CreateRestorePoint: (The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Gamma Task Menager\privoxy.exe (SecureSoft) C:\Windows\mlwps.exe HKLM-x32\...\Run: [fst_us_234] => [X] HKU\S-1-5-21-1926916054-430606287-3612663155-1000\...\Run: [fastclean] => "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe" HKU\S-1-5-21-1926916054-430606287-3612663155-1000\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe HKU\S-1-5-21-1926916054-430606287-3612663155-1000\...\MountPoints2: {e30b19b0-3440-11e4-8cd8-9cb70d9d0814} - J:\LG_PC_Programs.exe IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe Startup: C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2014-05-09] ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File) Startup: C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk [2014-05-03] ShortcutTarget: Severe Weather Alerts App.lnk -> C:\Users\FAM\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe (No File) Startup: C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk [2014-05-03] ShortcutTarget: Severe Weather Alerts.lnk -> C:\Users\FAM\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (No File) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled ProxyServer: [.DEFAULT] => http=127.0.0.1:61049;https=127.0.0.1:61049 ProxyEnable: [S-1-5-21-1926916054-430606287-3612663155-1000] => Internet Explorer proxy is enabled ProxyServer: [S-1-5-21-1926916054-430606287-3612663155-1000] => 127.0.0.1:8118 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=462965117&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=462965117&ir= SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.bing.com/...rc=IE-SearchBox SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} URL = http://www.default-s...p={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://groovorio.com...=1384944263&ir= SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms} SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://groovorio.com...r=840853540&ir= SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=462965117&ir= SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.bing.com/...rc=IE-SearchBox SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} URL = http://www.default-s...p={searchTerms} SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = https://search.yahoo...p={searchTerms} SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://groovorio.com...=1384944263&ir= SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms} BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll [2014-01-21] (We-Care.com) BHO-x32: mysearchdial Helper Object -> {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll [2014-04-02] (MySearchDial) Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll [2014-04-02] (MySearchDial) Toolbar: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FF DefaultSearchEngine: Secure Search FF SearchEngineOrder.1: Secure Search FF SelectedSearchEngine: Secure Search FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF user.js: detected! => C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\user.js [2014-09-24] FF SearchPlugin: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\ask-search.xml [2014-10-15] FF SearchPlugin: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\default-search.xml [2014-08-28] FF SearchPlugin: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\Groovorio.xml [2014-09-24] FF SearchPlugin: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\Mysearchdial.xml [2014-04-02] FF SearchPlugin: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\search.xml [2014-11-26] FF SearchPlugin: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\trovi-search.xml [2014-08-29] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\GoSearch.xml [2015-04-29] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\f89a3bdc7d1ebfc414bac8611651a5c3 [2015-05-06] CHR HKLM-x32\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx [2014-04-23] CHR HKLM-x32\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx [2014-04-23] CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14] CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Darwin\AppData\Local\Slick Savings\coupons.crx [2014-05-10] CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22] R2 Live Malware Protection; C:\Windows\mlwps.exe [242688 2015-04-14] (SecureSoft) [] <==== ATTENTION R2 PrivoxyService; C:\Program Files (x86)\Gamma Task Menager\privoxy.exe [371200 2015-04-14] (The Privoxy team - www.privoxy.org) [] <==== ATTENTION S2 Util ConstaSurf; "C:\Program Files (x86)\ConstaSurf\bin\utilConstaSurf.exe" [X] R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64; C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys [61120 2014-04-24] (StdLib) Task: {13A4E578-0A3B-4B5D-A96C-34E199C00C83} - System32\Tasks\Malware Cleaner => C:\Users\FAM\AppData\Roaming\313A.tmp.exe [2015-04-14] () <==== ATTENTION Task: {B45CC53E-47DD-4069-B5B0-2A25A9021668} - System32\Tasks\System Installer => C:\Users\FAM\AppData\Local\Updater\winupd.exe [2015-04-14] () <==== ATTENTION Task: {D7607ACD-31C0-4461-B6E1-68DB85964ED2} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION Task: {F2867B33-8D98-4FCC-A698-62CC772FC80A} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION Task: {EDD41146-CC8B-4830-A5D5-8171DCBD5E98} - System32\Tasks\Gamma Task Menager Service => C:\Program Files (x86)\Gamma Task Menager\ gtrsecure.exe 2015-05-04 21:00 - 2015-04-14 22:43 - 00000000 ____D () C:\Users\FAM\AppData\Roaming\Getprivate VPN 2015-05-04 21:00 - 2015-04-14 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Getprivate VPN C:\Program Files (x86)\FastClean PRO C:\Program Files\OutfoxTV C:\Program Files (x86)\MyPC Backup C:\ProgramData\WeCareReminder C:\Program Files (x86)\Mysearchdial C:\Program Files (x86)\Common Files\Spigot C:\Program Files (x86)\Gamma Task Menager C:\Program Files (x86)\ConstaSurf C:\Users\Darwin\AppData\Local\Slick Savings C:\Program Files (x86)\Pro PC Cleaner C:\ProgramData\WeCareReminder 2015-04-14 22:31 - 2015-04-14 22:31 - 0000000 _____ () C:\Users\FAM\AppData\Roaming\313A.tmp 2015-04-14 22:31 - 2015-04-14 22:31 - 0803840 _____ () C:\Users\FAM\AppData\Roaming\313A.tmp.exe CMD: ipconfig /flushdns CMD: bitsadmin /reset /allusers CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state off RemoveProxy: Hosts: EmptyTemp: