start CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [mbot_fr_636] => [X] HKLM-x32\...\Run: [gmsd_fr_596] => [X] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction CHR HKU\S-1-5-21-4149186439-2392420858-2605180521-1002\SOFTWARE\Policies\Google: Policy restriction HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1408474871&from=exp&uid=HitachiXHTS545050A7E380_TE85113Q08EXSR08EXSRX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1408474871&from=exp&uid=HitachiXHTS545050A7E380_TE85113Q08EXSR08EXSRX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1408474871&from=exp&uid=HitachiXHTS545050A7E380_TE85113Q08EXSR08EXSRX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1408474871&from=exp&uid=HitachiXHTS545050A7E380_TE85113Q08EXSR08EXSRX&q={searchTerms} HKU\S-1-5-21-4149186439-2392420858-2605180521-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3330124&octid=EB_ORIGINAL_CTID&ISID=M259C1140-A70E-42EE-954B-93C07753AFD7&SearchSource=55&CUI=&UM=8&UP=SP928E9A27-5E8D-4E62-BA31-96A2DB663182&D=060115&SSPV=SPJSBT2B_sp_ie SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1408474871&from=exp&uid=HitachiXHTS545050A7E380_TE85113Q08EXSR08EXSRX&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_25_ff&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzztDtBzztAzytByE0CyB0BtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyCyEzytCtBtA0DtGyD0Dzz0AtG0E0C0E0CtG0CtCzyyEtGtC0FyCyEtCyD0A0Bzz0BtDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDtDzytA0F0C0EtGzzzytCzytGyBzytC0DtGzy0DtCyBtGyCyBtB0AtByE0A0CzyzzyEyB2Q&cr=95153207&ir= SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1408474871&from=exp&uid=HitachiXHTS545050A7E380_TE85113Q08EXSR08EXSRX&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1408474871&from=exp&uid=HitachiXHTS545050A7E380_TE85113Q08EXSR08EXSRX&q={searchTerms} SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = SearchScopes: HKU\S-1-5-21-4149186439-2392420858-2605180521-1002 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3330124&octid=EB_ORIGINAL_CTID&ISID=M259C1140-A70E-42EE-954B-93C07753AFD7&SearchSource=58&CUI=&UM=8&UP=SP928E9A27-5E8D-4E62-BA31-96A2DB663182&D=060115&q={searchTerms}&SSPV=SPJSBT2B_sp_ie SearchScopes: HKU\S-1-5-21-4149186439-2392420858-2605180521-1002 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3330124&octid=EB_ORIGINAL_CTID&ISID=M259C1140-A70E-42EE-954B-93C07753AFD7&SearchSource=58&CUI=&UM=8&UP=SP928E9A27-5E8D-4E62-BA31-96A2DB663182&D=060115&q={searchTerms}&SSPV=SPJSBT2B_sp_ie SearchScopes: HKU\S-1-5-21-4149186439-2392420858-2605180521-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_25_ff&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzztDtBzztAzytByE0CyB0BtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyCyEzytCtBtA0DtGyD0Dzz0AtG0E0C0E0CtG0CtCzyyEtGtC0FyCyEtCyD0A0Bzz0BtDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDtDzytA0F0C0EtGzzzytCzytGyBzytC0DtGzy0DtCyBtGyCyBtB0AtByE0A0CzyzzyEyB2Q&cr=95153207&ir= SearchScopes: HKU\S-1-5-21-4149186439-2392420858-2605180521-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1A0B84A6C802838F&affID=123706&tt=240913_246&tsp=5016 SearchScopes: HKU\S-1-5-21-4149186439-2392420858-2605180521-1002 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = SearchScopes: HKU\S-1-5-21-4149186439-2392420858-2605180521-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1408474871&from=exp&uid=HitachiXHTS545050A7E380_TE85113Q08EXSR08EXSRX&q={searchTerms} BHO: rocketDeal -> {23570091-4f5c-4b22-84ad-b3388dd8f97c} -> C:\ProgramData\rocketDeal\Xm3SuHq2kMjj3E.x64.dll No File BHO: prizEceouPon -> {3fca2b71-87be-46e4-b616-782d47d235ef} -> C:\ProgramData\prizEceouPon\Ip90tZZkPGuMGw.x64.dll No File BHO-x32: No Name -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> No File Toolbar: HKLM-x32 - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Toolbar: HKU\S-1-5-21-4149186439-2392420858-2605180521-1002 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-06-01] () FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-06-01] () FF user.js: detected! => C:\Users\Manon\AppData\Roaming\Mozilla\Firefox\Profiles\uoaa0lbt.default-1433236209777\user.js [2015-06-02] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml [2014-08-19] FF Extension: CinemaPlus-3.2cV01.06 - C:\Users\Manon\AppData\Roaming\Mozilla\Firefox\Profiles\uoaa0lbt.default-1433236209777\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-06-03] FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Manon\AppData\Roaming\Mozilla\Firefox\Profiles\it671xug.default\extensions\faststartff@gmail.com CHR Extension: (CinemaPlus-3.2cV01.06) - C:\Users\Manon\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-06-02] CHR HKLM-x32\...\Chrome\Extension: [bebnnlollpcjnfpkafhoclljaojgnfok] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx [Not Found] R2 tyvozyno; C:\Users\Manon\AppData\Roaming\ABAAAB00-1433155742-81E3-2CEC-50465DE07517\jnsjDEE4.tmp [129536 2015-06-01] () [File not signed] S2 Util Edu App; "C:\Program Files (x86)\Edu App\bin\utilEduApp.exe" [X] R1 {8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64; C:\Windows\System32\drivers\{8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64.sys [48784 2014-12-16] () [File not signed] R1 {eb01aed1-bba3-4e72-8323-a77bb027b1d4}Gw64; C:\Windows\System32\drivers\{eb01aed1-bba3-4e72-8323-a77bb027b1d4}Gw64.sys [48776 2015-06-01] () [File not signed] S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X] 2015-06-02 11:07 - 2015-06-02 11:07 - 00613255 _____ (CMI Limited) C:\Users\Manon\AppData\Local\nsoC287.tmp 2015-06-02 09:46 - 2015-06-02 09:46 - 00000000 ____D () C:\Program Files (x86)\predm 2015-06-02 09:44 - 2015-06-02 09:56 - 00000000 ____D () C:\Program Files (x86)\GUPlayer 2015-06-02 09:43 - 2015-06-02 09:43 - 00002127 _____ () C:\Users\Manon\Desktop\Continue Mybest Offerstoday Uninstaller.lnk 2015-06-02 09:39 - 2015-06-02 09:39 - 00000000 ____D () C:\ProgramData\61c80b2c000004b5 2015-06-01 21:47 - 2015-06-01 21:47 - 00613255 _____ (CMI Limited) C:\Users\Manon\AppData\Local\nsjA193.tmp 2015-06-01 21:42 - 2015-06-01 05:39 - 00048776 ____N () C:\WINDOWS\system32\Drivers\{eb01aed1-bba3-4e72-8323-a77bb027b1d4}Gw64.sys 2015-06-01 21:40 - 2015-06-01 21:40 - 00613255 _____ (CMI Limited) C:\Users\Manon\AppData\Local\nsu9F7.tmp 2015-06-01 21:40 - 2015-06-01 21:40 - 00000000 __SHD () C:\Users\Manon\AppData\Roaming\AnyProtectEx 2015-06-01 21:37 - 2015-06-01 21:38 - 00000956 _____ () C:\WINDOWS\SysWOW64\${LOGFILE} 2015-06-01 21:35 - 2015-06-01 21:35 - 00000000 ____D () C:\Program Files (x86)\6b014657-170e-4d64-b464-1159e9bab40e 2015-06-01 21:34 - 2015-06-03 12:06 - 00000000 ____D () C:\Program Files (x86)\CinemaPlus-3.2cV01.06 2015-06-01 21:34 - 2015-06-03 11:49 - 00004178 _____ () C:\WINDOWS\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-3.job 2015-06-01 21:34 - 2015-06-03 10:34 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-06-01 21:34 - 2015-06-01 21:34 - 00007182 _____ () C:\WINDOWS\System32\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-3 2015-06-01 21:34 - 2015-06-01 21:34 - 00000000 ____D () C:\Users\Manon\AppData\Local\globalUpdate 2015-06-01 21:34 - 2015-06-01 21:34 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2015-06-01 21:32 - 2015-06-03 12:05 - 00000000 ____D () C:\Users\Manon\AppData\Local\SmartWeb 2015-06-01 21:32 - 2015-06-01 21:32 - 00004036 _____ () C:\WINDOWS\System32\Tasks\SmartWeb Upgrade Trigger Task 2015-06-01 12:57 - 2015-06-01 12:57 - 00000000 ____D () C:\Users\Manon\Documents\Optimizer Pro 2015-06-01 12:52 - 2015-06-02 09:56 - 00000000 ____D () C:\Users\Manon\AppData\Local\ABAAAB00-1433163124-81E3-2CEC-50465DE07517 2015-06-01 12:52 - 2013-08-22 15:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hp.bak 2015-06-01 12:51 - 2015-06-01 21:40 - 00000000 ____D () C:\ProgramData\EpicScale 2015-06-01 12:51 - 2015-06-01 12:51 - 00003154 _____ () C:\WINDOWS\System32\Tasks\Run_Bobby_Browser 2015-06-01 12:50 - 2015-06-01 12:52 - 00000000 ____D () C:\Users\Manon\AppData\Local\BoBrowser 2015-06-01 12:49 - 2015-06-03 11:50 - 00000000 ____D () C:\Users\Manon\AppData\Roaming\ABAAAB00-1433155742-81E3-2CEC-50465DE07517 2015-06-01 12:49 - 2015-06-01 12:51 - 00006741 _____ () C:\claraInstaller.txt 2015-06-01 12:48 - 2015-06-01 21:43 - 00000000 ____D () C:\Users\Manon\AppData\Roaming\Store 2015-06-01 12:48 - 2015-06-01 21:41 - 00000000 ____D () C:\Users\Manon\AppData\Roaming\WTools 2015-06-01 12:48 - 2015-06-01 12:48 - 00000078 _____ () C:\Users\Manon\AppData\Roaming\Selection Tools.installation.log 2015-06-01 12:47 - 2015-06-01 12:48 - 00000078 _____ () C:\Users\Manon\AppData\Roaming\WindApp.installation.log 2015-06-01 12:46 - 2015-06-01 21:38 - 00000000 ____D () C:\Users\Manon\AppData\Roaming\Nosibay 2015-06-01 12:46 - 2015-06-01 12:48 - 00001273 _____ () C:\Users\Manon\AppData\Roaming\Bubble Dock.boostrap.log 2015-06-01 12:46 - 2015-06-01 12:47 - 00005711 _____ () C:\Users\Manon\AppData\Roaming\Bubble Dock.installation.log 2015-06-01 12:46 - 2015-06-01 12:46 - 00000097 _____ () C:\Users\Manon\AppData\Roaming\WindApp.boostrap.log 2015-06-01 12:45 - 2015-06-01 22:02 - 00000000 ____D () C:\Program Files (x86)\Software 2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Manon\AppData\Roaming\F0sHFuAfVP3 2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Manon\AppData\Roaming\iiTizPSFlyaOPpjphEhPZ41 C:\Program Files (x86)\TornTV.com C:\Program Files (x86)\AnyProtectEx C:\Program Files (x86)\SweetIM C:\ProgramData\rocketDeal C:\ProgramData\prizEceouPon C:\Users\Manon\AppData\Roaming\webssearches C:\users\manon\appdata\roaming\cacaoweb C:\Windows\System32\drivers\{8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64.sys Task: {01322CCD-A34A-487B-AA6C-C65A9A84297D} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Manon\AppData\Local\SmartWeb\SmartWebHelper.exe Task: {2733564E-564C-4CEF-8EEF-23F073A4AA31} - System32\Tasks\{5BEB8CDF-ED6D-4266-AB4D-459EC50A67DD} => pcalua.exe -a C:\Users\Manon\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=exp Task: {4BDF24D6-4288-42F7-A3E3-E6365D7E6857} - System32\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-3 => C:\Program Files (x86)\CinemaPlus-3.2cV01.06\7b4481ad-3af9-492d-bf3a-5701bd027411-3.exe [2015-06-01] () Task: {57E2781E-3EF1-41B2-85B0-BEBE8CCA852B} - System32\Tasks\Run_Bobby_Browser => C:\Users\Manon\AppData\Local\BoBrowser\Application\bobrowser.exe [2014-11-19] (The BoBrowser Authors) Task: {6A85ECAA-3E43-4FF6-9E85-E95BD484582B} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe Task: {A1A3F6D9-B25A-49EE-89C2-56AF6A7A33D7} - System32\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-7 => C:\Program Files (x86)\CinemaPlus-3.2cV01.06\7b4481ad-3af9-492d-bf3a-5701bd027411-7.exe [2015-06-01] () Task: {B895F67D-3AEE-46D6-AE08-97FB445D123D} - System32\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-4 => C:\Program Files (x86)\CinemaPlus-3.2cV01.06\7b4481ad-3af9-492d-bf3a-5701bd027411-4.exe [2015-06-01] () Task: {C70FF110-5325-48B6-B821-9910A52A2341} - System32\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV01.06\7b4481ad-3af9-492d-bf3a-5701bd027411-1-7.exe [2015-06-01] () Task: {F46AA4E1-1A3E-4601-A3D0-9E77504D1272} - System32\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-11 => C:\Program Files (x86)\CinemaPlus-3.2cV01.06\7b4481ad-3af9-492d-bf3a-5701bd027411-11.exe [2015-06-01] () Task: C:\WINDOWS\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV01.06\7b4481ad-3af9-492d-bf3a-5701bd027411-1-7.exe Task: C:\WINDOWS\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-11.job => C:\Program Files (x86)\CinemaPlus-3.2cV01.06\7b4481ad-3af9-492d-bf3a-5701bd027411-11.exe Task: C:\WINDOWS\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-3.job => C:\Program Files (x86)\CinemaPlus-3.2cV01.06\7b4481ad-3af9-492d-bf3a-5701bd027411-3.exe Task: C:\WINDOWS\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-4.job => C:\Program Files (x86)\CinemaPlus-3.2cV01.06\7b4481ad-3af9-492d-bf3a-5701bd027411-4.exe Task: C:\WINDOWS\Tasks\7b4481ad-3af9-492d-bf3a-5701bd027411-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV01.06\7b4481ad-3af9-492d-bf3a-5701bd027411-7.exe Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe FirewallRules: [UDP Query User{98B39C03-29CA-4E1D-AE48-EC41CED4513A}C:\users\manon\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\manon\appdata\roaming\cacaoweb\cacaoweb.exe FirewallRules: [TCP Query User{04F2615B-534C-4CB7-A179-A5219ABF6553}C:\users\manon\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\manon\appdata\roaming\cacaoweb\cacaoweb.exe FirewallRules: [{226A4774-3E11-4C06-8433-86E6FD7C738C}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe FirewallRules: [{D08F1D5E-5F4D-4903-9C0F-B808176EAA44}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe RemoveProxy: EmptyTemp: end