CreateRestorePoint:
CloseProcesses:
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Tester Extension) C:\ProgramData\makulitsidwe\1.1.0.29\cozwdhost.exe
() C:\Users\Peter Chang\AppData\Roaming\VOPackage\VOsrv.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
() C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Tester Extension) C:\ProgramData\makulitsidwe\1.1.0.29\cozahost.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\StormWatch.exe
(Tester Extension) C:\ProgramData\makulitsidwe\1.1.0.29\coz64host.exe
() C:\Users\Peter Chang\AppData\Local\wincheck\wincheck.exe
(Tester Extension) C:\ProgramData\makulitsidwe\1.1.0.29\coz32host.exe
() C:\Program Files (x86)\StormWatch\StormWatchApp.exe
() C:\Users\Peter Chang\AppData\Local\GeniusBox\Client.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Tester Extension) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
C:\Program Files (x86)\MyPC Backup
C:\ProgramData\makulitsidwe
C:\Users\Peter Chang\AppData\Roaming\VOPackage
C:\Program Files (x86)\SearchProtect
C:\Program Files (x86)\Cyti Web
C:\Program Files (x86)\StormWatch
C:\Users\Peter Chang\AppData\Local\wincheck
C:\Users\Peter Chang\AppData\Local\GeniusBox
HKLM-x32\...\Run: [WinCheck] => C:\Users\Peter Chang\AppData\Local\wincheck\wincheck.exe [267776 2015-01-13] ()
HKU\S-1-5-21-3782137376-2487312525-798218974-1000\...\MountPoints2: {fc245614-4c06-11e3-a5d1-bc77370d42ff} - G:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [245008 2015-01-05] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [215312 2015-01-05] (Client Connect LTD)
Startup: C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
ShortcutTarget: StormWatch.lnk -> C:\Program Files (x86)\StormWatch\StormWatch.exe (Weather Protector LLC)
Startup: C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
ShortcutTarget: StormWatchApp.lnk -> C:\Program Files (x86)\StormWatch\StormWatchApp.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-3782137376-2487312525-798218974-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3782137376-2487312525-798218974-1000] => http=127.0.0.1:49578;https=127.0.0.1:49578
HKU\S-1-5-21-3782137376-2487312525-798218974-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...96682F6F2&SSPV=
SearchScopes: HKU\S-1-5-21-3782137376-2487312525-798218974-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3782137376-2487312525-798218974-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
BHO-x32: Cyti Web 1.0.0.6 -> {aa2fac44-d24d-4fed-9e32-397d138365f1} -> C:\Program Files (x86)\Cyti Web\CytiWebbho.dll (Cyti Web)
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3332128&octid=EB_ORIGINAL_CTID&ISID=M71F06DB9-A2BA-45B7-A498-1CC22CD7CCA1&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP55EBD7ED-3DC8-4920-B901-0A796682F6F2
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3332128&octid=EB_ORIGINAL_CTID&ISID=M71F06DB9-A2BA-45B7-A498-1CC22CD7CCA1&SearchSource=55&CUI=&UM=8&UP=SP55EBD7ED-3DC8-4920-B901-0A796682F6F2&SSPV=
FF user.js: detected! => C:\Users\Peter Chang\AppData\Roaming\Mozilla\Firefox\Profiles\egq0d27k.default-1419311337300\user.js
FF SearchPlugin: C:\Users\Peter Chang\AppData\Roaming\Mozilla\Firefox\Profiles\egq0d27k.default-1419311337300\searchplugins\trovi-search.xml
FF Extension: Zoompic - C:\Users\Peter Chang\AppData\Roaming\Mozilla\Firefox\Profiles\egq0d27k.default-1419311337300\Extensions\sdd@zmfpro.com [2015-01-13]
FF Extension: Cyti Web 1.0.1 - C:\Users\Peter Chang\AppData\Roaming\Mozilla\Firefox\Profiles\egq0d27k.default-1419311337300\Extensions\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}.xpi [2015-01-13]
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3332128&octid=EB_ORIGINAL_CTID&ISID=M71F06DB9-A2BA-45B7-A498-1CC22CD7CCA1&SearchSource=55&CUI=&UM=8&UP=SP55EBD7ED-3DC8-4920-B901-0A796682F6F2&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3332128&octid=EB_ORIGINAL_CTID&ISID=M71F06DB9-A2BA-45B7-A498-1CC22CD7CCA1&SearchSource=55&CUI=&UM=8&UP=SP55EBD7ED-3DC8-4920-B901-0A796682F6F2&SSPV="
CHR Extension: (InboxAce) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdhaekeogebjjbaldibekfepbhogdng [2014-11-06]
CHR Extension: (MapsGalaxy) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nadeggfacbpjnhkfamjfhjmfklhfjgol [2015-01-05]
CHR Extension: (MapsGalaxy) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb [2014-10-17]
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53832 2014-11-25] (Just Develop It) <==== ATTENTION
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3342608 2015-01-05] (Client Connect LTD)
R2 cozaghost; C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe [472096 2015-01-08] (Tester Extension)
R2 cozwdhost; C:\ProgramData\makulitsidwe\1.1.0.29\cozwdhost.exe [199200 2015-01-08] (Tester Extension)
R2 servervo; C:\Users\Peter Chang\AppData\Roaming\VOPackage\VOsrv.exe [136192 2015-01-13] () [File not signed] <==== ATTENTION
R2 SWUpdater; C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe [17584 2014-11-21] (Weather Protector LLC)
R2 Update Cyti Web; C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe [529648 2015-01-14] ()
S2 Util Cyti Web; C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe [529648 2015-01-14] ()
R1 {689b5bed-4e9b-4b8b-a673-3c39fb4d2820}Gw64; C:\Windows\System32\drivers\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}Gw64.sys [48784 2015-01-13] (StdLib)
C:\Windows\System32\drivers\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}Gw64.sys
R1 {a6994947-8316-401e-82e4-23da215413fb}Gw64; C:\Windows\System32\drivers\{a6994947-8316-401e-82e4-23da215413fb}Gw64.sys [48784 2015-01-13] (StdLib)
C:\Windows\System32\drivers\{a6994947-8316-401e-82e4-23da215413fb}Gw64.sys
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
C:\Windows\system32\drivers\SPPD.sys
2015-01-13 15:39 - 2015-01-13 17:42 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2015-01-13 15:39 - 2015-01-13 17:42 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2015-01-13 15:39 - 2015-01-13 16:04 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2015-01-13 15:39 - 2015-01-13 15:39 - 00002840 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2015-01-13 15:39 - 2015-01-13 15:39 - 00002838 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2015-01-13 15:39 - 2015-01-13 15:39 - 00002838 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2015-01-13 15:39 - 2015-01-13 15:39 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-01-13 15:36 - 2015-01-13 15:39 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2015-01-13 15:36 - 2015-01-13 15:36 - 00628496 _____ (CMI Limited) C:\Users\Peter Chang\AppData\Local\nsg6B6B.tmp
2015-01-13 15:36 - 2015-01-13 15:36 - 00000000 __SHD () C:\Users\Peter Chang\AppData\Roaming\AnyProtectEx
2015-01-13 14:26 - 2015-01-13 14:26 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\wincheck
2015-01-13 14:26 - 2015-01-13 07:40 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{a6994947-8316-401e-82e4-23da215413fb}Gw64.sys
2015-01-13 14:25 - 2015-01-13 14:25 - 00004534 _____ () C:\Windows\System32\Tasks\Validate Installation
2015-01-13 14:25 - 2015-01-13 14:25 - 00004326 _____ () C:\Windows\System32\Tasks\Check Updates
2015-01-13 14:25 - 2015-01-13 14:25 - 00003906 _____ () C:\Windows\System32\Tasks\GeniusBox
2015-01-13 14:25 - 2015-01-13 14:25 - 00000064 _____ () C:\Users\Peter Chang\AppData\Local\d1dffc9988ec3ec7cc062609a55dfa61
2015-01-13 14:25 - 2015-01-13 14:25 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\GeniusBox
2015-01-13 14:24 - 2015-01-13 17:41 - 00000000 ____D () C:\Program Files (x86)\ORBTR
2015-01-13 14:24 - 2015-01-13 14:24 - 00004036 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-01-13 14:24 - 2015-01-13 14:24 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\SearchProtect
2015-01-13 14:24 - 2015-01-13 14:24 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-01-13 14:23 - 2015-01-13 17:42 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-01-13 14:23 - 2015-01-13 14:24 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\VOPackage
2015-01-13 14:23 - 2015-01-13 14:23 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-01-13 14:23 - 2015-01-13 14:23 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2015-01-13 14:22 - 2015-01-16 11:02 - 00003482 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
2015-01-13 14:22 - 2015-01-13 17:23 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\StormWatch
2015-01-13 14:22 - 2015-01-13 14:22 - 02092199 _____ () C:\Windows\shost.bin
2015-01-13 14:22 - 2015-01-13 14:22 - 00003218 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
2015-01-13 14:22 - 2015-01-13 14:22 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
2015-01-13 14:22 - 2015-01-13 14:22 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\Weather_Protector_LLC
2015-01-13 14:22 - 2015-01-13 14:22 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\Pro_PC_Cleaner
2015-01-13 14:22 - 2015-01-13 14:22 - 00000000 ____D () C:\Program Files (x86)\StormWatch
2015-01-13 14:21 - 2015-01-16 11:02 - 00000000 ____D () C:\Users\Peter Chang\Documents\ProPCCleaner
2015-01-13 14:21 - 2015-01-13 14:21 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\Pro PC Cleaner
2015-01-13 14:21 - 2015-01-13 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner
2015-01-13 14:21 - 2015-01-13 14:21 - 00000000 ____D () C:\Program Files (x86)\Pro PC Cleaner
2015-01-13 14:19 - 2015-01-14 20:55 - 00000000 ____D () C:\Program Files (x86)\Cyti Web
2015-01-13 14:19 - 2015-01-13 14:19 - 00596896 _____ () C:\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe (3).exe
2015-01-13 14:19 - 2015-01-13 14:19 - 00596888 _____ () C:\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe (4).exe
2015-01-13 14:19 - 2015-01-13 14:19 - 00000000 ____D () C:\ProgramData\makulitsidwe
2015-01-13 14:18 - 2015-01-13 14:18 - 00596904 _____ () C:\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe.exe
2015-01-13 14:18 - 2015-01-13 14:18 - 00596896 _____ () C:\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe (1).exe
2015-01-13 14:18 - 2015-01-13 14:18 - 00596888 _____ () C:\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe (2).exe
2014-12-21 22:48 - 2013-03-25 23:07 - 00000000 ____D () C:\Program Files (x86)\SlimCleaner
2014-12-20 21:57 - 2014-11-06 15:19 - 00000000 ____D () C:\ProgramData\FastAgain 2014
Task: {25312C1D-AE26-4BE0-B243-C65716B4F81E} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2014-08-21] (Pro PC Cleaner)
Task: {269E2A40-2C0C-4BE6-B41A-E438216FFDD3} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {2ECFCE8F-86F7-47AC-8164-825A0E450615} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-25] (MyPC Backup) <==== ATTENTION
Task: {3207386B-8E06-409B-9090-983BFB9E79BC} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-13] (AnyProtect.com) <==== ATTENTION
Task: {7937DBA1-20ED-483D-BCA5-D10763393635} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\Peter Chang\AppData\Local\GeniusBox\client.exe"
Task: {C0825733-F097-4FBE-B843-C1552B437BAD} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe [2014-08-21] ()
Task: {D229D97F-1FBF-4BE8-9678-FD9D337ADC01} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-13] (AnyProtect.com) <==== ATTENTION
Task: {ECAAB7FC-218D-4970-8ED3-E7E3D98E1508} - System32\Tasks\Check Updates => C:\Users\Peter Chang\AppData\Local\GeniusBox\updater.exe [2015-01-06] ()
Task: {EF3F16ED-B0EC-4CB7-B248-5C196A60A399} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-13] (AnyProtect.com) <==== ATTENTION
Task: {F62263B3-316E-49BC-A78A-54FBFFBFC6DC} - System32\Tasks\Validate Installation => C:\Users\Peter Chang\AppData\Local\GeniusBox\updater.exe [2015-01-06] ()
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
EmptyTemp: