CloseProcesses:
CreateRestorePoint:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKU\S-1-5-21-1644976545-898374883-2013635671-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1644976545-898374883-2013635671-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {CB29228C-1191-43F5-B356-E32B4C9E89D9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {211C6414-41B6-4464-AC37-A9ED9ACE021C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\.DEFAULT -> No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
Toolbar: HKU\S-1-5-21-1644976545-898374883-2013635671-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-07-25] <==== ATTENTION
CHR HomePage: Default -> hxxp://www.dregol.com/?f=1&a=drg_frg01_15_30&cd=2XzuyEtN2Y1L1QzutBtD0A0AyE0B0EyByC0C0E0CzyyDyCzytN0D0Tzu0StCtBzyzztN1L2XzutAtFtCtBtFtCtFtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtAtBzytCtB0DtCtGtByBzzzytG0B0DyB0FtGtC0CzyyBtG0CtCyDtAyByDyEtC0DyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtA0DtCyDyEyC0AtGzz0FyEzytGyE0AzyyCtGzz0CyD0FtGyEyB0E0CtDyDyD0F0ByByE0A2QtN0A0LzutB&cr=931314817&ir=
CHR DefaultSearchURL: Default -> hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_frg01_15_30&cd=2XzuyEtN2Y1L1QzutBtD0A0AyE0B0EyByC0C0E0CzyyDyCzytN0D0Tzu0StCtBzyzztN1L2XzutAtFtCtBtFtCtFtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtAtBzytCtB0DtCtGtByBzzzytG0B0DyB0FtGtC0CzyyBtG0CtCyDtAyByDyEtC0DyE0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtA0DtCyDyEyC0AtGzz0FyEzytGyE0AzyyCtGzz0CyD0FtGyEyB0E0CtDyDyD0F0ByByE0A2QtN0A0LzutB&cr=931314817&ir=
CHR DefaultSearchKeyword: Default -> dregol.com
U4 CmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [X]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-08-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-08-05] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO)
S3 ALSysIO; \??\C:\Users\John\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \??\C:\Users\John\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 cpuz134; \??\C:\Users\John\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 SNPSTD3; system32\DRIVERS\snpstd3.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
2015-10-22 09:44 - 2015-08-05 09:20 - 00000000 ____D C:\ProgramData\Comodo
Task: {33BADD84-F7A7-4841-86B4-1E9FB7A103CE} - \COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} -> No File <==== ATTENTION
Task: {457B65BA-E903-43AC-B3E9-69D68595F430} - \COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} -> No File <==== ATTENTION
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask -> No File <==== ATTENTION
Task: {EA8224A9-4340-43C6-8078-FEBE2CE0E0E2} - \COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Windows\uninst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\revoflt.sys:$CmdTcID
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\John:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:9341E0C6
AlternateDataStreams: C:\ProgramData\TEMP:C97C8631
AlternateDataStreams: C:\Users\John\Application Data:gs5sys
AlternateDataStreams: C:\Users\John\Cookies:gs5sys
AlternateDataStreams: C:\Users\John\Local Settings:gs5sys
AlternateDataStreams: C:\Users\John\Templates:gs5sys
AlternateDataStreams: C:\Users\John\Desktop\cf1.jpg:$CmdZnID
AlternateDataStreams: C:\Users\John\Desktop\cf2.jpg:$CmdZnID
AlternateDataStreams: C:\Users\John\Desktop\L1532-1.jpg:$CmdZnID
AlternateDataStreams: C:\Users\John\Downloads\cmdemo102.exe:$CmdTcID
AlternateDataStreams: C:\Users\John\Downloads\cmdemo102.exe:$CmdZnID
AlternateDataStreams: C:\Users\John\Downloads\dgVoodoo.conf:$CmdTcID
AlternateDataStreams: C:\Users\John\Downloads\dgVoodoo.conf:$CmdZnID
AlternateDataStreams: C:\Users\John\Downloads\JK_AMD_FIX.7z:$CmdTcID
AlternateDataStreams: C:\Users\John\Downloads\JK_AMD_FIX.7z:$CmdZnID
AlternateDataStreams: C:\Users\John\Downloads\RevoUninProSetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\John\Downloads\RevoUninProSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\John\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\John\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\John\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\John\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\John\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
Emptytemp: