.sys
2015-06-01 21:40 - 2015-06-01 21:40 - 00613255 _____ (CMI Limited) C:\Users\Manon\AppData\Local\nsu9F7.tmp
2015-06-01 21:40 - 2015-06-01 21:40 - 00000000 __SHD () C:\Users\Manon\AppData\Roaming\AnyProtectEx
2015-06-01 21:37 - 2015-06-01 21:38 - 00000956 _____ () C:\WINDOWS\SysWOW64\${LOGFILE}
2015-06-01 21:35 - 2015-06-01 21:35 - 00000000 ____D () C:\Program Files (x86)\6b014657-170e-4d64-b464-1159e9bab40e
2015-06-01 21:34 - 2015-06-03 12:06 - 00000000 ____D () C:\Program Files (x86)\CinemaPlus-3.2cV01.06
2015-06-01 21:34 - 2015-06-03 11:49 - 00004178 _____ () C:\WINDOWS\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-3.job
2015-06-01 21:34 - 2015-06-03 10:34 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-01 21:34 - 2015-06-01 21:34 - 00007182 _____ () C:\WINDOWS\System32\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-3
2015-06-01 21:34 - 2015-06-01 21:34 - 00000000 ____D () C:\Users\Manon\AppData\Local\globalUpdate
2015-06-01 21:34 - 2015-06-01 21:34 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-06-01 21:32 - 2015-06-03 12:05 - 00000000 ____D () C:\Users\Manon\AppData\Local\SmartWeb
2015-06-01 21:32 - 2015-06-01 21:32 - 00004036 _____ () C:\WINDOWS\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-06-01 12:57 - 2015-06-01 12:57 - 00000000 ____D () C:\Users\Manon\Documents\Optimizer Pro
2015-06-01 12:52 - 2015-06-02 09:56 - 00000000 ____D () C:\Users\Manon\AppData\Local\ABAAAB00-1433163124-81E3-2CEC-50465DE07517
2015-06-01 12:52 - 2013-08-22 15:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-06-01 12:51 - 2015-06-01 21:40 - 00000000 ____D () C:\ProgramData\EpicScale
2015-06-01 12:51 - 2015-06-01 12:51 - 00003154 _____ () C:\WINDOWS\System32\Tasks\Run_Bobby_Browser
2015-06-01 12:50 - 2015-06-01 12:52 - 00000000 ____D () C:\Users\Manon\AppData\Local\BoBrowser
2015-06-01 12:49 - 2015-06-03 11:50 - 00000000 ____D () C:\Users\Manon\AppData\Roaming\ABAAAB00-1433155742-81E3-2CEC-50465DE07517
2015-06-01 12:49 - 2015-06-01 12:51 - 00006741 _____ () C:\claraInstaller.txt
2015-06-01 12:48 - 2015-06-01 21:43 - 00000000 ____D () C:\Users\Manon\AppData\Roaming\Store
2015-06-01 12:48 - 2015-06-01 21:41 - 00000000 ____D () C:\Users\Manon\AppData\Roaming\WTools
2015-06-01 12:48 - 2015-06-01 12:48 - 00000078 _____ () C:\Users\Manon\AppData\Roaming\Selection Tools.installation.log
2015-06-01 12:47 - 2015-06-01 12:48 - 00000078 _____ () C:\Users\Manon\AppData\Roaming\WindApp.installation.log
2015-06-01 12:46 - 2015-06-01 21:38 - 00000000 ____D () C:\Users\Manon\AppData\Roaming\Nosibay
2015-06-01 12:46 - 2015-06-01 12:48 - 00001273 _____ () C:\Users\Manon\AppData\Roaming\Bubble Dock.boostrap.log
2015-06-01 12:46 - 2015-06-01 12:47 - 00005711 _____ () C:\Users\Manon\AppData\Roaming\Bubble Dock.installation.log
2015-06-01 12:46 - 2015-06-01 12:46 - 00000097 _____ () C:\Users\Manon\AppData\Roaming\WindApp.boostrap.log
2015-06-01 12:45 - 2015-06-01 22:02 - 00000000 ____D () C:\Program Files (x86)\Software
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Manon\AppData\Roaming\F0sHFuAfVP3
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Manon\AppData\Roaming\iiTizPSFlyaOPpjphEhPZ41
C:\Program Files (x86)\TornTV.com
C:\Program Files (x86)\AnyProtectEx
C:\Program Files (x86)\SweetIM
C:\ProgramData\rocketDeal
C:\ProgramData\prizEceouPon
C:\Users\Manon\AppData\Roaming\webssearches
C:\users\manon\appdata\roaming\cacaoweb
C:\Windows\System32\drivers\{8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64.sys
Task: {01322CCD-A34A-487B-AA6C-C65A9A84297D} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Manon\AppData\Local\SmartWeb\SmartWebHelper.exe
Task: {2733564E-564C-4CEF-8EEF-23F073A4AA31} - System32\Tasks\{5BEB8CDF-ED6D-4266-AB4D-459EC50A67DD} => pcalua.exe -a C:\Users\Manon\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=exp
Task: {4BDF24D6-4288-42F7-A3E3-E6365D7E6857} - System32\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-3 => C:\Program Files (x86)\CinemaPlus-3.2cV01.06\7b4481ad-3af9-492d-bf3a-5701bd027411-3.exe [2015-06-01] ()
Task: {57E2781E-3EF1-41B2-85B0-BEBE8CCA852B} - System32\Tasks\Run_Bobby_Browser => C:\Users\Manon\AppData\Local\BoBrowser\Application\bobrowser.exe [2014-11-19] (The BoBrowser Authors)
Task: {6A85ECAA-3E43-4FF6-9E85-E95BD484582B} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: {A1A3F6D9-B25A-49EE-89C2-56AF6A7A33D7} - System32\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-7 => C:\Program Files (x86)\CinemaPlus-3.2cV01.06\7b4481ad-3af9-492d-bf3a-5701bd027411-7.exe [2015-06-01] ()
Task: {B895F67D-3AEE-46D6-AE08-97FB445D123D} - System32\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-4 => C:\Program Files (x86)\CinemaPlus-3.2cV01.06\7b4481ad-3af9-492d-bf3a-5701bd027411-4.exe [2015-06-01] ()
Task: {C70FF110-5325-48B6-B821-9910A52A2341} - System32\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV01.06\7b4481ad-3af9-492d-bf3a-5701bd027411-1-7.exe [2015-06-01] ()
Task: {F46AA4E1-1A3E-4601-A3D0-9E77504D1272} - System32\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-11 => C:\Program Files (x86)\CinemaPlus-3.2cV01.06\7b4481ad-3af9-492d-bf3a-5701bd027411-11.exe [2015-06-01] ()
Task: C:\WINDOWS\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV01.06\7b4481ad-3af9-492d-bf3a-5701bd027411-1-7.exe
Task: C:\WINDOWS\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-11.job => C:\Program Files (x86)\CinemaPlus-3.2cV01.06\7b4481ad-3af9-492d-bf3a-5701bd027411-11.exe
Task: C:\WINDOWS\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-3.job => C:\Program Files (x86)\CinemaPlus-3.2cV01.06\7b4481ad-3af9-492d-bf3a-5701bd027411-3.exe
Task: C:\WINDOWS\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-4.job => C:\Program Files (x86)\CinemaPlus-3.2cV01.06\7b4481ad-3af9-492d-bf3a-5701bd027411-4.exe
Task: C:\WINDOWS\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV01.06\7b4481ad-3af9-492d-bf3a-5701bd027411-7.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
FirewallRules: [UDP Query User{98B39C03-29CA-4E1D-AE48-EC41CED4513A}C:\users\manon\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\manon\appdata\roaming\cacaoweb\cacaoweb.exe
FirewallRules: [TCP Query User{04F2615B-534C-4CB7-A179-A5219ABF6553}C:\users\manon\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\manon\appdata\roaming\cacaoweb\cacaoweb.exe
FirewallRules: [{226A4774-3E11-4C06-8433-86E6FD7C738C}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{D08F1D5E-5F4D-4903-9C0F-B808176EAA44}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
RemoveProxy:
EmptyTemp:
end