CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [Registry Helper] => "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot HKU\S-1-5-21-826546569-3919575575-2117434215-1000\...\Run: [WindApp] => "C:\Users\Lea\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup C:\Users\Lea\AppData\Roaming\Store HKU\S-1-5-21-826546569-3919575575-2117434215-1000\...\Run: [GoogleChromeAutoLaunch_C63F8F50B803D97E61E75CB961FB0DD5] => "C:\Users\Lea\AppData\Local\Vosteran\Application\vosteran.exe" --auto-launch-at-startup --profile-directory="Default" C:\Users\Lea\AppData\Local\Vosteran AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll File Not Found IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearc...r=309151058&ir= SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-re...q={searchTerms} SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://www.mystartse...q={searchTerms} Hosts: Hosts file not detected in the default directory C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com CHR HKU\S-1-5-21-826546569-3919575575-2117434215-1000\...\Chrome\Extension: [kljghhlcggnhofdcnlkelobcehdbnfnd] - C:\Users\Lea\AppData\Roaming\Nectar Search Toolbar\Toolbar_production_61465_85.crx [Not Found] R2 IHProtect Service; C:\Program Files (x86)\STab\ProtectService.exe [158864 2014-11-10] (TODO: ) 2014-12-30 20:24 - 2014-12-30 20:25 - 00880784 _____ (Google Inc.) C:\Users\Lea\Downloads\ChromeSetup (6).exe 2014-12-30 20:07 - 2014-12-30 20:07 - 00880784 _____ (Google Inc.) C:\Users\Lea\Downloads\ChromeSetup (5).exe 2014-12-30 20:00 - 2014-12-30 20:00 - 00880784 _____ (Google Inc.) C:\Users\Lea\Downloads\ChromeSetup (4).exe 2014-12-30 19:56 - 2014-12-30 19:56 - 00880784 _____ (Google Inc.) C:\Users\Lea\Downloads\ChromeSetup (3).exe 2014-12-30 19:55 - 2014-12-30 19:55 - 00880784 _____ (Google Inc.) C:\Users\Lea\Downloads\ChromeSetup (2).exe 2014-12-21 17:19 - 2014-12-30 17:05 - 00000000 ____D () C:\Users\Lea\AppData\Local\7A95CA11-3011-B740-B402-AA0111F90800 2014-12-21 17:19 - 2014-12-21 17:19 - 00004614 _____ () C:\Windows\System32\Tasks\Runner IC 2014-12-21 17:15 - 2014-12-29 14:44 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\VOPackage 2014-12-13 00:34 - 2014-12-13 00:35 - 00000000 ____D () C:\Users\Lea\AppData\Local\{F1B4641B-6E5B-40AB-AC09-0C6AD40B78A6} 2014-12-08 16:49 - 2014-12-08 16:49 - 00880784 _____ (Google Inc.) C:\Users\Lea\Downloads\ChromeSetup (1).exe 2014-12-08 16:48 - 2014-12-08 16:48 - 00880784 _____ (Google Inc.) C:\Users\Lea\Downloads\ChromeSetup.exe 2014-12-07 19:24 - 2014-11-15 00:32 - 00000000 ____D () C:\ProgramData\saferweb Task: {A362F3C4-C978-4340-A16B-16E1A0D52F59} - System32\Tasks\{2A892629-832C-49CA-A6E0-FD7774B6FB6E} => pcalua.exe -a "C:\Program Files (x86)\Freeven pro 1.2\Uninstall.exe" -c /fcp=1 C:\Program Files (x86)\Freeven pro 1.2 Task: {C63FD030-9D43-4247-89C6-163AC27A97A4} - System32\Tasks\Runner IC => %LOCALAPPDATA%\7A95CA11-3011-B740-B402-AA0111F90800\Runner.exe Task: {D9E525AD-4FE4-42FF-B057-D8B601E23AF0} - System32\Tasks\Microsoft\Windows\Maintenance\Update IC => %LOCALAPPDATA%\7A95CA11-3011-B740-B402-AA0111F90800\Runner.exe Task: {E130326A-FE90-4CFD-B6D2-8750E3DE15ED} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION C:\Program Files (x86)\MyPC Backup HKU\S-1-5-21-826546569-3919575575-2117434215-1000\...\MountPoints2: {7fd6b427-97ee-11e2-9134-eca2cd69f851} - E:\Autorun.exe HKU\S-1-5-21-826546569-3919575575-2117434215-1000\...\MountPoints2: {7fd6b613-97ee-11e2-9134-eca2cd69f851} - F:\Autorun.exe HKU\S-1-5-21-826546569-3919575575-2117434215-1000\...\MountPoints2: {848a37dc-930e-11e2-b27d-df9d82c3ce52} - D:\Autorun.exe HKU\S-1-5-21-826546569-3919575575-2117434215-1000\...\MountPoints2: {ca97fde1-adc3-11e1-af3b-74de2be0d183} - D:\AutoRun.exe HKU\S-1-5-21-826546569-3919575575-2117434215-1000\...\MountPoints2: {ca97fe00-adc3-11e1-af3b-74de2be0d183} - D:\AutoRun.exe HKU\S-1-5-21-826546569-3919575575-2117434215-1000\...\MountPoints2: {ca97fe11-adc3-11e1-af3b-74de2be0d183} - D:\AutoRun.exe HKU\S-1-5-21-826546569-3919575575-2117434215-1000\...\MountPoints2: {ca97fe2f-adc3-11e1-af3b-a0972cb61dbb} - D:\AutoRun.exe 2014-12-28 20:02 - 2014-12-28 20:02 - 00000000 ____D () C:\Users\Lea\AppData\Local\Chromium 2014-12-13 02:57 - 2014-12-13 02:57 - 00001690 _____ () C:\Windows\SysWOW64\${LOGFILE} 2014-12-29 14:44 - 2014-05-11 21:26 - 00000000 ____D () C:\Program Files (x86)\globalUpdate C:\Users\Lea\AppData\Roaming\Nectar Search Toolbar C:\Program Files (x86)\Registry Helper C:\PROGRA~2\SearchProtect C:\Program Files (x86)\STab C:\Program Files (x86)\Freeven pro 1.2 Hosts: EmptyTemp: