CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2317217915-3030507882-558724183-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-2317217915-3030507882-558724183-1000\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2317217915-3030507882-558724183-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-2317217915-3030507882-558724183-1000 -> No Name - {FCC3F67B-23A9-47F5-813E-2F46A749472C} - No File
Toolbar: HKU\S-1-5-21-2317217915-3030507882-558724183-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
U3 idsvc; no ImagePath
S1 livzvpht; \??\C:\WINDOWS\system32\drivers\livzvpht.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
NETSVCx32: NetSetupSvc -> C:\Windows\SysWOW64\NetSetupSvc.dll ==> No File
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File
2015-07-31 16:14 - 2015-07-31 16:14 - 00000000 ____D C:\Program Files\Yamicsoft
2015-07-31 16:12 - 2015-08-05 10:45 - 00000000 ____D C:\Users\poppag\AppData\Roaming\Yamicsoft
2015-08-11 12:48 - 2015-06-01 17:43 - 00000000 ____D C:\Users\poppag\AppData\Roaming\BitTorrent
C:\ProgramData\sysqcl1129139270.dat
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Task: {0BF87784-C04B-425F-BE5D-8927885E3699} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {3D37AD79-7832-461E-9942-CD73A5531F6E} - \TidyNetwork Update -> No File <==== ATTENTION
Task: {680E74AD-6A5D-4339-97A5-CC68FFF9F652} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {70A1E538-609A-4FCA-A7B2-6F4743CD9110} - \Bidaily Synchronize Task[3c32] -> No File <==== ATTENTION
Task: {82B68E5D-FE3D-468C-868E-C10A19D8DE0F} - \SpeechRuntimeTask -> No File <==== ATTENTION
Task: {E95F46C0-8DFF-4B1E-9333-EA488CC9B25D} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {FFF292D6-3252-444F-99D1-380FEDCEE638} - \ArcadeTwist Support -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp: