CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-3974077015-3857690152-698652063-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3974077015-3857690152-698652063-1000\...\Run: [YqczPack] => regsvr32.exe C:\Users\Jamie\AppData\Local\YqczPack\qqrqyngv.dll <===== ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKU\S-1-5-21-3974077015-3857690152-698652063-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWTwUvaPdH0evuYJXKjfdg_51NrzuErIn4H44IYkR8Fz9LHA2y3f3XUSbemnrlkUooJTohwZ04ZYfzfIEKb7rV-RPzmDMABFuJuPdf4NMBRnCwH73d63YBurwXydh4NxDCS1V6d728ULJW94BUwMx9WJjje0vM&q={searchTerms}
HKU\S-1-5-21-3974077015-3857690152-698652063-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWTwUvaPdH0evuYJXKjfdg_51NrzuErIn4H44IYkR8Fz9LHA2y3f3XUSbemnrlkUooJTZlWeQdr-Y4kAA1JkRea43WNBkkZ_wRHWIcLiZ44lVhKmCvUwlXSyj0MGESNVWde_ibA1ynZKaCA8nlmMaNyi0Bvqim
HKU\S-1-5-21-3974077015-3857690152-698652063-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWTwUvaPdH0evuYJXKjfdg_51NrzuErIn4H44IYkR8Fz9LHA2y3f3XUSbemnrlkUooJTohwZ04ZYfzfIEKb7rV-RPzmDMABFuJuPdf4NMBRnCwH73d63YBurwXydh4NxDCS1V6d728ULJW94BUwMx9WJjje0vM&q={searchTerms}
HKU\S-1-5-21-3974077015-3857690152-698652063-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWTwUvaPdH0evuYJXKjfdg_51NrzuErIn4H44IYkR8Fz9LHA2y3f3XUSbemnrlkUooJTohwZ04ZYfzfIEKb7rV-RPzmDMABFuJuPdf4NMBRnCwH73d63YBurwXydh4NxDCS1V6d728ULJW94BUwMx9WJjje0vM&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWTwUvaPdH0evuYJXKjfdg_51NrzuErIn4H44IYkR8Fz9LHA2y3f3XUSbemnrlkUooJTohwZ04ZYfzfIEKb7rV-RPzmDMABFuJuPdf4NMBRnCwH73d63YBurwXydh4NxDCS1V6d728ULJW94BUwMx9WJjje0vM&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3974077015-3857690152-698652063-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWTwUvaPdH0evuYJXKjfdg_51NrzuErIn4H44IYkR8Fz9LHA2y3f3XUSbemnrlkUooJTohwZ04ZYfzfIEKb7rV-RPzmDMABFuJuPdf4NMBRnCwH73d63YBurwXydh4NxDCS1V6d728ULJW94BUwMx9WJjje0vM&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3974077015-3857690152-698652063-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWTwUvaPdH0evuYJXKjfdg_51NrzuErIn4H44IYkR8Fz9LHA2y3f3XUSbemnrlkUooJTohwZ04ZYfzfIEKb7rV-RPzmDMABFuJuPdf4NMBRnCwH73d63YBurwXydh4NxDCS1V6d728ULJW94BUwMx9WJjje0vM&q={searchTerms} 
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-09-01 00:41 - 2016-09-01 01:38 - 00000000 ____D C:\Users\Jamie\AppData\Local\YqczPack
Task: {5B1B1803-FE3A-420A-AE22-ABDE27C76152} - System32\Tasks\PPI Update => "hxxp://insightcdn.online/download/index.php?mn=9995" <==== ATTENTION
C:\Users\Jamie\AppData\Local\Temp\WindowsLoader2.6__8172_il15489.exe
C:\Users\Jamie\AppData\Local\Temp\{7D97A813-E015-4B18-B211-BC4B93BD2151}.exe
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp: