Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-05-2015
Ran by clement at 2015-05-05 20:53:48 Run:1
Running from C:\Users\clement\Desktop
Loaded Profiles: UpdatusUser & clement (Available profiles: UpdatusUser & clement)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [sysTPL] => C:\Program Files (x86)\sysTPL\sysTPL.exe [1244440 2014-03-16] (Tlapia)
HKU\S-1-5-21-2017981156-3664355528-1131707352-1002\...\Run: [cacaoweb] => C:\Users\clement\AppData\Roaming\cacaoweb\cacaoweb.exe [515888 2015-05-05] ()
GroupPolicy: Group Policy on Chrome detected
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
HKU\S-1-5-21-2017981156-3664355528-1131707352-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=AirInstaller&dpid=AirInstaller&co=FR&userid=5a49ab4b-9b14-6e3e-5fb2-800ef96bd343&searchtype=ds&q={searchTerms}&installDate=01/11/2013
HKU\S-1-5-21-2017981156-3664355528-1131707352-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=AirInstaller&dpid=AirInstaller&co=FR&userid=5a49ab4b-9b14-6e3e-5fb2-800ef96bd343&searchtype=ds&q={searchTerms}&installDate=01/11/2013
HKU\S-1-5-21-2017981156-3664355528-1131707352-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=ct3314759&octid=eb_original_ctid&searchsource=55&cui=&um=2&up=sp7c3e9f94-6ffd-4712-b258-171ac71d1b61&sspv=
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2017981156-3664355528-1131707352-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=AirInstaller&dpid=AirInstaller&co=FR&userid=5a49ab4b-9b14-6e3e-5fb2-800ef96bd343&searchtype=ds&q={searchTerms}&installDate=01/11/2013
SearchScopes: HKU\S-1-5-21-2017981156-3664355528-1131707352-1002 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=54cfe0f60000000000001ed05a5a6a15&r=515
SearchScopes: HKU\S-1-5-21-2017981156-3664355528-1131707352-1002 -> {CBC510F3-3CF7-4CA1-84D9-A309C79EFC02} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_tele_14_28_ch&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CyB0CzztD0CyB0EtD0FyCtN0D0Tzu0SzytBtBtN1L2XzutBtFtBtCtFtCyEtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtAyEtAtDyCyB0CtGtAyBtC0EtGzztA0CzztGyCyCtDyDtGtAyCyDtAzytAyB0AtAyBtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0AtAyB0E0EtB0DtGtAyC0A0EtGzztC0A0EtGyDtB0AtCtGtCzztB0EtD0Azy0B0DyCyB0C2Q&cr=1466809734&ir=
CHR StartupUrls: Default -> "hxxp://rocket-find.com/?f=7&a=rckt_tele_14_28_ch&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CyB0CzztD0CyB0EtD0FyCtN0D0Tzu0SzytBtBtN1L2XzutBtFtBtCtFtCyEtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtAyEtAtDyCyB0CtGtAyBtC0EtGzztA0CzztGyCyCtDyDtGtAyCyDtAzytAyB0AtAyBtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0AtAyB0E0EtB0DtGtAyC0A0EtGzztC0A0EtGyDtB0AtCtGtCzztB0EtD0Azy0B0DyCyB0C2Q&cr=1466809734&ir="
CHR Extension: (Rocket New Tab) - C:\Users\clement\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom [2014-07-10]
CHR HKLM\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2017981156-3664355528-1131707352-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [399640 2014-03-16] (Tlapia)
R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [400664 2014-03-16] (Tlapia)
2015-05-05 19:04 - 2013-09-07 15:32 - 00000000 ____D () C:\Program Files (x86)\sysTPL
2015-05-05 19:00 - 2014-06-07 19:19 - 00515888 _____ () C:\Users\clement\Desktop\cacaoweb.exe
2013-08-21 18:16 - 2015-05-05 18:58 - 0000401 _____ () C:\Users\clement\AppData\Roaming\sp_data.sys
C:\Program Files (x86)\Plus-HD-3.5
C:\ProgramData\eSafe
C:\Users\clement\AppData\Roaming\cacaoweb
Task: {13295F71-F0CF-4A1F-A887-3CC27145B8E2} - \weDownload Manager Pro-enabler No Task File
Task: {2E75D03D-8383-46BA-9C7C-8100C51A041A} - \weDownload Manager Pro-updater No Task File
Task: {3748CBEF-8C12-4319-9402-7AF5F869C126} - System32\Tasks\Plus-HD-3.5-codedownloader => C:\Program Files (x86)\Plus-HD-3.5\Plus-HD-3.5-codedownloader.exe
Task: {7FF5DE5E-2C18-4096-9036-026D903DD37D} - \bench-sys No Task File
Task: {9824AD87-EDDC-4732-B332-F30313915218} - \weDownload Manager Pro-codedownloader No Task File
Task: {C828DD7A-AF2E-4B5B-AB2D-78C1436B620A} - System32\Tasks\Plus-HD-3.5-chromeinstaller => C:\Program Files (x86)\Plus-HD-3.5\Plus-HD-3.5-chromeinstaller.exe
Task: {F32857ED-F487-4607-B1E4-D108BD954C27} - System32\Tasks\Plus-HD-3.5-updater => C:\Program Files (x86)\Plus-HD-3.5\Plus-HD-3.5-updater.exe
Task: {F36FDB53-2042-48EC-95C9-C6462DE37155} - \weDownload Manager Pro-chromeinstaller No Task File
Task: {FCEEAD5C-161F-4CDF-98CE-9CED0DF47FF0} - System32\Tasks\Plus-HD-3.5-enabler => C:\Program Files (x86)\Plus-HD-3.5\Plus-HD-3.5-enabler.exe
Task: C:\Windows\Tasks\bench-Updater removing.job => NwY /verysilent WORKGROUP PC CLEMS This will uninstall Updater
Task: C:\Windows\Tasks\Plus-HD-3.5-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-3.5\Plus-HD-3.5-chromeinstaller.exe/installcrx /agentregpath='Plus-HD-3.5' /extensionfilepath C:\Program Files (x86)\Plus-HD-3.5\37180.crx' /appid=37180 /srcid='000275' /subid='0' /zdata='0' /bic=FEBCA190D8AD4DA0806FA664D1C7858DIE /verifier=3b2c0b09d593f3d26373749642630a3e /installerversion=1_27_153 /installerfullversion=1.27.153.11 /installationtime=1377422122 /statsdomain=http:/stats.ourstatssrv.com /errorsdomain=http:/errors.ourstatssrv.com
Task: C:\Windows\Tasks\Plus-HD-3.5-codedownloader.job => C:\Program Files (x86)\Plus-HD-3.5\Plus-HD-3.5-codedownloader.exe¯/reinstallapp /agentregpath='Plus-HD-3.5' /appid=37180 /srcid='000275' /subid='0' /zdata='0' /bic=FEBCA190D8AD4DA0806FA664D1C7858DIE /verifier=3b2c0b09d593f3d26373749642630a3e /installerversion=1_27_153 /installerfullversion=1.27.153.11 /installationtime=1377422122 /statsdomain=http:/stats.ourstatssrv.com /errorsdomain=http:/errors.ourstatssrv.com /codedownloaddomain=http:/app-static.crossrider.com
Task: C:\Windows\Tasks\Plus-HD-3.5-enabler.job => C:\Program Files (x86)\Plus-HD-3.5\Plus-HD-3.5-enabler.exe?/enablebho /agentregpath='Plus-HD-3.5' /appid=37180 /srcid='000275' /subid='0' /zdata='0' /bic=FEBCA190D8AD4DA0806FA664D1C7858DIE /verifier=3b2c0b09d593f3d26373749642630a3e /installerversion=1_27_153 /installationtime=1377422122 /statsdomain=http:/stats.ourstatssrv.com /errorsdomain=http:/errors.ourstatssrv.com
Task: C:\Windows\Tasks\Plus-HD-3.5-updater.job => C:\Program Files (x86)\Plus-HD-3.5\Plus-HD-3.5-updater.exeå/runupdater /agentregpath='Plus-HD-3.5' /appid=37180 /srcid='000275' /subid='0' /zdata='0' /bic=FEBCA190D8AD4DA0806FA664D1C7858DIE /verifier=3b2c0b09d593f3d26373749642630a3e /installerversion=1_27_153 /installationtime=1377422122 /statsdomain=http:/stats.ourstatssrv.com /errorsdomain=http:/errors.ourstatssrv.com /monetizationdomain=http:/stats.syncstatsdata.com /geoserviceurl=http:/ipgeoapi.com/ /updatejsondomain=http:/update.ourstatssrv.com
FirewallRules: [{0E1ABF93-0180-404B-8652-1E5572F53C5C}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
RemoveProxy:
Hosts:
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\sysTPL => Value not found.
HKU\S-1-5-21-2017981156-3664355528-1131707352-1002\Software\Microsoft\Windows\CurrentVersion\Run\\cacaoweb => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-2017981156-3664355528-1131707352-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Error setting value.
HKU\S-1-5-21-2017981156-3664355528-1131707352-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value not found.
HKU\S-1-5-21-2017981156-3664355528-1131707352-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => Key deleted successfully.
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-2017981156-3664355528-1131707352-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
"HKU\S-1-5-21-2017981156-3664355528-1131707352-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => Key deleted successfully.
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
"HKU\S-1-5-21-2017981156-3664355528-1131707352-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CBC510F3-3CF7-4CA1-84D9-A309C79EFC02}" => Key deleted successfully.
HKCR\CLSID\{CBC510F3-3CF7-4CA1-84D9-A309C79EFC02} => Key not found.
Chrome StartupUrls deleted successfully.
C:\Users\clement\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKU\S-1-5-21-2017981156-3664355528-1131707352-1002\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
sysTPLMonitor.exe => Service not found.
sysTPLService.exe => Service not found.
"C:\Program Files (x86)\sysTPL" => File/Directory not found.
C:\Users\clement\Desktop\cacaoweb.exe => Moved successfully.
C:\Users\clement\AppData\Roaming\sp_data.sys => Moved successfully.
"C:\Program Files (x86)\Plus-HD-3.5" => File/Directory not found.
"C:\ProgramData\eSafe" => File/Directory not found.
C:\Users\clement\AppData\Roaming\cacaoweb => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13295F71-F0CF-4A1F-A887-3CC27145B8E2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13295F71-F0CF-4A1F-A887-3CC27145B8E2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-enabler" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E75D03D-8383-46BA-9C7C-8100C51A041A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E75D03D-8383-46BA-9C7C-8100C51A041A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3748CBEF-8C12-4319-9402-7AF5F869C126}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3748CBEF-8C12-4319-9402-7AF5F869C126}" => Key deleted successfully.
C:\Windows\System32\Tasks\Plus-HD-3.5-codedownloader => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.5-codedownloader" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FF5DE5E-2C18-4096-9036-026D903DD37D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FF5DE5E-2C18-4096-9036-026D903DD37D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-sys" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9824AD87-EDDC-4732-B332-F30313915218}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9824AD87-EDDC-4732-B332-F30313915218}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-codedownloader" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C828DD7A-AF2E-4B5B-AB2D-78C1436B620A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C828DD7A-AF2E-4B5B-AB2D-78C1436B620A}" => Key deleted successfully.
C:\Windows\System32\Tasks\Plus-HD-3.5-chromeinstaller => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.5-chromeinstaller" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F32857ED-F487-4607-B1E4-D108BD954C27}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F32857ED-F487-4607-B1E4-D108BD954C27}" => Key deleted successfully.
C:\Windows\System32\Tasks\Plus-HD-3.5-updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.5-updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F36FDB53-2042-48EC-95C9-C6462DE37155}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F36FDB53-2042-48EC-95C9-C6462DE37155}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-chromeinstaller" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FCEEAD5C-161F-4CDF-98CE-9CED0DF47FF0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCEEAD5C-161F-4CDF-98CE-9CED0DF47FF0}" => Key deleted successfully.
C:\Windows\System32\Tasks\Plus-HD-3.5-enabler => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.5-enabler" => Key deleted successfully.
C:\Windows\Tasks\bench-Updater removing.job => Moved successfully.
C:\Windows\Tasks\Plus-HD-3.5-chromeinstaller.job => Moved successfully.
C:\Windows\Tasks\Plus-HD-3.5-codedownloader.job => Moved successfully.
C:\Windows\Tasks\Plus-HD-3.5-enabler.job => Moved successfully.
C:\Windows\Tasks\Plus-HD-3.5-updater.job => Moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0E1ABF93-0180-404B-8652-1E5572F53C5C} => value deleted successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-2017981156-3664355528-1131707352-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-2017981156-3664355528-1131707352-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog 20:56:46 ====