CreateRestorePoint: HKLM\...\Run: [IDSCCOMZ22] => "C:\Program Files (x86)\Max Driver Updater\idsccom_Z22.exe" HKLM\...\Run: [cpuminer] => C:\Users\Caroline\AppData\Roaming\cpuminer\cpm.exe HKLM-x32\...\Run: [dply_en_015020294] => C:\Program Files (x86)\dply_en_015020294\dply_en_015020294.exe [4336816 2016-04-10] () HKLM-x32\...\Run: [rec_gb_247] => C:\Program Files (x86)\rec_gb_247\rec_gb_247.exe [3972272 2016-04-03] () HKLM-x32\...\Run: [mbot_en_037050293] => [X] HKLM-x32\...\RunOnce: [updply_en_015020294.exe] => C:\Users\Caroline\AppData\Local\dply_en_015020294\updply_en_015020294.exe [3320496 2016-04-10] () HKLM\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs, HKU\S-1-5-21-219877153-197691950-3609309316-1001\...\Policies\Explorer: [] AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [249104 2016-04-03] (Client Connect LTD) AppInit_DLLs: C:\ProgramData\Ronzap\Zundintom.dll => C:\ProgramData\Ronzap\Zundintom.dll [361984 2016-04-14] () AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [221456 2016-04-03] (Client Connect LTD) AppInit_DLLs-x32: C:\ProgramData\Ronzap\Quotecof.dll => C:\ProgramData\Ronzap\Quotecof.dll [257536 2016-04-14] () AutoConfigURL: [S-1-5-21-219877153-197691950-3609309316-1001] => hxxp://un-stop.biz/wpad.dat?69a3ec30733689a2829c1537dc212a068684954 Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\zdengine.dll [297109 2016-04-10] (zdengine) Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\zdengine.dll [297109 2016-04-10] (zdengine) Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\zdengine.dll [297109 2016-04-10] (zdengine) Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\zdengine.dll [297109 2016-04-10] (zdengine) Winsock: Catalog9 17 C:\WINDOWS\SysWOW64\zdengine.dll [297109 2016-04-10] (zdengine) Winsock: Catalog9-x64 01 C:\WINDOWS\system32\zdengine64.dll [346005 2016-04-10] (zdengine) Winsock: Catalog9-x64 02 C:\WINDOWS\system32\zdengine64.dll [346005 2016-04-10] (zdengine) Winsock: Catalog9-x64 03 C:\WINDOWS\system32\zdengine64.dll [346005 2016-04-10] (zdengine) Winsock: Catalog9-x64 04 C:\WINDOWS\system32\zdengine64.dll [346005 2016-04-10] (zdengine) Winsock: Catalog9-x64 17 C:\WINDOWS\system32\zdengine64.dll [346005 2016-04-10] (zdengine) HKU\S-1-5-21-219877153-197691950-3609309316-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1fX7EbMokABF_0bw2ndCvJKYQao0JejHg-_jUL3pb2MIc-PXrjLCvdIpkY_KyK6I1l1swOCS6xkEWrWB-EYLvMhOIvsF2V8aylCPEr64Yf-lQemxzx0LptoX-k4lx3Ahm_XG5L31J3eTiXHF45pICNLKCkx&q={searchTerms} HKU\S-1-5-21-219877153-197691950-3609309316-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1fX7EbMokABF_0bw2ndCvJKYQao0JejHg-_jUL3pb2MIc-PXrjLCvdIpkY_KyK6I1l1swOCS6xkEWrWB-EYLvMhOIvsF2V8aylCPEr64Yf-lQemxzx0LptoX-k4lx3Ahm_XG5L31J3eTiXHF45pICNLKCkx&q={searchTerms} HKU\S-1-5-21-219877153-197691950-3609309316-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1fX7EbMokABF_0bw2ndCvJKYQao0JejHg-_jUL3pb2MIc-PXrjLCvdIpkY_KyK6I1l1swOCS6xkEWrWB-EYLvMhOIvsF2V8aylCPEr64Yf-lQemxzx0LptoX-k4lx3Ahm_XG5L31J3eTiXHF45pICNLKCkx&q={searchTerms} SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1fX7EbMokABF_0bw2ndCvJKYQao0JejHg-_jUL3pb2MIc-PXrjLCvdIpkY_KyK6I1l1swOCS6xkEWrWB-EYLvMhOIvsF2V8aylCPEr64Yf-lQemxzx0LptoX-k4lx3Ahm_XG5L31J3eTiXHF45pICNLKCkx&q={searchTerms} SearchScopes: HKU\S-1-5-21-219877153-197691950-3609309316-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1fX7EbMokABF_0bw2ndCvJKYQao0JejHg-_jUL3pb2MIc-PXrjLCvdIpkY_KyK6I1l1swOCS6xkEWrWB-EYLvMhOIvsF2V8aylCPEr64Yf-lQemxzx0LptoX-k4lx3Ahm_XG5L31J3eTiXHF45pICNLKCkx&q={searchTerms} SearchScopes: HKU\S-1-5-21-219877153-197691950-3609309316-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1fX7EbMokABF_0bw2ndCvJKYQao0JejHg-_jUL3pb2MIc-PXrjLCvdIpkY_KyK6I1l1swOCS6xkEWrWB-EYLvMhOIvsF2V8aylCPEr64Yf-lQemxzx0LptoX-k4lx3Ahm_XG5L31J3eTiXHF45pICNLKCkx&q={searchTerms} BHO-x32: Oasis Space 1.0.0.7 -> {567dbf58-4713-45f4-a623-e7b41f898209} -> C:\Program Files (x86)\Oasis Space\OasisSpacebho.dll [2016-04-07] (Oasis Space) BHO-x32: Checked List 1.0.0.7 -> {7ff0f7e7-8b1e-4e90-8bd5-f60cfdd71ecc} -> C:\Program Files (x86)\Checked List\CheckedListbho.dll [2016-04-07] (Checked List) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Parental Controls.lnk [2014-06-30] ShortcutTarget: McAfee Parental Controls.lnk -> C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe (McAfee, Inc.) FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File] FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll [No File] FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found S2 AppVerifier; C:\ProgramData\Appverifier\AppVerifierService.exe [39424 2016-04-04] (AppVerifierService) [File not signed] R2 Bejfhojia; C:\Users\Caroline\AppData\Roaming\Reofh\Reofh.exe [174456 2016-04-10] () R2 brsrv; C:\Users\Caroline\AppData\Local\brsrv\brsrv.exe [104448 2016-03-06] () [File not signed] S2 BugreportW; C:\Program Files (x86)\SpeedSearchesbnd\Bugreportauclt.exe [1627600 2016-04-09] () R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3253520 2016-04-03] (Client Connect LTD) S3 mfeicfcoreocp; C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe [2782392 2013-12-31] (McAfee, Inc.) R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-04-10] (DotC United Inc) R2 nowuedctep; C:\Users\Caroline\AppData\Local\Statlux.exe [28160 2016-04-14] () [File not signed] R2 rihelecezbt; C:\Program Files (x86)\DDB727A0-1460291042-11E2-824E-30F9EDC4D4EB\knsdBDF.tmp [250368 2016-04-11] () [File not signed] R2 rijufoze; C:\Program Files (x86)\DDB727A0-1460291042-11E2-824E-30F9EDC4D4EB\hnsoF2DC.tmp [138240 2016-04-10] () [File not signed] R2 rocufyky; C:\Program Files (x86)\DDB727A0-1460291042-11E2-824E-30F9EDC4D4EB\jnsuDC06.tmp [389632 2016-04-10] () [File not signed] R2 Ronzap; C:\ProgramData\\Ronzap\\Ronzap.exe [1200128 2016-04-14] () [File not signed] S2 rsYVIpYm; C:\ProgramData\IseTPBjVl\rsYVIpYm.exe [3001832 2016-04-10] (Time Lapse Solutions) R2 SMUpd; C:\Program Files\Common Files\Soobzo\GDUpdate\smu.exe [2454016 2016-04-06] (Search Module Ltd.) [File not signed] S2 Update Checked List; C:\Program Files (x86)\Checked List\updateCheckedList.exe [654536 2016-04-14] () S2 Util Checked List; C:\Program Files (x86)\Checked List\bin\utilCheckedList.exe [654536 2016-04-14] () S2 Util Oasis Space; C:\Program Files (x86)\Oasis Space\bin\utilOasisSpace.exe [648392 2016-04-14] () S2 Update Oasis Space; C:\Program Files (x86)\Oasis Space\updateOasisSpace.exe [648392 2016-04-14] () R2 zigipyro; C:\Users\Caroline\AppData\Local\DDB727A0-1460669759-11E2-824E-30F9EDC4D4EB\qnst630F.tmp [158720 2015-12-26] () [File not signed] S2 Iapisni; "C:\Users\Caroline\AppData\Roaming\LumdEpuyatv\Thupietr.exe" -cms [X] S2 zdengine; C:\Program Files (x86)\QuickSearch\zdengine.exe [X] R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34720 2016-04-10] () S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.) R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-04-10] (DotC United Inc) R2 zdwfp; C:\WINDOWS\system32\Drivers\zdwfp64.sys [46352 2016-03-04] (zdengine) R1 {8fd16984-f872-41a4-8820-246c3230d450}Gw64; C:\Windows\System32\drivers\{8fd16984-f872-41a4-8820-246c3230d450}Gw64.sys [48744 2016-04-14] (StdLib) R1 {dfdc7730-be9e-4dcb-ac28-14383da4b8a3}Gw64; C:\Windows\System32\drivers\{dfdc7730-be9e-4dcb-ac28-14383da4b8a3}Gw64.sys [48744 2016-04-14] (StdLib) R1 {f2dc76ff-8604-4585-8824-8df11d37bd06}Gw64; C:\Windows\System32\drivers\{f2dc76ff-8604-4585-8824-8df11d37bd06}Gw64.sys [48744 2016-04-10] (StdLib) R1 {fc3cdbfe-8a8e-406c-954a-8cb7370cfc8e}Gw64; C:\Windows\System32\drivers\{fc3cdbfe-8a8e-406c-954a-8cb7370cfc8e}Gw64.sys [48744 2016-04-10] (StdLib) 2016-04-14 21:46 - 2016-04-14 21:47 - 00000000 ____D C:\Program Files (x86)\SearchProtect 2016-04-14 21:46 - 2016-04-14 21:46 - 00000000 ____D C:\Users\Caroline\AppData\Local\SearchProtect 2016-04-14 21:35 - 2016-04-14 21:36 - 00000000 ____D C:\Users\Caroline\AppData\Local\DDB727A0-1460669759-11E2-824E-30F9EDC4D4EB 2016-04-14 21:08 - 2016-04-14 21:08 - 00041472 _____ C:\Users\Caroline\AppData\Local\Statlux.dat 2016-04-14 21:08 - 2016-04-14 21:08 - 00028160 _____ C:\Users\Caroline\AppData\Local\Statlux.exe 2016-04-14 21:08 - 2016-04-14 21:08 - 00002397 _____ C:\WINDOWS\SysWOW64\findit.xml 2016-04-14 21:08 - 2016-04-14 21:08 - 00000187 _____ C:\Users\Caroline\AppData\Local\Statlux.exe.config 2016-04-14 21:08 - 2016-04-14 21:08 - 00000000 ____D C:\ProgramData\Ronzaps 2016-04-14 21:07 - 2016-04-14 21:46 - 00000000 ____D C:\ProgramData\Ronzap 2016-04-14 21:07 - 2016-04-14 21:07 - 06494208 _____ C:\Users\Caroline\AppData\Roaming\agent.dat 2016-04-14 21:07 - 2016-04-14 21:07 - 01626777 _____ C:\Users\Caroline\AppData\Roaming\Consoft.tst 2016-04-14 21:07 - 2016-04-14 21:07 - 00189558 _____ () C:\Users\Caroline\AppData\Roaming\Lamex.bin 2016-04-14 21:07 - 2016-04-14 21:07 - 00126464 _____ C:\Users\Caroline\AppData\Roaming\noah.dat 2016-04-14 21:07 - 2016-04-14 21:07 - 00126464 _____ C:\Users\Caroline\AppData\Roaming\lobby.dat 2016-04-14 21:07 - 2016-04-14 21:07 - 00072717 _____ C:\Users\Caroline\AppData\Roaming\Bamity.tst 2016-04-14 21:07 - 2016-04-14 21:07 - 00065568 _____ C:\Users\Caroline\AppData\Roaming\Config.xml 2016-04-14 21:07 - 2016-04-14 21:07 - 00054272 _____ C:\Users\Caroline\AppData\Roaming\ApplicationHosting.dat 2016-04-14 21:07 - 2016-04-14 21:07 - 00018432 _____ C:\Users\Caroline\AppData\Roaming\Main.dat 2016-04-14 21:07 - 2016-04-14 21:05 - 01200128 _____ C:\Users\Caroline\AppData\Roaming\Consoft.exe 2016-04-14 21:07 - 2016-04-14 21:05 - 01200128 _____ C:\Users\Caroline\AppData\Roaming\Bamity.exe 2016-04-14 21:06 - 2016-04-14 21:06 - 00848437 _____ C:\Users\Caroline\AppData\Roaming\Daltzap.bin 2016-04-14 21:05 - 2016-04-14 21:06 - 00016992 _____ C:\Users\Caroline\AppData\Roaming\InstallationConfiguration.xml 2016-04-14 21:05 - 2016-04-14 21:05 - 00258813 _____ C:\Users\Caroline\AppData\Roaming\inst.lat 2016-04-14 21:05 - 2016-04-14 21:05 - 00127488 _____ C:\Users\Caroline\AppData\Roaming\Installer.dat 2016-04-14 21:05 - 2016-04-14 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC 2016-04-14 21:07 - 2016-04-14 21:07 - 00005568 _____ C:\Users\Caroline\AppData\Roaming\md.xml 2016-04-14 20:59 - 2016-04-14 20:59 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speed browser.lnk 2016-04-14 20:59 - 2016-04-14 20:59 - 00002201 _____ C:\Users\Public\Desktop\speed browser.lnk 2016-04-14 20:59 - 2016-04-14 20:59 - 00000000 ____D C:\Users\Caroline\AppData\Local\speed browser 2016-04-14 20:59 - 2016-04-14 20:59 - 00000000 ____D C:\Program Files (x86)\speed browser 2016-04-14 20:54 - 2016-04-14 21:08 - 00003166 _____ C:\WINDOWS\System32\Tasks\Advanced PC-Care_Logon 2016-04-14 20:53 - 2016-04-14 20:53 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Advancedpccare.net 2016-04-14 20:52 - 2016-04-14 20:53 - 00000000 ____D C:\ProgramData\Appverifier 2016-04-14 20:52 - 2016-04-14 20:52 - 00000878 _____ C:\Users\Public\Desktop\Advanced PC-Care.lnk 2016-04-14 20:52 - 2016-04-14 20:52 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\efo 2016-04-14 20:52 - 2016-04-14 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC-Care 2016-04-14 20:52 - 2016-04-14 20:52 - 00000000 ____D C:\ProgramData\advancedpccare.net 2016-04-14 20:52 - 2016-04-14 20:52 - 00000000 ____D C:\Program Files\Advanced PC-Care 2016-04-14 20:51 - 2016-04-14 11:24 - 00048744 _____ (StdLib) C:\WINDOWS\system32\Drivers\{dfdc7730-be9e-4dcb-ac28-14383da4b8a3}Gw64.sys 2016-04-14 20:51 - 2016-04-14 10:30 - 00048744 _____ (StdLib) C:\WINDOWS\system32\Drivers\{8fd16984-f872-41a4-8820-246c3230d450}Gw64.sys 2016-04-11 19:06 - 2016-04-11 19:06 - 00130144 _____ C:\Users\Caroline\Downloads\adobe_flash_setup-15806568.exe 2016-04-11 10:19 - 2016-04-11 10:19 - 00003268 _____ C:\WINDOWS\System32\Tasks\{95530276-13B0-4CDE-852F-1EADDC5B099F} 2016-04-11 10:18 - 2016-04-11 10:18 - 00003584 _____ C:\WINDOWS\System32\Tasks\IBUpd 2016-04-11 10:18 - 2016-04-11 10:18 - 00003330 _____ C:\WINDOWS\System32\Tasks\IBUpd2 2016-04-11 10:18 - 2016-04-11 10:18 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir 2016-04-11 10:17 - 2016-04-11 10:17 - 00000000 ____D C:\Users\Caroline\AppData\Local\brsrv 2016-04-11 10:14 - 2016-04-11 10:14 - 00000000 ____D C:\ProgramData\Browser 2016-04-10 17:21 - 2016-04-14 20:55 - 00003522 _____ C:\WINDOWS\System32\Tasks\Uurxreumruw 2016-04-10 17:21 - 2016-04-10 17:21 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\MCorp 2016-04-10 17:21 - 2016-04-10 17:21 - 00000000 ____D C:\ProgramData\Uurxreumruw 2016-04-10 17:19 - 2016-04-10 17:19 - 00000000 ____D C:\Users\Caroline\AppData\Local\ZombieNews 2016-04-10 17:16 - 2016-04-10 17:18 - 00000000 ____D C:\ProgramData\IseTPBjVl 2016-04-10 17:16 - 2016-04-10 17:17 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\gplyra 2016-04-10 17:15 - 2016-04-10 17:17 - 00000000 ____D C:\ProgramData\ZombieNews 2016-04-10 14:48 - 2016-04-14 21:05 - 00001798 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk 2016-04-10 13:59 - 2016-04-10 17:26 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2016-04-10 13:57 - 2016-04-10 13:57 - 00000000 ____D C:\WINDOWS\system32\lat 2016-04-10 13:42 - 2016-04-14 21:08 - 00000000 ____D C:\Users\Caroline\AppData\Local\app 2016-04-10 13:40 - 2016-04-11 19:04 - 00000000 ____D C:\Users\Caroline\AppData\Local\bvyvave 2016-04-10 13:40 - 2016-04-10 17:26 - 00012696 _____ C:\WINDOWS\SysWOW64\zdengineOff.ini 2016-04-10 13:40 - 2016-04-10 17:26 - 00012696 _____ C:\WINDOWS\system32\zdengineOff.ini 2016-04-10 13:40 - 2016-04-10 13:41 - 00003518 _____ C:\WINDOWS\System32\Tasks\bvyvave 2016-04-10 13:40 - 2016-04-10 13:40 - 00003316 _____ C:\WINDOWS\System32\Tasks\runTask 2016-04-10 13:40 - 2016-04-10 13:40 - 00003226 _____ C:\WINDOWS\System32\Tasks\updateTask 2016-04-10 13:40 - 2016-04-10 13:40 - 00002044 _____ C:\WINDOWS\System32\Tasks\kze3024 2016-04-10 13:40 - 2016-04-10 13:40 - 00000296 _____ C:\task.vbs 2016-04-10 13:40 - 2016-03-04 15:13 - 00046352 _____ (zdengine) C:\WINDOWS\system32\Drivers\zdwfp64.sys 2016-04-10 13:39 - 2016-04-14 21:09 - 00000364 ____H C:\WINDOWS\Tasks\PCBRFPTQWUBWXJMS.job 2016-04-10 13:39 - 2016-04-14 21:05 - 00000364 ____H C:\WINDOWS\Tasks\YPBXJRASSJNPNGFR.job 2016-04-10 13:39 - 2016-04-14 21:05 - 00000352 _____ C:\WINDOWS\Tasks\KLPAT1.job 2016-04-10 13:39 - 2016-04-14 21:04 - 00000376 _____ C:\WINDOWS\Tasks\FYJHMJXE1.job 2016-04-10 13:39 - 2016-04-10 17:29 - 00000000 ____D C:\Users\Caroline\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 2016-04-10 13:39 - 2016-04-10 14:48 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner 2016-04-10 13:39 - 2016-04-10 13:39 - 00346005 _____ (zdengine) C:\WINDOWS\system32\zdengine64.dll 2016-04-10 13:39 - 2016-04-10 13:39 - 00297109 _____ (zdengine) C:\WINDOWS\SysWOW64\zdengine.dll 2016-04-10 13:39 - 2016-04-10 13:39 - 00060136 _____ (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys 2016-04-10 13:39 - 2016-04-10 13:39 - 00015116 _____ C:\WINDOWS\System32\Tasks\WinTsks 2016-04-10 13:39 - 2016-04-10 13:39 - 00003446 _____ C:\WINDOWS\System32\Tasks\YPBXJRASSJNPNGFR 2016-04-10 13:39 - 2016-04-10 13:39 - 00003446 _____ C:\WINDOWS\System32\Tasks\PCBRFPTQWUBWXJMS 2016-04-10 13:39 - 2016-04-10 13:39 - 00003402 _____ C:\WINDOWS\System32\Tasks\Ootocm 2016-04-10 13:39 - 2016-04-10 13:39 - 00002944 _____ C:\WINDOWS\System32\Tasks\FYJHMJXE1 2016-04-10 13:39 - 2016-04-10 13:39 - 00002914 _____ C:\WINDOWS\System32\Tasks\KLPAT1 2016-04-10 13:39 - 2016-04-10 13:39 - 00001922 _____ C:\Users\Public\Desktop\Play Games.lnk 2016-04-10 13:39 - 2016-04-10 13:39 - 00000000 ____D C:\Program Files (x86)\WinTsks 2016-04-10 13:39 - 2016-04-10 13:39 - 00000000 ____D C:\Program Files (x86)\WinSvces 2016-04-10 13:39 - 2016-04-10 13:39 - 00000000 ____D C:\extensions 2016-04-10 13:38 - 2016-04-11 10:26 - 00000000 ____D C:\Program Files\Mespem 2016-04-10 13:38 - 2016-04-10 13:39 - 00000000 ____D C:\ProgramData\TomorrowGames 2016-04-10 13:38 - 2016-04-10 13:39 - 00000000 ____D C:\ProgramData\FlashBeat 2016-04-10 13:38 - 2016-04-10 13:39 - 00000000 ____D C:\Program Files (x86)\SpeedSearchesbnd 2016-04-10 13:38 - 2016-04-10 13:38 - 00034720 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys 2016-04-10 13:38 - 2016-04-10 13:38 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Reofh 2016-04-10 13:38 - 2016-04-10 13:38 - 00000000 ____D C:\Users\Caroline\AppData\LocalLow\Company 2016-04-10 13:38 - 2016-04-10 13:38 - 00000000 ____D C:\Users\Caroline\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} 2016-04-10 13:38 - 2016-04-10 13:42 - 00000000 ____D C:\Program Files (x86)\CleanBrowser 2016-04-10 13:38 - 2016-04-10 13:38 - 00000000 ____D C:\ProgramData\Service1291 2016-04-10 13:38 - 2016-04-10 13:38 - 00000000 ____D C:\ProgramData\Service1104 2016-04-10 13:38 - 2016-04-10 13:38 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e 2016-04-10 13:38 - 2016-04-10 13:38 - 00000000 ____D C:\ProgramData\19a87fa1ec024bbcbb41931263354405 2016-04-10 13:28 - 2016-04-10 13:28 - 00000000 ____D C:\Users\Caroline\AppData\Local\DDB727A0-1460294904-11E2-824E-30F9EDC4D4EB 2016-04-10 13:24 - 2016-04-14 20:47 - 00000000 ____D C:\Program Files (x86)\DDB727A0-1460291042-11E2-824E-30F9EDC4D4EB 2016-04-10 13:24 - 2016-04-10 13:24 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage 2016-04-10 13:24 - 2016-04-10 13:24 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\ASPackage 2016-04-10 13:24 - 2016-04-10 13:24 - 00000000 ____D C:\Users\Caroline\AppData\Local\rec_gb_247 2016-04-10 13:24 - 2016-04-10 13:24 - 00000000 ____D C:\Program Files (x86)\rec_gb_247 2016-04-10 13:24 - 2016-04-10 13:24 - 00000000 ____D C:\Program Files (x86)\DesktopPlay 2016-04-10 13:24 - 2016-04-10 04:57 - 00048744 _____ (StdLib) C:\WINDOWS\system32\Drivers\{f2dc76ff-8604-4585-8824-8df11d37bd06}Gw64.sys 2016-04-10 13:23 - 2016-04-10 04:04 - 00048744 _____ (StdLib) C:\WINDOWS\system32\Drivers\{fc3cdbfe-8a8e-406c-954a-8cb7370cfc8e}Gw64.sys 2016-04-10 13:22 - 2016-04-14 20:51 - 00000000 ____D C:\Program Files (x86)\Oasis Space 2016-04-10 13:21 - 2016-04-14 21:08 - 00000000 ____D C:\Users\Caroline\AppData\Local\dply_en_015020294 2016-04-10 13:21 - 2016-04-14 20:54 - 00000000 ____D C:\Program Files (x86)\Checked List 2016-04-10 13:21 - 2016-04-11 10:17 - 00004402 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_3431393738342d344a414155342a2a236c6c5a 2016-04-10 13:21 - 2016-04-10 13:21 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\SpringFiles 2016-04-10 13:21 - 2016-04-10 13:21 - 00000000 ____D C:\Users\Caroline\AppData\Local\csdi_monetize_120160408 2016-04-10 13:21 - 2016-04-10 13:21 - 00000000 ____D C:\ProgramData\SearchModule 2016-04-10 13:21 - 2016-04-10 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SrpnFiles 2016-04-10 13:21 - 2016-04-10 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DESKTOPPLAY 2016-04-10 13:21 - 2016-04-10 13:21 - 00000000 ____D C:\ProgramData\b9bc5e5f-3757-0 2016-04-10 13:21 - 2016-04-10 13:21 - 00000000 ____D C:\ProgramData\b9bc5e5f-36f3-1 2016-04-10 13:21 - 2016-04-10 13:21 - 00000000 ____D C:\Program Files\Common Files\Soobzo 2016-04-10 13:21 - 2016-04-10 13:21 - 00000000 ____D C:\Program Files (x86)\dply_en_015020294 2016-04-10 13:20 - 2016-04-11 10:17 - 00271872 _____ C:\ProgramData\smp2.exe 2016-04-10 13:20 - 2016-04-11 10:17 - 00004242 _____ C:\WINDOWS\System32\Tasks\SMW_P 2016-04-10 13:20 - 2016-04-10 13:20 - 00026420 _____ C:\WINDOWS\System32\Tasks\DNSWILLISTON 2016-04-10 13:20 - 2016-04-10 13:20 - 00003840 _____ C:\WINDOWS\System32\Tasks\DNS Monitoring 2016-04-10 13:20 - 2016-04-10 13:20 - 00000000 ____D C:\ProgramData\131dbb3d-1777-0 2016-04-10 13:20 - 2016-04-10 13:20 - 00000000 ____D C:\ProgramData\131dbb3d-07e7-1 2016-04-10 13:20 - 2016-04-10 13:20 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker 2016-04-10 01:40 - 2016-04-10 13:38 - 00065856 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys 2016-04-06 14:09 - 2016-04-06 14:09 - 00694272 _____ C:\WINDOWS\system32\bi.exe 2015-11-11 16:35 - 2015-11-11 16:35 - 0371704 _____ () C:\Program Files\setup.exe 2016-04-14 21:07 - 2016-04-14 21:07 - 6494208 _____ () C:\Users\Caroline\AppData\Roaming\agent.dat 2016-04-14 21:07 - 2016-04-14 21:07 - 0054272 _____ () C:\Users\Caroline\AppData\Roaming\ApplicationHosting.dat 2016-04-14 21:07 - 2016-04-14 21:05 - 1200128 _____ () C:\Users\Caroline\AppData\Roaming\Bamity.exe 2016-04-14 21:07 - 2016-04-14 21:07 - 0072717 _____ () C:\Users\Caroline\AppData\Roaming\Bamity.tst 2016-04-14 21:07 - 2016-04-14 21:07 - 0065568 _____ () C:\Users\Caroline\AppData\Roaming\Config.xml 2016-04-14 21:07 - 2016-04-14 21:05 - 1200128 _____ () C:\Users\Caroline\AppData\Roaming\Consoft.exe 2016-04-14 21:07 - 2016-04-14 21:07 - 1626777 _____ () C:\Users\Caroline\AppData\Roaming\Consoft.tst 2016-04-14 21:06 - 2016-04-14 21:06 - 0848437 _____ () C:\Users\Caroline\AppData\Roaming\Daltzap.bin 2016-04-14 21:05 - 2016-04-14 21:05 - 0258813 _____ () C:\Users\Caroline\AppData\Roaming\inst.lat 2016-04-14 21:05 - 2016-04-14 21:06 - 0016992 _____ () C:\Users\Caroline\AppData\Roaming\InstallationConfiguration.xml 2016-04-14 21:05 - 2016-04-14 21:05 - 0127488 _____ () C:\Users\Caroline\AppData\Roaming\Installer.dat 2016-04-14 21:07 - 2016-04-14 21:07 - 0189558 _____ () C:\Users\Caroline\AppData\Roaming\Lamex.bin 2016-04-14 21:07 - 2016-04-14 21:07 - 0126464 _____ () C:\Users\Caroline\AppData\Roaming\lobby.dat 2016-04-14 21:07 - 2016-04-14 21:07 - 0018432 _____ () C:\Users\Caroline\AppData\Roaming\Main.dat 2016-04-14 21:07 - 2016-04-14 21:07 - 0005568 _____ () C:\Users\Caroline\AppData\Roaming\md.xml 2016-04-14 21:07 - 2016-04-14 21:07 - 0126464 _____ () C:\Users\Caroline\AppData\Roaming\noah.dat 2016-04-14 21:08 - 2016-04-14 21:08 - 0001150 _____ () C:\Users\Caroline\AppData\Roaming\uninstall_temp.ico 2016-04-14 21:08 - 2016-04-14 21:08 - 0041472 _____ () C:\Users\Caroline\AppData\Local\Statlux.dat 2016-04-14 21:08 - 2016-04-14 21:08 - 0028160 _____ () C:\Users\Caroline\AppData\Local\Statlux.exe 2016-04-14 21:08 - 2016-04-14 21:08 - 0000187 _____ () C:\Users\Caroline\AppData\Local\Statlux.exe.config 2014-11-19 16:39 - 2014-11-19 16:39 - 0000000 _____ () C:\Users\Caroline\AppData\Local\Temptable.xml 2016-04-10 13:20 - 2016-04-11 10:17 - 0271872 _____ () C:\ProgramData\smp2.exe C:\Program Files (x86)\MPC Cleaner C:\Users\Caroline\AppData\Local\brsrv C:\Program Files (x86)\DDB727A0-1460291042-11E2-824E-30F9EDC4D4EB C:\Users\Caroline\AppData\Roaming\Reofh C:\Program Files (x86)\CleanBrowser C:\Users\Caroline\AppData\Local\dply_en_015020294 C:\ProgramData\FlashBeat C:\Program Files (x86)\rec_gb_247 C:\ProgramData\Ronzap C:\Users\Caroline\AppData\Local\Statlux.exe C:\Program Files (x86)\DNS Unlocker C:\Program Files\Common Files\Soobzo C:\Users\Caroline\AppData\Local\DDB727A0-1460669759-11E2-824E-30F9EDC4D4EB C:\Windows\Temp\BC4D.tmp C:\ProgramData\Uurxreumruw C:\Program Files (x86)\SearchProtect C:\Program Files (x86)\Max Driver Updater C:\Users\Caroline\AppData\Roaming\cpuminer C:\WINDOWS\run.vbs C:\WINDOWS\system32\zdengine64.dll C:\WINDOWS\SysWOW64\zdengine.dll C:\Program Files (x86)\Oasis Space C:\Program Files (x86)\Checked List C:\Program Files\McAfeeEx C:\Program Files (x86)\McAfee C:\ProgramData\Appverifier C:\Program Files (x86)\SpeedSearchesbnd C:\ProgramData\IseTPBjVl C:\Program Files\Common Files\Soobzo C:\Users\Caroline\AppData\Roaming\LumdEpuyatv C:\Program Files (x86)\QuickSearch C:\WINDOWS\system32\drivers\bsdriver.sys C:\Windows\System32\drivers\{8fd16984-f872-41a4-8820-246c3230d450}Gw64.sys C:\Windows\System32\drivers\{dfdc7730-be9e-4dcb-ac28-14383da4b8a3}Gw64.sys C:\Windows\System32\drivers\{f2dc76ff-8604-4585-8824-8df11d37bd06}Gw64.sys C:\Windows\System32\drivers\{fc3cdbfe-8a8e-406c-954a-8cb7370cfc8e}Gw64.sys Task: {0040746B-E290-4C92-8CC2-B0CF9D60285A} - System32\Tasks\DNS Monitoring => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~2\DNSUNL~1\DNSMON~1.DLL" <==== ATTENTION Task: {1D4231D8-685A-47B3-BD70-BFCC59E8B582} - System32\Tasks\Ootocm => C:\PROGRA~1\Mespem\Egihb.bat Task: {20B38221-0014-4129-A168-E73866D39822} - System32\Tasks\psv_Goldentone => /c regedit.exe /s "C:\ProgramData\Ronzap\Superlab.reg" & del "C:\ProgramData\Ronzap\Superlab.reg" & SCHTASKS /Delete /TN "psv_Goldentone" /F <==== ATTENTION Task: {20BD2F60-F469-4B3A-9C92-859FD5B56811} - System32\Tasks\Uurxreumruw => C:\ProgramData\Uurxreumruw\1.0.7.1\oxeeawaa.exe [2016-04-10] () Task: {32C0D955-597C-4DD2-991E-272DCDF6D00E} - System32\Tasks\snf => C:\ProgramData\Ronzap\Ronzap.exe [2016-04-14] () <==== ATTENTION Task: {390DF9F1-BD47-4CB8-BF2E-F0105FD697F9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {3F1A5612-7BF7-494F-B106-53C0A1A7A76E} - System32\Tasks\DNSWILLISTON => C:\Program Files (x86)\DNS Unlocker\dnswilliston.exe [2016-03-01] () <==== ATTENTION Task: {4802332D-6244-4572-9A64-7ECBEF1769B8} - System32\Tasks\snp => C:\ProgramData\Ronzap\Ronzap.exe [2016-04-14] () <==== ATTENTION Task: {49DE2610-87BD-4580-95A1-251E68A1518B} - System32\Tasks\WinTsks => C:\Program Files (x86)\WinTsks\WinTsks\WinTsks.exe [2016-04-09] () <==== ATTENTION Task: {54DCDF9B-4965-43F6-B170-31978F2D7E95} - System32\Tasks\FYJHMJXE1 => C:\ProgramData\TomorrowGames\TomorrowGames.exe [2016-03-30] (TomorrowGames) <==== ATTENTION Task: {54FC6816-57C0-4164-ACC3-60E4A712B63A} - System32\Tasks\runTask => C:\Users\Caroline\AppData\Local\Temp/Updater.exe Task: {5C5AA52F-4F6F-4234-98B3-EBF639DE6A8E} - System32\Tasks\kze3024 => C:\Program Files (x86)\QuickSearch\kze3024.exe <==== ATTENTION Task: {5EA66C6A-24D8-4927-969B-4BF80FE4ABE1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {64B3F8D6-DB2B-47D8-B536-BE3A2D21222F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {682F1402-FE24-4B3A-AE20-4D2CBEF919AD} - System32\Tasks\YPBXJRASSJNPNGFR => C:\ProgramData\Service1291\Service1291.exe [2016-04-10] () <==== ATTENTION Task: {7E403F81-11E4-48DE-9845-C7FEFEBB964D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {829A0D03-45BF-4F35-BF30-9D7304CDD169} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {88EC4727-D281-4593-9920-FE018CDDFE69} - System32\Tasks\{95530276-13B0-4CDE-852F-1EADDC5B099F} => pcalua.exe -a "C:\Program Files (x86)\Max Driver Updater\uninstaller.exe" Task: {8F385A2B-FBA6-4147-88D9-66E33492E8B9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {937FBE2B-6A94-47AE-9A36-C46D780FDCF8} - System32\Tasks\PCBRFPTQWUBWXJMS => C:\ProgramData\Service1104\Service1104.exe [2016-04-10] () <==== ATTENTION Task: {96E3650D-E9DA-4A7F-8D40-C1E76FE55AF9} - System32\Tasks\updateTask => c:\task.vbs [2016-04-10] () Task: {9969C594-6DC4-40C4-8448-B3540A6F709E} - System32\Tasks\psv_Fixqvolight => /c regedit.exe /s "C:\ProgramData\Ronzap\DuoOvefax.reg" & del "C:\ProgramData\Ronzap\DuoOvefax.reg" & SCHTASKS /Delete /TN "psv_Fixqvolight" /F <==== ATTENTION Task: {A347C45E-BE26-4431-A904-9548E07BDA6B} - System32\Tasks\SMW_UpdateTask_Time_3431393738342d344a414155342a2a236c6c5a => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION Task: {B5413CCF-3595-4B89-8D83-C8A0EA58DDC9} - System32\Tasks\bvyvave => C:\Users\Caroline\AppData\Local\bvyvave\bvyvave.exe [2016-04-03] () <==== ATTENTION Task: {B93DCC03-2707-48AE-97EB-8802A6FE1BB4} - System32\Tasks\IBUpd => C:\Users\Caroline\AppData\Local\BrowserAir\47.0.0.5\updater.exe <==== ATTENTION Task: {C1CE3D83-12B3-4648-B5FE-341A7EB0D446} - System32\Tasks\KLPAT1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2016-03-29] (FlashBeat) <==== ATTENTION Task: {C9B5782B-5091-4545-8CF9-F23D3007A6DD} - System32\Tasks\psv_HotTough => /c regedit.exe /s "C:\ProgramData\Ronzap\Volsailing.reg" & del "C:\ProgramData\Ronzap\Volsailing.reg" & SCHTASKS /Delete /TN "psv_HotTough" /F <==== ATTENTION Task: {CD5DB6BC-869E-420E-8457-480D257F4877} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2016-04-11] () <==== ATTENTION Task: {CF684CBF-DED1-4A64-805B-1BB0DF297282} - System32\Tasks\IBUpd2 => C:\Users\Caroline\AppData\Local\BrowserAir\47.0.0.5\updater.exe <==== ATTENTION Task: {D05BA2A6-FACF-491B-9F75-17DBF7923B4B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {DD4A92B8-EAAA-4F71-A72A-C72CF2051762} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {E8B8B4C5-A286-4A9F-A414-9CE50335A343} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {EA2D070E-C88E-4B4E-B056-D9A1641DA7AD} - System32\Tasks\Advanced PC-Care_Logon => C:\Program Files\Advanced PC-Care\apc.exe [2016-04-04] (Advancedpccare.net) Task: {F27EB141-0CBF-4BEB-BAAD-2C333E546671} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {FD254CBD-0B7F-4EEE-9D75-4CEFAD2C967C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\FYJHMJXE1.job => C:\ProgramData\TomorrowGames\TomorrowGames.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\KLPAT1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\PCBRFPTQWUBWXJMS.job => C:\ProgramData\Service1104\Service1104.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\YPBXJRASSJNPNGFR.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION ShortcutWithArgument: C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1460290689&a=1003081&src=sh&uuid=e19ba70c-2273-405a-88a0-2cfda6261bec" ShortcutWithArgument: C:\Users\Caroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\SpeedSearchesbnd\ShortCccBoost.exe () -> %SNP% ShortcutWithArgument: C:\Users\Caroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\Users\Caroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\SpeedSearchesbnd\ShortCccBoost.exe () -> %SNP% ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% ShortcutWithArgument: C:\Users\Public\Desktop\Play Games.lnk -> C:\Windows\System32\LaunchWinApp.exe (Microsoft Corporation) -> hxxp://www.gumigun.com/ HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdengine => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver" Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll EmptyTemp: CMD: bitsadmin /reset /allusers