Fix result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by Brad (2016-06-24 07:51:19) Run:1
Running from C:\Users\Brad\Desktop
Loaded Profiles: Brad (Available Profiles: Brad & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Unlock: HKLM\SYSTEM\CurrentControlSet\services\MPCKpt
unlock: C:\Program Files\MPC Cleaner
Unlock: HKLM\SYSTEM\CurrentControlSet\services\MPCBase
Unlock: HKLM\SYSTEM\CurrentControlSet\services\MPCProtectService
CMD: SC stop MPCBase
CMD: SC config MPCBase start= disabled
CMD: SC stop MPCKpt
CMD: SC config MPCKpt start= disabled
CMD: SC stop MPCProtectService
CMD: SC MPCProtectService start= disabled
R0 MPCBase; C:\WINDOWS\System32\drivers\MPCBase.sys [29032 2016-06-14] (DotC United Inc)
R1 MPCKpt; C:\WINDOWS\System32\DRIVERS\MPCKpt.sys [53992 2016-06-14] (DotC United Inc)
R2 MPCProtectService; C:\Program Files\MPC Cleaner\MPCProtectService.exe [350688 2016-06-14] (DotC United Inc)
Unlock: C:\WINDOWS\System32\drivers\MPCBase.sys
Unlock: C:\WINDOWS\system32\Drivers\MPCKpt.sys
Unlock: C:\WINDOWS\system32\Drivers\MPCBase.sys
C:\WINDOWS\System32\drivers\MPCBase.sys
C:\WINDOWS\system32\Drivers\MPCKpt.sys
C:\WINDOWS\system32\Drivers\MPCBase.sys
C:\Program Files\MPC Cleaner
REG: reg delete HKLM\SYSTEM\CurrentControlSet\services\MPCKpt
REG: reg delete HKLM\SYSTEM\CurrentControlSet\services\MPCBase
REG: reg delete HKLM\SYSTEM\CurrentControlSet\services\MPCProtectService
() C:\ProgramData\Lamzap\Lamzap.exe
() C:\Windows\SysWOW64\CpuHeatMapping\16641\CpuHeatMapping.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
() C:\Program Files\Udutdy\Bedopudm.exe
() C:\Users\Brad\AppData\Local\4C4C4544-1466713002-5410-8046-B8C04F535131\qnssFDCC.tmp
() C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131\jnsaA40C.tmp
() C:\Program Files\Udutdy\Nidkaf.exe
() C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131\knsq8DBE.tmpfs
() C:\Windows\CpuEssentials\165271\CpuEssentials.exe
() C:\Program Files\Udutdy\MiepDemf.exe
() C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131\hnsiB9B8.tmp
(Search Module Ltd.) C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
() C:\Program Files\Udutdy\Mifehafn64.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
() C:\Users\Brad\AppData\Roaming\cpuminer\cpm.exe
() C:\Program Files (x86)\EasyHotspot\idsccom_W1Q.exe
() C:\Program Files (x86)\mpck\wincom_DO7.exe
() C:\Program Files (x86)\sunnyday\wincom_Q57.exe
() C:\Program Files (x86)\FastWeb\fastweb.exe
(Microsoft Corporation) C:\Windows\SysWOW64\timeout.exe
HKLM\...\Run: [cpuminer] => C:\Users\Brad\AppData\Roaming\cpuminer\cpm.exe [1399808 2016-03-31] ()
HKLM-x32\...\RunOnce: [AdBlock2] => [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Brad\AppData\Roaming\Microsoft\Protect\65555_65555_6200_0_acaaf.rs"
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Brad\AppData\Roaming\Microsoft\Protect\65555_65555_6200_0_acaaf.rs"
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\...\Run: [fastweb] => C:\Program Files (x86)\FastWeb\fastweb.exe [224768 2016-06-23] ()
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Brad\AppData\Roaming\Microsoft\Protect\fdd333eecbb2e25acfff.rs"
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Brad\AppData\Roaming\Microsoft\Protect\fdd333eecbb2e25acfff.rs"
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [fastweb] => C:\Program Files (x86)\FastWeb\fastweb.exe [224768 2016-06-23] ()
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Brad\AppData\Roaming\Microsoft\Protect\fdd333eecbb2e25acfff.rs"
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Brad\AppData\Roaming\Microsoft\Protect\fdd333eecbb2e25acfff.rs"
HKU\S-1-5-18\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Brad\AppData\Roaming\Microsoft\Protect\65555_65555_6200_0_acaaf.rs"
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Brad\AppData\Roaming\Microsoft\Protect\65555_65555_6200_0_acaaf.rs"
Startup: C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mysystem.lnk [2016-06-23]
ShortcutTarget: mysystem.lnk -> C:\Program Files (x86)\Microsoft Corporation\SystemAlert.exe (Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MBF3D7F47-8F9F-4BD5-9FEA-941C0A6BA938&SearchSource=55&CUI=&UM=8&UP=SPEBCC1321-4879-4F45-986E-FA9112E5F874&D=062316&SSPV=
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MBF3D7F47-8F9F-4BD5-9FEA-941C0A6BA938&SearchSource=55&CUI=&UM=8&UP=SPEBCC1321-4879-4F45-986E-FA9112E5F874&D=062316&SSPV=
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1061724313-1516444972-2292327885-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1061724313-1516444972-2292327885-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MBF3D7F47-8F9F-4BD5-9FEA-941C0A6BA938&SearchSource=58&CUI=&UM=8&UP=SPEBCC1321-4879-4F45-986E-FA9112E5F874&D=062316&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1061724313-1516444972-2292327885-1000 -> {7E89B134-75F9-48C2-A72F-68444C885701} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G6Ozftpbl0cshmoAQ,429d1783-9bd1-470f-990d-cc4a7ecc6c20,
SearchScopes: HKU\S-1-5-21-1061724313-1516444972-2292327885-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MBF3D7F47-8F9F-4BD5-9FEA-941C0A6BA938&SearchSource=58&CUI=&UM=8&UP=SPEBCC1321-4879-4F45-986E-FA9112E5F874&D=062316&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {7E89B134-75F9-48C2-A72F-68444C885701} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G6Ozftpbl0cshmoAQ,429d1783-9bd1-470f-990d-cc4a7ecc6c20,
SearchScopes: HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
BHO: MFLHelper Class -> {B0932222-51E2-47D1-A4EF-CB10AE7DF086} -> C:\Program Files (x86)\Get-a-Clip\Plugins\IEx64\MFLPluginIE.dll => No File
BHO-x32: MFLHelper Class -> {B0932222-51E2-47D1-A4EF-CB10AE7DF086} -> C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll => No File
FF HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12297.xpi
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12297.xpi [2016-04-22]
FF HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12297.xpi
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=G6Ozftpbl0cshmoAQ,429d1783-9bd1-470f-990d-cc4a7ecc6c20,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
R2 4EC37AC9-A3AC-43D9-9408-10C9C549999B; C:\Program Files\Udutdy\Bedopudm.exe [271360 2016-06-23] () [File not signed]
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [76944 2016-06-01] (Comodo Security Solutions, Inc.)
R2 CpuEssentials; C:\WINDOWS\CpuEssentials/165271\CpuEssentials.exe [7680 2016-05-27] () [File not signed]
R2 CpuHeatMapping; C:\WINDOWS\SysWOW64\CpuHeatMapping/16641\CpuHeatMapping.exe [12288 2016-06-11] () [File not signed]
R2 Lamzap; C:\ProgramData\\Lamzap\\Lamzap.exe [964608 2016-06-23] () [File not signed]
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-06-23] (DotC United Inc)
S2 ProntSpooler; C:\Users\Brad\AppData\Local\Apps\2.0\abril.exe [134656 2016-05-19] () [File not signed]
S2 Gifzu; "C:\Users\Brad\AppData\Roaming\AobazMunim\Titgudji.exe" -cms [X]
S2 Newbov; "C:\Users\Brad\AppData\Roaming\OhuffMiiunpo\Dufkihl.exe" -cms [X]
R2 tilinupuzbt; C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131\knsq8DBE.tmpfs [X]
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-06-23] (DotC United Inc)
R3 SMUpdd; C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys [52992 2016-06-23] ()
U3 idsvc; no ImagePath
R4 PsBoot; system32\Drivers\PsBoot.sys [X]
U3 wpcsvc; no ImagePath
2016-06-23 22:49 - 2015-06-26 15:08 - 00294400 _____ (CodePlex Community) C:\Users\Brad\AppData\Local\Microsoft.Win32.TaskScheduler.dll
2016-06-23 22:48 - 2016-06-23 22:48 - 00001798 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-06-23 22:48 - 2016-06-23 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-06-23 22:36 - 2016-06-23 22:36 - 00000046 _____ C:\WINDOWS\wininit.ini
2016-06-23 22:34 - 2016-06-23 22:34 - 00000000 ____D C:\WINDOWS\CpuEssentials
2016-06-23 22:18 - 2016-06-23 22:50 - 00000000 ____D C:\Users\Brad\AppData\Local\4C4C4544-1466720306-5410-8046-B8C04F535131
2016-06-23 20:44 - 2016-06-23 22:49 - 00003314 _____ C:\WINDOWS\System32\Tasks\AdBlock
2016-06-23 20:19 - 2016-06-23 20:19 - 00000000 ____D C:\Users\Brad\AppData\Roaming\MCorp
2016-06-23 20:19 - 2016-06-23 20:19 - 00000000 ____D C:\ProgramData\8ec77ebd-7ed5-1
2016-06-23 20:19 - 2016-06-23 20:19 - 00000000 ____D C:\ProgramData\8ec77ebd-4263-0
2016-06-23 20:17 - 2016-06-23 22:31 - 00000000 ____D C:\Users\Brad\AppData\Roaming\Ohypg
2016-06-23 20:17 - 2016-06-23 22:31 - 00000000 ____D C:\Users\Brad\AppData\Roaming\OhuffMiiunpo
2016-06-23 20:17 - 2016-06-23 22:31 - 00000000 ____D C:\Program Files\Joca
2016-06-23 20:16 - 2016-06-23 22:36 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
2016-06-23 20:16 - 2016-06-23 20:40 - 00000000 ____D C:\Users\Brad\AppData\Local\4C4C4544-1466713002-5410-8046-B8C04F535131
2016-06-23 20:15 - 2016-06-21 00:50 - 00304223 _____ ( ) C:\WINDOWS\AdBlock.exe
2016-06-23 20:13 - 2016-06-23 20:13 - 00000258 __RSH C:\Users\Brad\ntuser.pol
2016-06-23 20:13 - 2016-06-23 20:13 - 00000000 ____D C:\Users\Brad\AppData\Local\WebDiscoverBrowser
2016-06-23 20:11 - 2016-06-23 20:11 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-06-23 20:11 - 2016-06-23 20:11 - 00000000 ____D C:\WINDOWS\system32\kej
2016-06-23 20:10 - 2016-06-23 20:37 - 00000000 ____D C:\Program Files\WebDiscoverBrowser
2016-06-23 20:10 - 2016-06-23 20:34 - 00000000 ____D C:\Users\Brad\AppData\Roaming\Checkers
2016-06-23 20:09 - 2016-06-23 22:31 - 00000000 ____D C:\Users\Brad\AppData\Roaming\Finci
2016-06-23 20:09 - 2016-06-23 22:14 - 00000000 ____D C:\Program Files (x86)\Get-a-Clip
2016-06-23 20:09 - 2016-06-23 20:46 - 00000000 ____D C:\Users\Brad\AppData\Local\UltimateSpeedTester
2016-06-23 20:09 - 2016-06-23 20:21 - 00000000 ____D C:\Users\Brad\AppData\Local\WikiZ
2016-06-23 20:09 - 2016-06-23 20:17 - 00000000 ____D C:\Users\Brad\AppData\Local\Tempfolder
2016-06-23 20:09 - 2016-06-23 20:09 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-06-23 20:09 - 2016-06-23 20:09 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-06-23 20:09 - 2016-06-23 20:09 - 00000000 ____D C:\Users\Brad\AppData\LocalLow00C35888
2016-06-23 20:09 - 2016-06-23 20:09 - 00000000 ____D C:\Users\Brad\AppData\LocalLow000002034AE30508
2016-06-23 20:09 - 2016-06-23 20:09 - 00000000 ____D C:\Users\Brad\AppData\LocalLow\Company
2016-06-23 20:09 - 2016-06-23 20:09 - 00000000 ____D C:\Users\Brad\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-06-23 20:09 - 2016-06-23 20:09 - 00000000 ____D C:\Users\Brad\AppData\Local\csdi_monetize_220160623
2016-06-23 20:09 - 2016-06-23 20:09 - 00000000 ____D C:\uninst
2016-06-23 20:08 - 2016-06-23 22:47 - 00000000 ___HD C:\Program Files (x86)\behaving
2016-06-23 20:08 - 2016-06-23 22:47 - 00000000 ____D C:\Program Files\Udutdy
2016-06-23 20:08 - 2016-06-23 22:45 - 00000000 ___HD C:\Program Files (x86)\rota
2016-06-23 20:08 - 2016-06-23 22:36 - 00000000 ____D C:\Program Files\COMODO
2016-06-23 20:08 - 2016-06-23 22:24 - 00000000 ____D C:\Program Files (x86)\Hostify
2016-06-23 20:08 - 2016-06-23 21:44 - 00000000 ____D C:\Program Files\KMSnano
2016-06-23 20:08 - 2016-06-23 20:10 - 00000000 ____D C:\ProgramData\COMODO
2016-06-23 20:08 - 2016-06-23 20:09 - 00000000 ____D C:\ProgramData\Lamzaps
2016-06-23 20:08 - 2016-06-23 20:08 - 00590347 _____ C:\Users\Brad\AppData\Local\setupone.exe
2016-06-23 20:08 - 2016-06-23 20:08 - 00027456 _____ C:\WINDOWS\system32\Drivers\bsdpf64.sys
2016-06-23 20:08 - 2016-06-23 20:08 - 00026944 _____ C:\WINDOWS\system32\Drivers\bsdpr64.sys
2016-06-23 20:08 - 2016-06-23 20:08 - 00002397 _____ C:\WINDOWS\SysWOW64\findit.xml
2016-06-23 20:08 - 2016-06-23 20:08 - 00000003 _____ C:\Users\Brad\AppData\Local\aatxtname.txt
2016-06-23 20:08 - 2016-06-23 20:08 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-06-23 20:08 - 2016-06-23 20:08 - 00000000 ____D C:\Users\Brad\AppData\Local\SecurityApps
2016-06-23 20:08 - 2016-06-23 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSnano
2016-06-23 20:08 - 2016-06-23 20:08 - 00000000 _____ C:\Users\Brad\AppData\Local\tr5b.txt
2016-06-23 20:07 - 2016-06-23 22:55 - 00000000 ____D C:\ProgramData\Logic Handler
2016-06-23 20:07 - 2016-06-23 22:49 - 00000000 ____D C:\ProgramData\Lamzap
2016-06-23 20:07 - 2016-06-23 22:24 - 00000000 ____D C:\Program Files (x86)\sunnyday
2016-06-23 20:07 - 2016-06-23 21:14 - 00000000 ____D C:\Users\Brad\AppData\Roaming\FC09P
2016-06-23 20:07 - 2016-06-23 20:28 - 00000000 ____D C:\Users\Brad\AppData\Local\DailyWiki
2016-06-23 20:07 - 2016-06-23 20:14 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-06-23 20:07 - 2016-06-23 20:07 - 06867456 _____ C:\Users\Brad\AppData\Roaming\agent.dat
2016-06-23 20:07 - 2016-06-23 20:07 - 02279413 _____ C:\Users\Brad\AppData\Roaming\Jayfind.bin
2016-06-23 20:07 - 2016-06-23 20:07 - 01759888 _____ C:\Users\Brad\AppData\Roaming\Kaysing.tst
2016-06-23 20:07 - 2016-06-23 20:07 - 00848437 _____ C:\Users\Brad\AppData\Roaming\Zertip.bin
2016-06-23 20:07 - 2016-06-23 20:07 - 00126464 _____ C:\Users\Brad\AppData\Roaming\noah.dat
2016-06-23 20:07 - 2016-06-23 20:07 - 00069024 _____ C:\Users\Brad\AppData\Roaming\Config.xml
2016-06-23 20:07 - 2016-06-23 20:07 - 00060136 ____N (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys
2016-06-23 20:07 - 2016-06-23 20:07 - 00018432 _____ C:\Users\Brad\AppData\Roaming\Main.dat
2016-06-23 20:07 - 2016-06-23 20:07 - 00000000 ____D C:\Users\Brad\AppData\Local\tuto_monetize_120160623
2016-06-23 20:07 - 2016-06-23 20:07 - 00000000 ____D C:\Users\Brad\AppData\Local\SearchProtect
2016-06-23 20:07 - 2016-06-23 20:07 - 00000000 ____D C:\Users\Brad\AppData\Local\csdi_monetize_120160623
2016-06-23 20:07 - 2016-06-23 20:07 - 00000000 ____D C:\Users\Brad\AppData\Local\bvyvbvyf
2016-06-23 20:07 - 2016-06-23 20:07 - 00000000 ____D C:\ProgramData\SearchModule
2016-06-23 20:07 - 2016-06-23 20:07 - 00000000 ____D C:\Program Files\Common Files\Noobzo
2016-06-23 20:07 - 2016-06-23 20:07 - 00000000 ____D C:\Program Files\Caster
2016-06-23 20:07 - 2016-06-23 20:07 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2016-06-23 20:07 - 2016-06-23 20:06 - 00964608 _____ C:\Users\Brad\AppData\Roaming\Kaysing.exe
2016-06-23 20:06 - 2016-06-23 22:55 - 00000000 ____D C:\Program Files (x86)\EasyHotspot
2016-06-23 20:06 - 2016-06-23 22:24 - 00000000 ____D C:\Program Files (x86)\mpck
2016-06-23 20:06 - 2016-06-23 21:01 - 00000000 ____D C:\Program Files (x86)\Consumer Input
2016-06-23 20:06 - 2016-06-23 20:06 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-06-23 20:06 - 2016-06-23 20:06 - 00128512 _____ C:\Users\Brad\AppData\Roaming\Installer.dat
2016-06-23 20:06 - 2016-06-23 20:06 - 00000000 __SHD C:\WINDOWS\system32\%APPDATA%
2016-06-23 20:06 - 2016-06-23 20:06 - 00000000 ____H C:\WINDOWS\system32\BIT733F.tmp
2016-06-23 20:06 - 2016-06-23 20:06 - 00000000 ____H C:\WINDOWS\system32\BIT6B1F.tmp
2016-06-23 20:06 - 2016-06-23 20:06 - 00000000 ____D C:\WINDOWS\SysWOW64\CpuHeatMapping
2016-06-23 20:06 - 2016-06-23 20:06 - 00000000 ____D C:\Users\Brad\AppData\Roaming\gplyra
2016-06-23 20:06 - 2016-06-23 20:06 - 00000000 ____D C:\Users\Brad\AppData\Roaming\cpuminer
2016-06-23 20:06 - 2016-06-23 20:06 - 00000000 ____D C:\Users\Brad\AppData\Local\Consumer Input
2016-06-23 20:06 - 2016-06-23 20:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Corporation
2016-06-23 20:03 - 2016-06-23 20:03 - 00000000 ____D C:\Program Files (x86)\FastWeb
2016-06-23 20:03 - 2016-06-23 20:03 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131
2016-06-23 20:07 - 2016-06-23 20:07 - 6867456 _____ () C:\Users\Brad\AppData\Roaming\agent.dat
2016-06-23 20:07 - 2016-06-23 20:07 - 0069024 _____ () C:\Users\Brad\AppData\Roaming\Config.xml
2016-06-23 20:06 - 2016-06-23 20:06 - 0128512 _____ () C:\Users\Brad\AppData\Roaming\Installer.dat
2016-06-23 20:07 - 2016-06-23 20:07 - 2279413 _____ () C:\Users\Brad\AppData\Roaming\Jayfind.bin
2016-06-23 20:07 - 2016-06-23 20:06 - 0964608 _____ () C:\Users\Brad\AppData\Roaming\Kaysing.exe
2016-06-23 20:07 - 2016-06-23 20:07 - 1759888 _____ () C:\Users\Brad\AppData\Roaming\Kaysing.tst
2016-06-23 20:07 - 2016-06-23 20:07 - 0018432 _____ () C:\Users\Brad\AppData\Roaming\Main.dat
2016-06-23 20:07 - 2016-06-23 20:07 - 0126464 _____ () C:\Users\Brad\AppData\Roaming\noah.dat
2016-06-23 20:08 - 2016-06-23 20:08 - 0032038 _____ () C:\Users\Brad\AppData\Roaming\uninstall_temp.ico
2016-06-23 20:07 - 2016-06-23 20:07 - 0848437 _____ () C:\Users\Brad\AppData\Roaming\Zertip.bin
2016-06-23 20:08 - 2016-06-23 20:08 - 0000003 _____ () C:\Users\Brad\AppData\Local\aatxtname.txt
2016-05-18 15:35 - 2016-05-18 15:35 - 0005120 _____ () C:\Users\Brad\AppData\Local\ddnow.exe
2016-05-18 15:36 - 2016-05-18 15:36 - 0005632 _____ () C:\Users\Brad\AppData\Local\ddnow4.exe
2016-06-23 22:49 - 2015-06-26 15:08 - 0294400 _____ (CodePlex Community) C:\Users\Brad\AppData\Local\Microsoft.Win32.TaskScheduler.dll
2016-03-18 01:00 - 2016-03-18 01:00 - 0000000 _____ () C:\Users\Brad\AppData\Local\ok223.txt
2016-06-23 20:08 - 2016-06-23 20:08 - 0590347 _____ () C:\Users\Brad\AppData\Local\setupone.exe
2016-05-12 15:44 - 2016-05-12 15:44 - 0007680 _____ () C:\Users\Brad\AppData\Local\tinstall.exe
2016-05-12 15:45 - 2016-05-12 15:45 - 0007680 _____ () C:\Users\Brad\AppData\Local\tinstall4.exe
2016-06-23 20:08 - 2016-06-23 20:08 - 0000000 _____ () C:\Users\Brad\AppData\Local\tr5b.txt
C:\Users\Brad\AppData\Local\Temp\3A81.tmp.exe
C:\Users\Brad\AppData\Local\Temp\864.tmp.exe
C:\Users\Brad\AppData\Local\Temp\B6YHBU3XWT.exe
C:\Users\Brad\AppData\Local\Temp\CF62.tmp.exe
C:\Users\Brad\AppData\Local\Temp\compete.exe
C:\Users\Brad\AppData\Local\Temp\GDHNIVDEKF.exe
C:\Users\Brad\AppData\Local\Temp\InstallHelper.exe
C:\Users\Brad\AppData\Local\Temp\K4A4P11VF3.exe
C:\Users\Brad\AppData\Local\Temp\nsg9ECA.tmp.exe
C:\Users\Brad\AppData\Local\Temp\R1MB5Y6ZTK.exe
C:\Users\Brad\AppData\Local\Temp\reg_32.exe
C:\Users\Brad\AppData\Local\Temp\sdf589C.exe
C:\Users\Brad\AppData\Local\Temp\sdf5948.exe
C:\Users\Brad\AppData\Local\Temp\sdfBC24.exe
C:\Users\Brad\AppData\Local\Temp\Setup__2140_il33.exe
C:\Users\Brad\AppData\Local\Temp\ZBJ60X3CHE.exe
Task: {07111DBC-584A-43AA-9D93-8FB70C6687D5} - \Trigger KMS Activation -> No File <==== ATTENTION
Task: {09FD7BB0-C03C-40E2-AAE6-7A6E43F0A70A} - \User_Feed_Synchronization-{F0DB4CB1-06EC-4B44-B817-B3107BA8FCF8} -> No File <==== ATTENTION
Task: {213F928C-EEE6-4D85-8583-FB54C1458768} - \SMW_UpdateTask_Time_333634363139383738342d6c4a5a415b34322a2d6c345a -> No File <==== ATTENTION
Task: {35E58AF0-5B9D-420E-B18B-24EE8F9C3371} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {38F2059B-2324-4F80-BC2C-55EE414702C7} - \{FE2E0D5C-2A3E-4CC9-9A02-E3DEF83599DE} -> No File <==== ATTENTION
Task: {404558BF-988C-4ACF-ABCB-02E6E0D59D29} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {41D7BC36-35C7-4594-9D64-47697584D9CD} - \bvyvbvyf -> No File <==== ATTENTION
Task: {438EBBC8-D247-4359-B313-B3A5EEAB8D82} - \Pa1044003710440037 -> No File <==== ATTENTION
Task: {53A553D7-0762-4610-9A70-D598BE9008B0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {610E04CD-8550-4452-A5B6-209407B00C2D} - \VirusRemover -> No File <==== ATTENTION
Task: {730B9D00-3EFB-436B-AB1C-22342F1CBEF2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8C9D67F9-FBF5-4783-A37A-F39ACDD82E13} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8F328066-E040-4652-B526-2D79A015834D} - \10440037 -> No File <==== ATTENTION
Task: {8F7E59B9-B2D0-43B0-9B26-5F0D2272E269} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9A6FC465-04FC-4E2A-888E-5AAA385BDAD3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9F99AE31-2CFA-43A5-90E5-6842E433DF23} - System32\Tasks\AdBlock => C:\Windows\AdBlock.exe [2016-06-21] (                                                            ) <==== ATTENTION
Task: {A8751DEA-E7E4-4CEB-8B8C-E806ADD15519} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BECC73FE-2F8B-4118-8F9A-70C55E11CBB7} - \{C5B8CD2F-2F44-4943-AA54-A64EC2123C00} -> No File <==== ATTENTION
Task: {BF6D9C90-3451-4BED-AD00-80A727238A1D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D5696AE9-65A2-4F17-80F8-F77F69C16C2A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D7B55828-1A25-41FA-A710-F34087F56948} - \AdobeAAMUpdater-1.0-Brad-PC-Brad -> No File <==== ATTENTION
Task: {DD3C6CD0-BDB2-4EE1-B2CF-37E0E21E202D} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {DD760188-3BFA-41AC-9430-4958FA0B80F8} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {EA1B89AD-5682-42A5-B1F2-2D66694058A4} - \SMW_P -> No File <==== ATTENTION
Task: {F9BB8386-933D-43AA-8EBE-AF38F6844FC5} - \SecurityApps2 -> No File <==== ATTENTION
Task: {FB41DCE6-0642-4DC7-BFD4-6B99E9F0F3B5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.bat () -> hxxp://www%2dsearching.com/?prd=set_epc&s=G6Ozftpbl0cshmoAQ,429d1783-9bd1-470f-990d-cc4a7ecc6c20,
ShortcutWithArgument: C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> hxxp://www%2dsearching.com/?prd=set_epc&s=G6Ozftpbl0cshmoAQ,429d1783-9bd1-470f-990d-cc4a7ecc6c20,
ShortcutWithArgument: C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat () -> hxxp://www%2dsearching.com/?prd=set_epc&s=G6Ozftpbl0cshmoAQ,429d1783-9bd1-470f-990d-cc4a7ecc6c20,
ShortcutWithArgument: C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> hxxp://www%2dsearching.com/?prd=set_epc&s=G6Ozftpbl0cshmoAQ,429d1783-9bd1-470f-990d-cc4a7ecc6c20,
ShortcutWithArgument: C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search (2).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> hxxp://www%2dsearching.com/?prd=set_epe&s=G6Ozftpbl0cshmoAQ,429d1783-9bd1-470f-990d-cc4a7ecc6c20,
ShortcutWithArgument: C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> hxxp://www%2dsearching.com/?prd=set_epe&s=G6Ozftptn095001BQ,9e90d772-22b2-49a1-83d7-a38e0ad8c3f8,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> hxxp://www%2dsearching.com/?prd=set_epc&s=G6Ozftpbl0cshmoAQ,429d1783-9bd1-470f-990d-cc4a7ecc6c20,
2016-06-23 20:07 - 2016-06-23 20:06 - 00964608 ____N () C:\ProgramData\Lamzap\Lamzap.exe
2016-06-23 20:06 - 2016-06-11 15:57 - 00012288 _____ () C:\WINDOWS\SysWOW64\CpuHeatMapping\16641\CpuHeatMapping.exe
2016-06-23 18:10 - 2016-06-23 20:09 - 00271360 _____ () C:\Program Files\Udutdy\Bedopudm.exe
2015-12-26 04:59 - 2015-12-26 04:59 - 00158720 ____N () C:\Users\Brad\AppData\Local\4C4C4544-1466713002-5410-8046-B8C04F535131\qnssFDCC.tmp
2016-06-23 20:03 - 2016-06-23 20:03 - 00244224 ____N () C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131\jnsaA40C.tmp
2016-06-23 18:10 - 2016-06-23 20:09 - 00257536 ____N () C:\Program Files\Udutdy\Nidkaf.exe
2016-06-23 16:04 - 2016-06-23 16:04 - 00404992 _____ () C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131\knsq8DBE.tmpfs
2016-06-23 22:34 - 2016-05-27 17:00 - 00007680 _____ () C:\WINDOWS\CpuEssentials\165271\CpuEssentials.exe
2016-06-23 18:10 - 2016-06-23 20:09 - 01682432 ____N () C:\Program Files\Udutdy\MiepDemf.exe
2016-06-23 20:03 - 2016-06-23 20:03 - 00138240 ____N () C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131\hnsiB9B8.tmp
2016-06-23 18:10 - 2016-06-23 20:09 - 00426496 _____ () C:\Program Files\Udutdy\Diroghs64.DLL
2016-06-23 18:10 - 2016-06-23 20:09 - 00707072 ____N () C:\Program Files\Udutdy\Mifehafn64.exe
2016-06-23 18:10 - 2016-06-23 20:09 - 00809472 _____ () C:\Program Files\Udutdy\Miercuat64.DLL
2016-06-23 18:10 - 2016-06-23 20:09 - 00437248 _____ () C:\Program Files\Udutdy\Baokei64.DLL
2016-06-23 18:10 - 2016-06-23 20:09 - 00447488 _____ () C:\Program Files\Udutdy\Pokisaj64.DLL
2016-03-31 13:04 - 2016-03-31 13:04 - 01399808 _____ () C:\Users\Brad\AppData\Roaming\cpuminer\cpm.exe
2016-06-23 20:07 - 2016-06-23 20:07 - 03630592 ____N () C:\Program Files (x86)\EasyHotspot\idsccom_W1Q.exe
2016-06-23 20:07 - 2016-06-23 20:07 - 03630592 ____N () C:\Program Files (x86)\mpck\wincom_DO7.exe
2016-06-23 20:08 - 2016-06-23 20:08 - 03630592 ____N () C:\Program Files (x86)\sunnyday\wincom_Q57.exe
2016-06-23 20:03 - 2016-06-23 20:03 - 00224768 _____ () C:\Program Files (x86)\FastWeb\fastweb.exe
Unlock: C:\Program Files\Udutdy
C:\Program Files\Udutdy
C:\Program Files\Internet Explorer\iexplore.bat
Unlock: C:\Program Files\Internet Explorer\iexplore.bat
C:\Program Files (x86)\Google\Chrome\Application\chrome.bat
Unlock: C:\Program Files (x86)\Google\Chrome\Application\chrome.bat
AlternateDataStreams: C:\ProgramData\TEMP:3F30E778 [139]
AlternateDataStreams: C:\ProgramData\TEMP:69E87FA2 [116]
AlternateDataStreams: C:\ProgramData\TEMP:A9967A61 [133]
AlternateDataStreams: C:\ProgramData\TEMP:F4C624DE [123]
FirewallRules: [{A039FA95-0C1A-4DCC-9E41-6A72F88F80F7}] => (Allow) C:\Users\Brad\AppData\Local\ddnowyes.exe
FirewallRules: [{AEC1BAC3-8858-4E8D-8443-2AE42B91137B}] => (Allow) C:\Users\Brad\AppData\Local\Temp\nsxAE2C.tmp\setup.exe
FirewallRules: [{BA8FB75C-BD8F-4164-B818-8BC496BB5139}] => (Allow) C:\Users\Brad\AppData\Local\7878900.exe
FirewallRules: [{15F655A2-1FF4-4F33-A259-7A9DF90416D7}] => (Allow) C:\Users\Brad\AppData\Local\tinstall.exe
FirewallRules: [{81E665F6-EB9C-4281-A330-091FF05F6F86}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{0333D81D-FDA7-4BC4-B8F8-C6CC51877639}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
EmptyTemp:


























*****************

"HKLM\SYSTEM\CurrentControlSet\services\MPCKpt" => key could not be unlocked
"C:\Program Files\MPC Cleaner" => not found.
"HKLM\SYSTEM\CurrentControlSet\services\MPCBase" => key could not be unlocked
"HKLM\SYSTEM\CurrentControlSet\services\MPCProtectService" => key could not be unlocked

=========  SC stop MPCBase =========

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


========= End of CMD: =========


=========  SC config MPCBase start= disabled =========

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


========= End of CMD: =========


=========  SC stop MPCKpt =========

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


========= End of CMD: =========


=========  SC config MPCKpt start= disabled =========

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


========= End of CMD: =========


=========  SC stop MPCProtectService =========

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


========= End of CMD: =========


=========  SC MPCProtectService start= disabled =========


ERROR:  Unrecognized command

DESCRIPTION:
        SC is a command line program used for communicating with the
        Service Control Manager and services.
USAGE:
        sc <server> [command] [service name] <option1> <option2>...


        The option <server> has the form "\\ServerName"
        Further help on commands can be obtained by typing: "sc [command]"
        Commands:
          query-----------Queries the status for a service, or
                          enumerates the status for types of services.
          queryex---------Queries the extended status for a service, or
                          enumerates the status for types of services.
          start-----------Starts a service.
          pause-----------Sends a PAUSE control request to a service.
          interrogate-----Sends an INTERROGATE control request to a service.
          continue--------Sends a CONTINUE control request to a service.
          stop------------Sends a STOP request to a service.
          config----------Changes the configuration of a service (persistent).
          description-----Changes the description of a service.
          failure---------Changes the actions taken by a service upon failure.
          failureflag-----Changes the failure actions flag of a service.
          sidtype---------Changes the service SID type of a service.
          privs-----------Changes the required privileges of a service.
          managedaccount--Changes the service to mark the service account 
                          password as managed by LSA.
          qc--------------Queries the configuration information for a service.
          qdescription----Queries the description for a service.
          qfailure--------Queries the actions taken by a service upon failure.
          qfailureflag----Queries the failure actions flag of a service.
          qsidtype--------Queries the service SID type of a service.
          qprivs----------Queries the required privileges of a service.
          qtriggerinfo----Queries the trigger parameters of a service.
          qpreferrednode--Queries the preferred NUMA node of a service.
          qmanagedaccount-Queries whether a services uses an account with a 
                          password managed by LSA.
          qprotection-----Queries the process protection level of a service.
          delete----------Deletes a service (from the registry).
          create----------Creates a service. (adds it to the registry).
          control---------Sends a control to a service.
          sdshow----------Displays a service's security descriptor.
          sdset-----------Sets a service's security descriptor.
          showsid---------Displays the service SID string corresponding to an arbitrary name.
          triggerinfo-----Configures the trigger parameters of a service.
          preferrednode---Sets the preferred NUMA node of a service.
          GetDisplayName--Gets the DisplayName for a service.
          GetKeyName------Gets the ServiceKeyName for a service.
          EnumDepend------Enumerates Service Dependencies.

        The following commands don't require a service name:
        sc <server> <command> <option>
          boot------------(ok | bad) Indicates whether the last boot should
                          be saved as the last-known-good boot configuration
          Lock------------Locks the Service Database
          QueryLock-------Queries the LockStatus for the SCManager Database
EXAMPLE:
        sc start MyService


QUERY and QUERYEX OPTIONS:
        If the query command is followed by a service name, the status
        for that service is returned.  Further options do not apply in
        this case.  If the query command is followed by nothing or one of
        the options listed below, the services are enumerated.
    type=    Type of services to enumerate (driver, service, userservice, all)
             (default = service)
    state=   State of services to enumerate (inactive, all)
             (default = active)
    bufsize= The size (in bytes) of the enumeration buffer
             (default = 4096)
    ri=      The resume index number at which to begin the enumeration
             (default = 0)
    group=   Service group to enumerate
             (default = all groups)

SYNTAX EXAMPLES
sc query                - Enumerates status for active services & drivers
sc query eventlog       - Displays status for the eventlog service
sc queryex eventlog     - Displays extended status for the eventlog service
sc query type= driver   - Enumerates only active drivers
sc query type= service  - Enumerates only Win32 services
sc query state= all     - Enumerates all services & drivers
sc query bufsize= 50    - Enumerates with a 50 byte buffer
sc query ri= 14         - Enumerates with resume index = 14
sc queryex group= ""    - Enumerates active services not in a group
sc query type= interact - Enumerates all interactive services
sc query type= driver group= NDIS     - Enumerates all NDIS drivers


========= End of CMD: =========

MPCBase => service not found.
MPCKpt => service not found.
MPCProtectService => service not found.
"C:\WINDOWS\System32\drivers\MPCBase.sys" => not found.
"C:\WINDOWS\system32\Drivers\MPCKpt.sys" => was unlocked
"C:\WINDOWS\system32\Drivers\MPCBase.sys" => not found.
"C:\WINDOWS\System32\drivers\MPCBase.sys" => not found.
C:\WINDOWS\system32\Drivers\MPCKpt.sys => moved successfully
"C:\WINDOWS\system32\Drivers\MPCBase.sys" => not found.
"C:\Program Files\MPC Cleaner" => not found.

========= reg delete HKLM\SYSTEM\CurrentControlSet\services\MPCKpt =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MPCKpt (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete HKLM\SYSTEM\CurrentControlSet\services\MPCBase =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MPCBase (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete HKLM\SYSTEM\CurrentControlSet\services\MPCProtectService =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MPCProtectService (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

C:\ProgramData\Lamzap\Lamzap.exe => No running process found
[2984] C:\Windows\SysWOW64\CpuHeatMapping\16641\CpuHeatMapping.exe => process closed successfully.
C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe => No running process found
[2756] C:\Program Files\Udutdy\Bedopudm.exe => process closed successfully.
C:\Users\Brad\AppData\Local\4C4C4544-1466713002-5410-8046-B8C04F535131\qnssFDCC.tmp => No running process found
C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131\jnsaA40C.tmp => No running process found
C:\Program Files\Udutdy\Nidkaf.exe => No running process found
[3244] C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131\knsq8DBE.tmpfs => process closed successfully.
[2620] C:\Windows\CpuEssentials\165271\CpuEssentials.exe => process closed successfully.
C:\Program Files\Udutdy\MiepDemf.exe => No running process found
C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131\hnsiB9B8.tmp => No running process found
C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe => No running process found
C:\Program Files (x86)\MPC Cleaner\MPCTray.exe => No running process found
C:\Program Files\Udutdy\Mifehafn64.exe => No running process found
C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe => No running process found
[7968] C:\Users\Brad\AppData\Roaming\cpuminer\cpm.exe => process closed successfully.
C:\Program Files (x86)\EasyHotspot\idsccom_W1Q.exe => No running process found
C:\Program Files (x86)\mpck\wincom_DO7.exe => No running process found
C:\Program Files (x86)\sunnyday\wincom_Q57.exe => No running process found
C:\Program Files (x86)\FastWeb\fastweb.exe => No running process found
C:\Windows\SysWOW64\timeout.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\cpuminer => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\AdBlock2 => value removed successfully
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\WinResSync => value not found.
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WinResSync => value not found.
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\Software\Microsoft\Windows\CurrentVersion\Run\\fastweb => value removed successfully
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WinResSync => value removed successfully
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WinResSync => value removed successfully
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\fastweb => value not found.
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\WinResSync => value not found.
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WinResSync => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\WinResSync => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WinResSync => value removed successfully
C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mysystem.lnk => moved successfully
C:\Program Files (x86)\Microsoft Corporation\SystemAlert.exe => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Search Page => Error setting value.
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Search Bar => value not found.
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully
HKCR\Wow6432Node\CLSID\ielnksrch => key not found. 
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
"HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7E89B134-75F9-48C2-A72F-68444C885701}" => key removed successfully
HKCR\CLSID\{7E89B134-75F9-48C2-A72F-68444C885701} => key not found. 
"HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully
HKCR\CLSID\{ielnksrch} => key not found. 
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
HKCR\CLSID\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7E89B134-75F9-48C2-A72F-68444C885701} => key not found. 
HKCR\CLSID\{7E89B134-75F9-48C2-A72F-68444C885701} => key not found. 
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} => key not found. 
HKCR\CLSID\{ielnksrch} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}" => key removed successfully
"HKCR\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}" => key removed successfully
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\Software\Mozilla\Firefox\Extensions\\ConsumerInput@Compete => value removed successfully
C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12297.xpi => moved successfully
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12297.xpi [2016-04-22] => not found
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Mozilla\Firefox\Extensions\\ConsumerInput@Compete => value not found.
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
4EC37AC9-A3AC-43D9-9408-10C9C549999B => service removed successfully
CLPSLauncher => Unable to stop service.
CLPSLauncher => service removed successfully
CpuEssentials => service removed successfully
CpuHeatMapping => service removed successfully
Lamzap => service removed successfully
MPCProtectService => service not found.
ProntSpooler => service removed successfully
Gifzu => service removed successfully
Newbov => service removed successfully
tilinupuzbt => service removed successfully
MPCKpt => service not found.
SMUpdd => service removed successfully
idsvc => service removed successfully
PsBoot => service not found.
wpcsvc => service removed successfully
C:\Users\Brad\AppData\Local\Microsoft.Win32.TaskScheduler.dll => moved successfully
C:\Users\Public\Desktop\MPC Cleaner.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC => moved successfully
C:\WINDOWS\wininit.ini => moved successfully
C:\WINDOWS\CpuEssentials => moved successfully
C:\Users\Brad\AppData\Local\4C4C4544-1466720306-5410-8046-B8C04F535131 => moved successfully
C:\WINDOWS\System32\Tasks\AdBlock => moved successfully
C:\Users\Brad\AppData\Roaming\MCorp => moved successfully
C:\ProgramData\8ec77ebd-7ed5-1 => moved successfully
C:\ProgramData\8ec77ebd-4263-0 => moved successfully
C:\Users\Brad\AppData\Roaming\Ohypg => moved successfully
C:\Users\Brad\AppData\Roaming\OhuffMiiunpo => moved successfully
C:\Program Files\Joca => moved successfully
C:\Program Files (x86)\CleanBrowser => moved successfully
C:\Users\Brad\AppData\Local\4C4C4544-1466713002-5410-8046-B8C04F535131 => moved successfully
C:\WINDOWS\AdBlock.exe => moved successfully
C:\Users\Brad\ntuser.pol => moved successfully
C:\Users\Brad\AppData\Local\WebDiscoverBrowser => moved successfully
C:\ProgramData\ntuser.pol => moved successfully
C:\WINDOWS\system32\kej => moved successfully
C:\Program Files\WebDiscoverBrowser => moved successfully
C:\Users\Brad\AppData\Roaming\Checkers => moved successfully
C:\Users\Brad\AppData\Roaming\Finci => moved successfully
C:\Program Files (x86)\Get-a-Clip => moved successfully
C:\Users\Brad\AppData\Local\UltimateSpeedTester => moved successfully
C:\Users\Brad\AppData\Local\WikiZ => moved successfully
C:\Users\Brad\AppData\Local\Tempfolder => moved successfully
C:\Users\Public\Documents\Tools => moved successfully
C:\Users\Public\Documents\Baidu => moved successfully
C:\Users\Brad\AppData\LocalLow00C35888 => moved successfully
C:\Users\Brad\AppData\LocalLow000002034AE30508 => moved successfully
C:\Users\Brad\AppData\LocalLow\Company => moved successfully
C:\Users\Brad\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} => moved successfully
C:\Users\Brad\AppData\Local\csdi_monetize_220160623 => moved successfully
C:\uninst => moved successfully
C:\Program Files (x86)\behaving => moved successfully
C:\Program Files\Udutdy => moved successfully
C:\Program Files (x86)\rota => moved successfully
C:\Program Files\COMODO => moved successfully
C:\Program Files (x86)\Hostify => moved successfully
C:\Program Files\KMSnano => moved successfully
C:\ProgramData\COMODO => moved successfully
C:\ProgramData\Lamzaps => moved successfully
C:\Users\Brad\AppData\Local\setupone.exe => moved successfully
C:\WINDOWS\system32\Drivers\bsdpf64.sys => moved successfully
C:\WINDOWS\system32\Drivers\bsdpr64.sys => moved successfully
C:\WINDOWS\SysWOW64\findit.xml => moved successfully
C:\Users\Brad\AppData\Local\aatxtname.txt => moved successfully
C:\Users\Public\Documents\Guid => moved successfully
C:\Users\Brad\AppData\Local\SecurityApps => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSnano => moved successfully
C:\Users\Brad\AppData\Local\tr5b.txt => moved successfully
C:\ProgramData\Logic Handler => moved successfully
C:\ProgramData\Lamzap => moved successfully
C:\Program Files (x86)\sunnyday => moved successfully
C:\Users\Brad\AppData\Roaming\FC09P => moved successfully
C:\Users\Brad\AppData\Local\DailyWiki => moved successfully
C:\Program Files (x86)\MPC Cleaner => moved successfully
C:\Users\Brad\AppData\Roaming\agent.dat => moved successfully
C:\Users\Brad\AppData\Roaming\Jayfind.bin => moved successfully
C:\Users\Brad\AppData\Roaming\Kaysing.tst => moved successfully
C:\Users\Brad\AppData\Roaming\Zertip.bin => moved successfully
C:\Users\Brad\AppData\Roaming\noah.dat => moved successfully
C:\Users\Brad\AppData\Roaming\Config.xml => moved successfully
"C:\WINDOWS\system32\Drivers\MPCKpt.sys" => not found.
C:\Users\Brad\AppData\Roaming\Main.dat => moved successfully
C:\Users\Brad\AppData\Local\tuto_monetize_120160623 => moved successfully
C:\Users\Brad\AppData\Local\SearchProtect => moved successfully
C:\Users\Brad\AppData\Local\csdi_monetize_120160623 => moved successfully
C:\Users\Brad\AppData\Local\bvyvbvyf => moved successfully
C:\ProgramData\SearchModule => moved successfully
C:\Program Files\Common Files\Noobzo => moved successfully
C:\Program Files\Caster => moved successfully
C:\Program Files (x86)\SearchProtect => moved successfully
C:\Users\Brad\AppData\Roaming\Kaysing.exe => moved successfully
C:\Program Files (x86)\EasyHotspot => moved successfully
C:\Program Files (x86)\mpck => moved successfully
C:\Program Files (x86)\Consumer Input => moved successfully
C:\WINDOWS\rsrcs.dll => moved successfully
C:\Users\Brad\AppData\Roaming\Installer.dat => moved successfully
C:\WINDOWS\system32\%APPDATA% => moved successfully
C:\WINDOWS\system32\BIT733F.tmp => moved successfully
C:\WINDOWS\system32\BIT6B1F.tmp => moved successfully
C:\WINDOWS\SysWOW64\CpuHeatMapping => moved successfully
C:\Users\Brad\AppData\Roaming\gplyra => moved successfully
C:\Users\Brad\AppData\Roaming\cpuminer => moved successfully
C:\Users\Brad\AppData\Local\Consumer Input => moved successfully
C:\Program Files (x86)\Microsoft Corporation => moved successfully
C:\Program Files (x86)\FastWeb => moved successfully
C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131 => moved successfully
"C:\Users\Brad\AppData\Roaming\agent.dat" => not found.
"C:\Users\Brad\AppData\Roaming\Config.xml" => not found.
"C:\Users\Brad\AppData\Roaming\Installer.dat" => not found.
"C:\Users\Brad\AppData\Roaming\Jayfind.bin" => not found.
"C:\Users\Brad\AppData\Roaming\Kaysing.exe" => not found.
"C:\Users\Brad\AppData\Roaming\Kaysing.tst" => not found.
"C:\Users\Brad\AppData\Roaming\Main.dat" => not found.
"C:\Users\Brad\AppData\Roaming\noah.dat" => not found.
C:\Users\Brad\AppData\Roaming\uninstall_temp.ico => moved successfully
"C:\Users\Brad\AppData\Roaming\Zertip.bin" => not found.
"C:\Users\Brad\AppData\Local\aatxtname.txt" => not found.
C:\Users\Brad\AppData\Local\ddnow.exe => moved successfully
C:\Users\Brad\AppData\Local\ddnow4.exe => moved successfully
"C:\Users\Brad\AppData\Local\Microsoft.Win32.TaskScheduler.dll" => not found.
C:\Users\Brad\AppData\Local\ok223.txt => moved successfully
"C:\Users\Brad\AppData\Local\setupone.exe" => not found.
C:\Users\Brad\AppData\Local\tinstall.exe => moved successfully
C:\Users\Brad\AppData\Local\tinstall4.exe => moved successfully
"C:\Users\Brad\AppData\Local\tr5b.txt" => not found.
C:\Users\Brad\AppData\Local\Temp\3A81.tmp.exe => moved successfully
C:\Users\Brad\AppData\Local\Temp\864.tmp.exe => moved successfully
C:\Users\Brad\AppData\Local\Temp\B6YHBU3XWT.exe => moved successfully
C:\Users\Brad\AppData\Local\Temp\CF62.tmp.exe => moved successfully
C:\Users\Brad\AppData\Local\Temp\compete.exe => moved successfully
C:\Users\Brad\AppData\Local\Temp\GDHNIVDEKF.exe => moved successfully
C:\Users\Brad\AppData\Local\Temp\InstallHelper.exe => moved successfully
C:\Users\Brad\AppData\Local\Temp\K4A4P11VF3.exe => moved successfully
C:\Users\Brad\AppData\Local\Temp\nsg9ECA.tmp.exe => moved successfully
C:\Users\Brad\AppData\Local\Temp\R1MB5Y6ZTK.exe => moved successfully
C:\Users\Brad\AppData\Local\Temp\reg_32.exe => moved successfully
C:\Users\Brad\AppData\Local\Temp\sdf589C.exe => moved successfully
C:\Users\Brad\AppData\Local\Temp\sdf5948.exe => moved successfully
C:\Users\Brad\AppData\Local\Temp\sdfBC24.exe => moved successfully
C:\Users\Brad\AppData\Local\Temp\Setup__2140_il33.exe => moved successfully
C:\Users\Brad\AppData\Local\Temp\ZBJ60X3CHE.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{07111DBC-584A-43AA-9D93-8FB70C6687D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07111DBC-584A-43AA-9D93-8FB70C6687D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Trigger KMS Activation" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09FD7BB0-C03C-40E2-AAE6-7A6E43F0A70A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09FD7BB0-C03C-40E2-AAE6-7A6E43F0A70A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{F0DB4CB1-06EC-4B44-B817-B3107BA8FCF8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{213F928C-EEE6-4D85-8583-FB54C1458768}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{213F928C-EEE6-4D85-8583-FB54C1458768}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_333634363139383738342d6c4a5a415b34322a2d6c345a" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{35E58AF0-5B9D-420E-B18B-24EE8F9C3371}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35E58AF0-5B9D-420E-B18B-24EE8F9C3371}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38F2059B-2324-4F80-BC2C-55EE414702C7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38F2059B-2324-4F80-BC2C-55EE414702C7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FE2E0D5C-2A3E-4CC9-9A02-E3DEF83599DE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{404558BF-988C-4ACF-ABCB-02E6E0D59D29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{404558BF-988C-4ACF-ABCB-02E6E0D59D29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41D7BC36-35C7-4594-9D64-47697584D9CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41D7BC36-35C7-4594-9D64-47697584D9CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvyvbvyf" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{438EBBC8-D247-4359-B313-B3A5EEAB8D82}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{438EBBC8-D247-4359-B313-B3A5EEAB8D82}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pa1044003710440037" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53A553D7-0762-4610-9A70-D598BE9008B0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53A553D7-0762-4610-9A70-D598BE9008B0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{610E04CD-8550-4452-A5B6-209407B00C2D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{610E04CD-8550-4452-A5B6-209407B00C2D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VirusRemover" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{730B9D00-3EFB-436B-AB1C-22342F1CBEF2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{730B9D00-3EFB-436B-AB1C-22342F1CBEF2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C9D67F9-FBF5-4783-A37A-F39ACDD82E13}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C9D67F9-FBF5-4783-A37A-F39ACDD82E13}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8F328066-E040-4652-B526-2D79A015834D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F328066-E040-4652-B526-2D79A015834D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\10440037" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F7E59B9-B2D0-43B0-9B26-5F0D2272E269}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F7E59B9-B2D0-43B0-9B26-5F0D2272E269}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A6FC465-04FC-4E2A-888E-5AAA385BDAD3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A6FC465-04FC-4E2A-888E-5AAA385BDAD3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F99AE31-2CFA-43A5-90E5-6842E433DF23}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F99AE31-2CFA-43A5-90E5-6842E433DF23}" => key removed successfully
C:\WINDOWS\System32\Tasks\AdBlock => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdBlock" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A8751DEA-E7E4-4CEB-8B8C-E806ADD15519}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8751DEA-E7E4-4CEB-8B8C-E806ADD15519}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BECC73FE-2F8B-4118-8F9A-70C55E11CBB7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BECC73FE-2F8B-4118-8F9A-70C55E11CBB7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C5B8CD2F-2F44-4943-AA54-A64EC2123C00}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF6D9C90-3451-4BED-AD00-80A727238A1D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF6D9C90-3451-4BED-AD00-80A727238A1D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5696AE9-65A2-4F17-80F8-F77F69C16C2A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5696AE9-65A2-4F17-80F8-F77F69C16C2A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7B55828-1A25-41FA-A710-F34087F56948}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7B55828-1A25-41FA-A710-F34087F56948}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeAAMUpdater-1.0-Brad-PC-Brad" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD3C6CD0-BDB2-4EE1-B2CF-37E0E21E202D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD3C6CD0-BDB2-4EE1-B2CF-37E0E21E202D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DD760188-3BFA-41AC-9430-4958FA0B80F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD760188-3BFA-41AC-9430-4958FA0B80F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EA1B89AD-5682-42A5-B1F2-2D66694058A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA1B89AD-5682-42A5-B1F2-2D66694058A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_P" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9BB8386-933D-43AA-8EBE-AF38F6844FC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9BB8386-933D-43AA-8EBE-AF38F6844FC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SecurityApps2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB41DCE6-0642-4DC7-BFD4-6B99E9F0F3B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB41DCE6-0642-4DC7-BFD4-6B99E9F0F3B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => not found.
C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => not found.
C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk => not found.
C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => not found.
C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search (2).lnk => not found.
C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => not found.
"C:\ProgramData\Lamzap\Lamzap.exe" => not found.
"C:\WINDOWS\SysWOW64\CpuHeatMapping\16641\CpuHeatMapping.exe" => not found.
"C:\Program Files\Udutdy\Bedopudm.exe" => not found.
"C:\Users\Brad\AppData\Local\4C4C4544-1466713002-5410-8046-B8C04F535131\qnssFDCC.tmp" => not found.
"C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131\jnsaA40C.tmp" => not found.
"C:\Program Files\Udutdy\Nidkaf.exe" => not found.
"C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131\knsq8DBE.tmpfs" => not found.
"C:\WINDOWS\CpuEssentials\165271\CpuEssentials.exe" => not found.
"C:\Program Files\Udutdy\MiepDemf.exe" => not found.
"C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131\hnsiB9B8.tmp" => not found.
"C:\Program Files\Udutdy\Diroghs64.DLL" => not found.
"C:\Program Files\Udutdy\Mifehafn64.exe" => not found.
"C:\Program Files\Udutdy\Miercuat64.DLL" => not found.
"C:\Program Files\Udutdy\Baokei64.DLL" => not found.
"C:\Program Files\Udutdy\Pokisaj64.DLL" => not found.
"C:\Users\Brad\AppData\Roaming\cpuminer\cpm.exe" => not found.
"C:\Program Files (x86)\EasyHotspot\idsccom_W1Q.exe" => not found.
"C:\Program Files (x86)\mpck\wincom_DO7.exe" => not found.
"C:\Program Files (x86)\sunnyday\wincom_Q57.exe" => not found.
"C:\Program Files (x86)\FastWeb\fastweb.exe" => not found.
"C:\Program Files\Udutdy" => not found.
"C:\Program Files\Udutdy" => not found.
C:\Program Files\Internet Explorer\iexplore.bat => moved successfully
"C:\Program Files\Internet Explorer\iexplore.bat" => not found.
"C:\Program Files (x86)\Google\Chrome\Application\chrome.bat" => not found.
"C:\Program Files (x86)\Google\Chrome\Application\chrome.bat" => not found.
C:\ProgramData\TEMP => ":3F30E778" ADS removed successfully.
C:\ProgramData\TEMP => ":69E87FA2" ADS removed successfully.
C:\ProgramData\TEMP => ":A9967A61" ADS removed successfully.
C:\ProgramData\TEMP => ":F4C624DE" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A039FA95-0C1A-4DCC-9E41-6A72F88F80F7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AEC1BAC3-8858-4E8D-8443-2AE42B91137B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA8FB75C-BD8F-4164-B818-8BC496BB5139} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{15F655A2-1FF4-4F33-A259-7A9DF90416D7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{81E665F6-EB9C-4281-A330-091FF05F6F86} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0333D81D-FDA7-4BC4-B8F8-C6CC51877639} => value removed successfully

=========  for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========

Failed to clear log DebugChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 62002 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 90631378 B
Java, Flash, Steam htmlcache => 1200 B
Windows/system/drivers => 44423492 B
Edge => 14074595 B
Chrome => 55939469 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 1583536 B
LocalService => 36170 B
NetworkService => 0 B
Brad => 372690546 B
DefaultAppPool => 0 B

RecycleBin => 0 B
EmptyTemp: => 552.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 07:53:34 ====