CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\MountPoints2: {5d3af21f-6686-11e6-8d98-ed656eb76b56} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\MountPoints2: {5d3af332-6686-11e6-8d98-ed656eb76b56} - "E:\HTC_Sync_Manager_PC.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:13101
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> {0D9AF04D-D70D-4AF8-A51B-CADA5C050768} URL = hxxps://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> {67A88121-0959-44EB-B659-E80911541B35} URL = hxxps://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO-x32: Toolbar BHO -> {2be98f70-2202-4f66-886c-c56f85bc28ce} -> C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\dibar.dll [2015-07-13] (Mindspark)
2016-09-06 22:05 - 2016-09-06 22:38 - 00000000 ____D C:\Program Files\COMODO
2016-09-06 22:05 - 2016-09-06 22:10 - 00000000 ____D C:\ProgramData\COMODO
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
R1 {10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64; C:\Windows\System32\drivers\{10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64.sys [48832 2014-11-06] (StdLib)
R1 {255a824a-3cde-4dee-9785-284605606456}Gw64; C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}Gw64.sys [48832 2014-10-28] (StdLib)
R1 {3cac76e7-8310-45ea-8277-96d048a78c60}Gw64; C:\Windows\System32\drivers\{3cac76e7-8310-45ea-8277-96d048a78c60}Gw64.sys [48784 2014-11-27] (StdLib)
R1 {4530e639-76ab-4435-889d-a5e81ae090a4}Gw64; C:\Windows\System32\drivers\{4530e639-76ab-4435-889d-a5e81ae090a4}Gw64.sys [48784 2014-10-20] (StdLib)
R1 {46a147d8-5171-42d8-b8a8-6a187525781d}Gw64; C:\Windows\System32\drivers\{46a147d8-5171-42d8-b8a8-6a187525781d}Gw64.sys [48784 2014-10-15] (StdLib)
R1 {51b9c91c-8e38-40ae-80de-58a590512b6b}Gw64; C:\Windows\System32\drivers\{51b9c91c-8e38-40ae-80de-58a590512b6b}Gw64.sys [48832 2014-11-10] (StdLib)
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys [61072 2014-07-24] (StdLib)
R1 {67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64; C:\Windows\System32\drivers\{67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64.sys [48784 2014-10-20] (StdLib)
R1 {6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64; C:\Windows\System32\drivers\{6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64.sys [48784 2014-10-19] (StdLib)
R1 {733fb217-c049-41ba-9504-3f2045e61977}Gw64; C:\Windows\System32\drivers\{733fb217-c049-41ba-9504-3f2045e61977}Gw64.sys [48784 2014-10-21] (StdLib)
R1 {94d62e35-4b43-494c-bf52-ba5935df36ef}Gw64; C:\Windows\System32\drivers\{94d62e35-4b43-494c-bf52-ba5935df36ef}Gw64.sys [48784 2014-12-01] (StdLib)
R1 {94d62e35-4b43-494c-bf52-ba5935df36ef}w64; C:\Windows\System32\drivers\{94d62e35-4b43-494c-bf52-ba5935df36ef}w64.sys [48784 2015-01-13] (StdLib)
R1 {9d5747ee-0448-4681-8337-1555de75a3b6}w64; C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}w64.sys [61120 2014-06-16] (StdLib)
R1 {b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64; C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64.sys [48784 2014-10-25] (StdLib)
R1 {b59efc84-8479-4faa-b02a-e5c7e85c7926}Gw64; C:\Windows\System32\drivers\{b59efc84-8479-4faa-b02a-e5c7e85c7926}Gw64.sys [48784 2014-11-26] (StdLib)
R1 {bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64; C:\Windows\System32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys [48784 2014-10-05] (StdLib)
R1 {d428f5a9-a362-4938-a8b7-f0abd920078b}Gw64; C:\Windows\System32\drivers\{d428f5a9-a362-4938-a8b7-f0abd920078b}Gw64.sys [48784 2014-12-01] (StdLib)
R1 {d997fcb4-42b4-4f84-a147-2e498567c954}Gw64; C:\Windows\System32\drivers\{d997fcb4-42b4-4f84-a147-2e498567c954}Gw64.sys [48784 2014-11-28] (StdLib)
R1 {dc592624-f532-4311-9fc7-6920126fc404}Gw64; C:\Windows\System32\drivers\{dc592624-f532-4311-9fc7-6920126fc404}Gw64.sys [48784 2014-10-22] (StdLib)
R1 {f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64; C:\Windows\System32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64.sys [48784 2014-10-22] (StdLib)
R1 {f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64; C:\Windows\System32\drivers\{f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64.sys [48832 2014-11-03] (StdLib)
R1 {fc7329ef-e953-454c-8e78-ed2cf0acb2ef}Gw64; C:\Windows\System32\drivers\{fc7329ef-e953-454c-8e78-ed2cf0acb2ef}Gw64.sys [48832 2014-10-31] (StdLib)
S1 ajcqhycc; \??\C:\WINDOWS\system32\drivers\ajcqhycc.sys [X]
U3 idsvc; no ImagePath
U5 REALPLAYERUPDATESVC; no ImagePath
2016-08-22 23:10 - 2016-08-22 23:10 - 00000000 ____D C:\Users\Mom n Dad\AppData\Roaming\YourUpdater
2016-08-22 23:08 - 2016-09-07 10:47 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-08-22 23:08 - 2016-08-23 12:20 - 00000000 ____D C:\Program Files (x86)\SoftwareUpd
2016-08-22 23:08 - 2016-08-22 23:08 - 00000000 ____D C:\Program Files (x86)\SafeSavings
2016-08-22 23:08 - 2016-08-22 23:08 - 00000000 ____D C:\Program Files (x86)\PC_Support
C:\ProgramData\dsgsdgdsgdsgw.bat
C:\ProgramData\dsgsdgdsgdsgw.reg
C:\ProgramData\pclunst.exe
C:\Users\Mom n Dad\AppData\Local\Temp\CorrLinks.exe
C:\Users\Mom n Dad\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Mom n Dad\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Mom n Dad\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Mom n Dad\AppData\Local\Temp\ICReinstall_FlashPlayerPro (2).exe
C:\Users\Mom n Dad\AppData\Local\Temp\ICReinstall_FlashPlayerPro.exe
C:\Users\Mom n Dad\AppData\Local\Temp\libeay32.dll
C:\Users\Mom n Dad\AppData\Local\Temp\lowproc.exe
C:\Users\Mom n Dad\AppData\Local\Temp\msvcr120.dll
C:\Users\Mom n Dad\AppData\Local\Temp\pspx8.0_cnet.exe
C:\Users\Mom n Dad\AppData\Local\Temp\sqlite3.dll
C:\Users\Mom n Dad\AppData\Local\Temp\stubhelper.dll
CustomCLSID: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {18041079-3723-4E8B-B901-20B5CFFC92AF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {23686742-13B4-4EFB-A9AF-597EE6A1E527} - \BrowserSafeguard Update Task -> No File <==== ATTENTION
Task: {298ABF9B-5E86-44F1-8E9D-A7DBD87B6FFE} - System32\Tasks\Microsoft\a3d90235e1136671ab1195c6078184ff => C:\Users\Mom n Dad\AppData\Roaming\DownloadManager\Updater.exe <==== ATTENTION
C:\Users\Mom n Dad\AppData\Roaming\DownloadManager\
Task: {32953015-E7B7-4C79-98EC-B3F6F0892E6D} - System32\Tasks\CIMT_S-1-5-21-1399685641-2452391960-3966799618-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
C:\Program Files (x86)\Consumer Input\
Task: {3F721923-E6BA-49CD-B1A0-79954BC009CE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4B0A68FD-7C92-4874-9013-DABFDBC5A052} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5386E8F8-AA49-4ED2-A36A-5D1144B376F0} - System32\Tasks\Microsoft\6c033f6638c78c9e7ab6997c2f8fad17 => C:\Users\Mom n Dad\AppData\Roaming\DownloadManager\Loader.exe <==== ATTENTION
Task: {982CCEB0-D695-4217-AAE2-80DCD62F1002} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A81C212C-7412-4928-AFF5-1DC6EBFCDE23} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AD274FFE-1D79-48AC-B0D3-B217B3FDD829} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B043D61A-46F6-4ABE-8E46-B932FCE8EFE2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BC8762CF-E3B3-4EF4-A5F6-6BB003BA24C3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C8C10F94-43A4-4DCF-8910-4C3299713D23} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D5AFEC8E-AAE2-40B7-85E8-25ABD11DC563} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DDD6C151-8FB1-4FDC-B222-96AADE9D7F4F} - \MySearchDial -> No File <==== ATTENTION
Task: {EDDD4B0F-1E40-4EB8-AA41-D03DD3BA531A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FAEFDA68-32CD-42AD-BADE-DD8AEDD989A2} - \PC Speed Maximizer Schedule -> No File <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gwrvpwes.sys:changelist [398]
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [264]
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp: