Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop up window appearing once every 4-6 hours [Closed]

Started by jtemail , Feb 06 2016 11:51 PM
adobe

  • This topic is locked This topic is locked

#16
jtemail
Posted 17 February 2016 - 10:21 AM

jtemail

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

As I re-read your instructions, I have clicked on the window checking to see if its alive and I wonder if I stalled it.  What are the directions for restarting it properly?

 

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


  • 0

Advertisements

#17
Essexboy
Posted 17 February 2016 - 11:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Abort the programme and run a fresh FRST scan please
  • 0

#18
jtemail
Posted 17 February 2016 - 01:11 PM

jtemail

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Actually it doesn't look like it was done after all.  I just came back to my PC and its been running for 3h10m and its now showing its up to Stage_16 and I've seen it move from  Stage 10 to 16 in the past few minutes so I may have a valid scan brewing after all.  I am going to let it finish, hopefully before I have to leave work in about an hour or so.


  • 0

#19
jtemail
Posted 17 February 2016 - 01:12 PM

jtemail

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Now just a minute or more passed by and I'm onto Stage 17, so as I said, I will let it crank away.  How many stages are there?


  • 0

#20
Essexboy
Posted 17 February 2016 - 01:14 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It varies, there may be up to 50
  • 0

#21
jtemail
Posted 17 February 2016 - 02:21 PM

jtemail

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Ha, ok.  I'm up to stage 48 now and need to leave soon.  Hopefully this thing will keep running OK on laptop battery and finish up before I can get back to a real electrical source.  It must be doing some intense scanning...


  • 0

#22
Essexboy
Posted 17 February 2016 - 03:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It does go deep and check out a lot of areas that none of the normal scans look at
  • 0

#23
jtemail
Posted 17 February 2016 - 08:07 PM

jtemail

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Ok, here is the log for the combofix.txt file.  I am going to run FRST again now as you asked.

 

ComboFix 16-02-15.01 - jthompson 02/17/2016  10:05:29.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3793.1114 [GMT -5:00]
Running from: c:\users\mqc874\Desktop\ComboFix.exe
AV: System Center Endpoint Protection *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: System Center Endpoint Protection *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\programdata\Roaming
c:\users\mqc874\g2mdlhlpx.exe
c:\windows\msdownld.tmp
c:\windows\SysWow64\DEBUG.log
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2016-01-17 to 2016-02-17  )))))))))))))))))))))))))))))))
.
.
2016-02-17 20:39 . 2016-02-17 20:39 -------- d-----w- c:\users\TEMP.ARRS.002\AppData\Local\temp
2016-02-17 20:39 . 2016-02-17 20:39 -------- d-----w- c:\users\TEMP.ARRS.000\AppData\Local\temp
2016-02-17 20:39 . 2016-02-17 20:39 -------- d-----w- c:\users\QMM-svc\AppData\Local\temp
2016-02-17 20:39 . 2016-02-17 20:39 -------- d-----w- c:\users\Qmigrator\AppData\Local\temp
2016-02-17 20:39 . 2016-02-17 20:39 -------- d-----w- c:\users\qmigrator.ARRS\AppData\Local\temp
2016-02-17 20:39 . 2016-02-17 20:39 -------- d-----w- c:\users\jthompson\AppData\Local\temp
2016-02-17 20:39 . 2016-02-17 20:39 -------- d-----w- c:\users\FirstUser\AppData\Local\temp
2016-02-17 13:56 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-02-09 16:31 . 2016-02-09 19:48 -------- d-----w- C:\AdwCleaner
2016-02-08 20:37 . 2016-02-08 23:19 -------- d-----w- C:\6Y2UrOId29PWot9k
2016-02-08 19:45 . 2016-02-08 19:45 -------- d-----w- c:\users\mqc874\AppData\Roaming\Enigma Software Group
2016-02-08 19:45 . 2016-02-08 19:45 -------- d-----w- C:\sh4ldr
2016-02-08 19:44 . 2016-02-08 19:44 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-02-08 19:44 . 2016-02-08 19:44 -------- d-----w- c:\program files\Enigma Software Group
2016-02-08 15:47 . 2016-02-15 16:46 -------- d-----w- C:\FRST
2016-02-06 19:58 . 2016-02-06 19:58 -------- d-----w- c:\users\mqc874\AppData\Local\CEF
2016-02-06 19:52 . 2016-02-06 19:52 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2016-02-06 19:30 . 2016-02-06 21:26 -------- d-----w- C:\KVRT_Data
2016-02-05 15:39 . 2016-02-05 15:39 -------- d-----w- c:\users\mqc874\AppData\Roaming\SUPERAntiSpyware.com
2016-02-05 15:38 . 2016-02-05 15:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2016-02-05 15:38 . 2016-02-05 15:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2016-02-05 13:47 . 2015-07-01 18:30 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F9BEF04-F328-46BE-95AB-21E9736610D2}\gapaengine.dll
2016-02-03 17:00 . 2013-08-22 05:17 2407936 ----a-w- c:\windows\SysWow64\PrintConfig.dll
2016-02-02 15:38 . 2016-02-02 15:39 -------- d-----w- c:\users\mqc874\New folder
2016-01-27 16:06 . 2015-08-27 18:18 2004480 ----a-w- c:\windows\system32\msxml6.dll
2016-01-27 16:06 . 2015-08-27 17:58 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll
2016-01-27 16:06 . 2015-08-27 18:18 1887232 ----a-w- c:\windows\system32\msxml3.dll
2016-01-27 16:06 . 2015-08-27 18:13 2048 ----a-w- c:\windows\system32\msxml6r.dll
2016-01-27 16:06 . 2015-08-27 18:13 2048 ----a-w- c:\windows\system32\msxml3r.dll
2016-01-27 16:06 . 2015-08-27 17:58 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2016-01-27 16:06 . 2015-08-27 17:51 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2016-01-27 16:06 . 2015-08-27 17:51 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2016-01-26 17:56 . 2015-07-16 19:12 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
2016-01-26 17:56 . 2015-07-16 19:11 62976 ----a-w- c:\windows\system32\tsgqec.dll
2016-01-26 17:56 . 2015-07-16 19:12 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2016-01-26 17:56 . 2015-07-16 19:12 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
2016-01-26 17:56 . 2015-07-16 19:11 7077376 ----a-w- c:\windows\system32\mstscax.dll
2016-01-26 17:56 . 2015-07-16 19:11 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll
2016-01-26 17:56 . 2015-07-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe
2016-01-26 17:53 . 2015-08-05 17:56 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2016-01-26 17:51 . 2015-11-05 19:02 2048 ----a-w- c:\windows\system32\tzres.dll
2016-01-26 17:51 . 2015-11-05 19:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-01-26 17:49 . 2015-07-15 18:10 1743360 ----a-w- c:\windows\system32\sysmain.dll
2016-01-26 17:49 . 2015-07-15 18:10 11264 ----a-w- c:\windows\system32\msmmsp.dll
2016-01-26 17:49 . 2015-07-15 18:15 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2016-01-26 17:49 . 2015-07-15 18:02 2560 ----a-w- c:\windows\system32\drivers\en-US\mountmgr.sys.mui
2016-01-26 17:48 . 2015-08-06 18:04 14176768 ----a-w- c:\windows\system32\shell32.dll
2016-01-26 17:48 . 2015-08-06 18:03 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-01-26 17:48 . 2015-08-06 17:44 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-01-26 17:48 . 2015-09-01 18:14 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2016-01-26 17:48 . 2015-09-01 18:14 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2016-01-26 17:48 . 2015-09-01 18:14 110592 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2016-01-26 17:48 . 2015-09-01 18:13 224768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2016-01-26 17:48 . 2015-09-01 18:12 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2016-01-26 17:48 . 2015-09-01 17:52 348672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2016-01-26 17:48 . 2015-09-01 17:52 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2016-01-26 17:47 . 2015-11-03 19:04 802304 ----a-w- c:\windows\system32\usp10.dll
2016-01-26 17:47 . 2015-11-03 18:56 627712 ----a-w- c:\windows\SysWow64\usp10.dll
2016-01-26 17:43 . 2015-08-05 17:06 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2016-01-26 17:43 . 2015-08-05 17:56 22528 ----a-w- c:\windows\system32\icaapi.dll
2016-01-26 17:41 . 2015-07-09 17:58 82944 ----a-w- c:\windows\system32\dwmapi.dll
2016-01-26 17:41 . 2015-07-09 17:58 1632256 ----a-w- c:\windows\system32\dwmcore.dll
2016-01-26 17:41 . 2015-07-09 17:42 67584 ----a-w- c:\windows\SysWow64\dwmapi.dll
2016-01-26 17:41 . 2015-07-09 17:42 1372160 ----a-w- c:\windows\SysWow64\dwmcore.dll
2016-01-26 17:39 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2016-01-26 17:37 . 2015-11-10 18:55 1180160 ----a-w- c:\windows\system32\FntCache.dll
2016-01-26 17:37 . 2015-11-10 18:55 1008640 ----a-w- c:\windows\system32\user32.dll
2016-01-26 17:37 . 2015-11-10 18:39 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2016-01-26 17:37 . 2015-11-10 18:37 833024 ----a-w- c:\windows\SysWow64\user32.dll
2016-01-26 17:37 . 2015-11-10 18:55 1648128 ----a-w- c:\windows\system32\DWrite.dll
2016-01-26 17:37 . 2015-11-10 17:47 3211264 ----a-w- c:\windows\system32\win32k.sys
2016-01-26 17:37 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll
2016-01-26 17:37 . 2015-07-01 20:48 102912 ----a-w- c:\windows\system32\davclnt.dll
2016-01-26 17:37 . 2015-07-01 20:30 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll
2016-01-26 17:37 . 2015-07-01 20:30 82432 ----a-w- c:\windows\SysWow64\davclnt.dll
2016-01-26 17:36 . 2015-06-17 17:47 404992 ----a-w- c:\windows\system32\gdi32.dll
2016-01-26 17:36 . 2015-06-17 17:37 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2016-01-26 17:35 . 2015-11-05 19:05 17408 ----a-w- c:\windows\system32\wshrm.dll
2016-01-26 17:35 . 2015-11-05 19:02 14848 ----a-w- c:\windows\SysWow64\wshrm.dll
2016-01-26 17:35 . 2015-11-05 09:53 146944 ----a-w- c:\windows\system32\drivers\rmcast.sys
2016-01-26 17:33 . 2015-10-01 18:04 616360 ----a-w- c:\windows\system32\winresume.efi
2016-01-26 17:33 . 2015-10-01 18:00 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2016-01-26 17:33 . 2015-10-01 17:00 61440 ----a-w- c:\windows\system32\drivers\appid.sys
2016-01-26 17:33 . 2015-10-01 18:00 59392 ----a-w- c:\windows\system32\appidapi.dll
2016-01-26 17:33 . 2015-10-01 18:00 32768 ----a-w- c:\windows\system32\appidsvc.dll
2016-01-26 17:33 . 2015-10-01 18:00 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2016-01-26 17:33 . 2015-10-01 17:50 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2016-01-26 17:33 . 2015-10-01 18:00 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2016-01-26 17:33 . 2015-10-01 18:06 692672 ----a-w- c:\windows\system32\winload.efi
2016-01-26 17:29 . 2015-10-20 01:05 86528 ----a-w- c:\windows\system32\TSpkg.dll
2016-01-26 17:18 . 2015-07-30 18:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2016-01-26 17:18 . 2015-07-30 17:57 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2016-01-26 17:18 . 2015-10-29 17:50 23552 ----a-w- c:\windows\system32\sdbinst.exe
2016-01-26 17:18 . 2015-10-29 17:49 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2016-01-26 17:18 . 2015-10-29 17:50 6656 ----a-w- c:\windows\system32\shimeng.dll
2016-01-26 17:18 . 2015-10-29 17:50 342016 ----a-w- c:\windows\system32\apphelp.dll
2016-01-26 17:18 . 2015-10-29 17:50 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2016-01-26 17:18 . 2015-10-29 17:50 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2016-01-26 17:18 . 2015-10-29 17:49 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2016-01-26 17:15 . 2015-07-23 00:02 1390592 ----a-w- c:\windows\system32\diagtrack.dll
2016-01-26 17:15 . 2015-07-23 00:02 879104 ----a-w- c:\windows\system32\tdh.dll
2016-01-26 17:15 . 2015-07-22 17:53 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2016-01-26 17:15 . 2015-07-22 16:48 41984 ----a-w- c:\windows\system32\UtcResources.dll
2016-01-26 17:14 . 2015-07-23 00:02 879104 ----a-w- c:\windows\system32\advapi32.dll
2016-01-26 17:14 . 2015-07-22 17:53 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2016-01-26 17:14 . 2015-07-09 17:57 193536 ----a-w- c:\windows\system32\notepad.exe
2016-01-26 17:14 . 2015-07-09 17:57 193536 ----a-w- c:\windows\notepad.exe
2016-01-26 17:14 . 2015-07-09 17:42 179712 ----a-w- c:\windows\SysWow64\notepad.exe
2016-01-26 17:12 . 2015-06-25 10:06 115136 ----a-w- c:\windows\system32\consent.exe
2016-01-26 17:12 . 2015-06-25 10:01 70656 ----a-w- c:\windows\system32\appinfo.dll
2016-01-26 17:12 . 2015-06-25 10:01 1941504 ----a-w- c:\windows\system32\authui.dll
2016-01-26 17:12 . 2015-06-25 09:44 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2016-01-26 17:06 . 2015-10-13 04:57 950720 ----a-w- c:\windows\system32\drivers\ndis.sys
2016-01-26 17:01 . 2015-09-02 03:04 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-01-26 17:01 . 2015-09-02 03:04 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-01-26 17:01 . 2015-09-02 03:04 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-01-26 17:01 . 2015-09-02 02:48 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-01-26 17:01 . 2015-09-02 02:48 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-01-26 17:01 . 2015-09-02 02:48 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-01-26 17:01 . 2015-09-02 03:04 41984 ----a-w- c:\windows\system32\lpk.dll
2016-01-26 17:01 . 2015-09-02 02:47 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-01-26 17:01 . 2015-09-02 01:47 372736 ----a-w- c:\windows\system32\atmfd.dll
2016-01-26 17:01 . 2015-09-02 01:33 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-01-22 22:33 . 2016-02-01 05:22 -------- d-----w- C:\Arris Office 2013
2016-01-22 18:11 . 2016-01-22 18:11 -------- d-----w- c:\users\mqc874\AppData\Roaming\Ellanet
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-11 15:08 . 2012-05-17 21:24 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-02-11 15:08 . 2012-05-17 21:24 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-14 16:05 . 2015-12-14 16:06 227520 ----a-w- c:\windows\system32\psping.exe
2015-12-14 16:05 . 2015-12-14 16:06 207664 ----a-w- c:\windows\system32\psshutdown.exe
2015-12-14 16:05 . 2015-12-14 16:06 187184 ----a-w- c:\windows\system32\pssuspend.exe
2015-12-14 16:05 . 2015-12-14 16:06 468592 ----a-w- c:\windows\system32\pskill.exe
2015-12-14 16:05 . 2015-12-14 16:06 396480 ----a-w- c:\windows\system32\PsExec.exe
2015-12-14 16:05 . 2015-12-14 16:06 390520 ----a-w- c:\windows\system32\PsInfo.exe
2015-12-14 16:05 . 2015-12-14 16:06 333176 ----a-w- c:\windows\system32\PsGetsid.exe
2015-12-14 16:05 . 2015-12-14 16:06 232232 ----a-w- c:\windows\system32\pslist.exe
2015-12-14 16:05 . 2015-12-14 16:06 183160 ----a-w- c:\windows\system32\PsLoggedon.exe
2015-12-14 16:05 . 2015-12-14 16:06 178040 ----a-w- c:\windows\system32\psloglist.exe
2015-12-14 16:05 . 2015-12-14 16:06 171608 ----a-w- c:\windows\system32\pspasswd.exe
2015-12-14 16:05 . 2015-12-14 16:06 169848 ----a-w- c:\windows\system32\PsService.exe
2015-12-14 16:05 . 2015-12-14 16:06 105264 ----a-w- c:\windows\system32\psfile.exe
2015-12-09 03:39 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-12-08 09:00 . 2015-12-08 09:00 214832 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2015-12-08 09:00 . 2015-12-08 09:00 122160 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2015-11-25 15:23 . 2015-11-25 15:23 58640 ----a-w- c:\windows\system32\drivers\DisplayLinkUsbIo_x64_7.9.630.0.sys
2015-11-25 15:23 . 2015-11-25 15:23 1425936 ----a-w- c:\windows\system32\DisplayLinkUsbCo64_7.9.630.0.dll
2015-11-24 00:10 . 2012-06-05 21:29 140158008 ----a-w- c:\windows\system32\MRT.exe
2014-08-16 23:16 . 2012-12-10 15:50 13024768 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2012-05-18 21:11 . 2012-05-18 18:20 132 ----a-w- c:\program files\RSASecurIDToken410.bat
2012-04-23 20:18 . 2012-05-16 15:08 2584848 ----a-w- c:\program files\WindowsInstaller-KB893803-x86.exe
2012-04-23 20:18 . 2012-05-16 15:08 645040 ----a-w- c:\program files\smcinst.exe
2012-04-23 20:18 . 2012-05-16 15:08 2587056 ----a-w- c:\program files\Setup.exe
2012-04-23 20:18 . 2012-05-16 15:08 7644672 ----a-w- c:\program files\Sep64.msi
2012-01-06 13:32 . 2012-01-06 13:32 1068952 ----a-w- c:\program files\BESRemove-8.2.1093.0.exe
2012-01-03 11:37 . 2012-01-03 11:37 6834176 ----a-w- c:\program files\BESClientMSI.msi
2011-10-19 17:54 . 2012-05-18 18:20 10307072 ----a-w- c:\program files\RSASecurIDToken410.msi
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-11-10 20:45 1731800 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-11-10 20:45 1731800 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-11-10 20:45 1731800 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Push Client"="c:\users\mqc874\AppData\Local\ATT Connect\Participant\pull.exe" [2011-04-27 966944]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2015-09-02 721504]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2014-04-30 578560]
"PTOneClick"="c:\program files (x86)\WebEx\Productivity Tools\ptoneclk.exe" [2015-03-04 197368]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2015-09-04 4377256]
"Lync"="c:\program files (x86)\Microsoft Office\Office15\lync.exe" [2015-11-18 24117416]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2015-07-27 1566016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2016-01-21 7935904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-07-18 292088]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2012-02-28 133400]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-12-20 507744]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-12-22 362432]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2015-07-27 311616]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2012-06-15 136488]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCam.exe" [2012-06-15 234000]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2015-09-04 4377256]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2015-10-08 917112]
.
c:\users\mqc874\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Verizon Wireless Software Utility Application for Android – Samsung.lnk.disabled [2014-7-15 1935]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2012-4-1 1390368]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid [email protected] [2012-12-10 13024768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableInstallerDetection"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"ConnectHomeDirToRoot"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk /r \??\D:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\ThinkPad\Bluetooth Software\BtwProximityCP.dll c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1503781981-2815224856-594536586-135526\Scripts\Logon\0\0]
"Script"=disableproxy.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1503781981-2815224856-594536586-135526\Scripts\Logon\1\0]
"Script"=intranetZone.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1830819319-1975652134-394877016-74296\Scripts\Logon\0\0]
"Script"=Regedit.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2715536563-2913614024-2021022987-11069\Scripts\Logon\0\0]
"Script"=Regedit.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Andy"=c:\program files\Andy\HandyAndy.exe
"LGODDFU"=c:\program files (x86)\lg_fwupdate\lgfw.exe blrun
"Wondershare Helper Compact.exe"=c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe [x]
R3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys;c:\windows\SYSNATIVE\drivers\ahcix64s.sys [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;c:\windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.9.630.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbIo_x64_7.9.630.0.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 iaStorS;iaStorS;c:\windows\system32\drivers\iaStorS.sys;c:\windows\SYSNATIVE\drivers\iaStorS.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe;c:\program files\Microsoft Policy Platform\policyHost.exe [x]
R3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe;c:\program files\Microsoft Policy Platform\policyHost.exe [x]
R3 LS Config Download Service;LS Config Download Service;c:\program files (x86)\OnGuard\LnlConfigDownloadService.exe;c:\program files (x86)\OnGuard\LnlConfigDownloadService.exe [x]
R3 LS Linkage Server;LS Linkage Server;c:\program files (x86)\OnGuard\LSLServer.exe;c:\program files (x86)\OnGuard\LSLServer.exe [x]
R3 LS PTZ Tour Server;LS PTZ Tour Server;c:\program files (x86)\OnGuard\LnlPTZTourServer.exe;c:\program files (x86)\OnGuard\LnlPTZTourServer.exe [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 mv64xx;mv64xx;c:\windows\system32\drivers\mv64xx.sys;c:\windows\SYSNATIVE\drivers\mv64xx.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NgFilter;Aventail VPN Filter;c:\windows\system32\DRIVERS\ngfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ngfilter.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PrintNotify;Printer Extensions and Notifications;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ser2co;Belkin Serial port driver;c:\windows\system32\DRIVERS\ser2co64.sys;c:\windows\SYSNATIVE\DRIVERS\ser2co64.sys [x]
R3 silabenm;CP2102 USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys;c:\windows\SYSNATIVE\DRIVERS\silabenm.sys [x]
R3 silabser;CP2102 USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 atccorrector;Absolute Time Corrector Service;c:\program files (x86)\FlexibleSoft\Absolute Time Corrector\atcorrector.exe;c:\program files (x86)\FlexibleSoft\Absolute Time Corrector\atcorrector.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 CAMService;CAM Service;c:\program files\Intel\CAM\bin\CAMService.exe;c:\program files\Intel\CAM\bin\CAMService.exe [x]
S2 CipcCdp;Cisco IP Communicator driver for CDP;c:\windows\system32\DRIVERS\CipcCdp.sys;c:\windows\SYSNATIVE\DRIVERS\CipcCdp.sys [x]
S2 CmRcService;Configuration Manager Remote Control;c:\windows\CCM\RemCtrl\CmRcService.exe;c:\windows\CCM\RemCtrl\CmRcService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
S2 GenieWifiService;GenieWifiService;c:\program files (x86)\Genie Soft\Genie Wifi\GenieWifiService.exe;c:\program files (x86)\Genie Soft\Genie Wifi\GenieWifiService.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 LpsSearchSvc;LpsSearchSvc;c:\program files (x86)\Common Files\Lenel\LpsSearchSvc.exe;c:\program files (x86)\Common Files\Lenel\LpsSearchSvc.exe [x]
S2 LS Client Update;LS Client Update;c:\program files (x86)\OnGuard\Lnl.OG.AutoUpgrade.Client.exe;c:\program files (x86)\OnGuard\Lnl.OG.AutoUpgrade.Client.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe;c:\windows\SYSNATIVE\ngvpnmgr.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 PanGPS;PanGPS;c:\program files\Palo Alto Networks\GlobalProtect\PanGPS.exe;c:\program files\Palo Alto Networks\GlobalProtect\PanGPS.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 risdxc;risdxc;c:\windows\system32\drivers\risdxc64.sys;c:\windows\SYSNATIVE\drivers\risdxc64.sys [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe;c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe;c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys;c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]
S3 NgLog;Aventail VPN Logging;c:\windows\system32\DRIVERS\nglog.sys;c:\windows\SYSNATIVE\DRIVERS\nglog.sys [x]
S3 NgVpn;Aventail VPN Adapter;c:\windows\system32\DRIVERS\ngvpn.sys;c:\windows\SYSNATIVE\DRIVERS\ngvpn.sys [x]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\DRIVERS\ngwfp.sys;c:\windows\SYSNATIVE\DRIVERS\ngwfp.sys [x]
S3 PanGpd;PanGP Virtual Miniport;c:\windows\system32\DRIVERS\pangpd.sys;c:\windows\SYSNATIVE\DRIVERS\pangpd.sys [x]
S3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-11 03:52 1090376 ----a-w- c:\program files (x86)\Google\Chrome\Application\48.0.2564.109\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 15:08]
.
2016-02-17 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1830819319-1975652134-394877016-74296.job
- c:\program files (x86)\Citrix\GoToMeeting\4419\g2mupdate.exe [2016-02-12 15:39]
.
2016-02-17 c:\windows\Tasks\G2MUploadTask-S-1-5-21-1830819319-1975652134-394877016-74296.job
- c:\program files (x86)\Citrix\GoToMeeting\4419\g2mupload.exe [2016-02-12 15:39]
.
2016-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-17 16:29]
.
2016-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-17 16:29]
.
2016-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1503781981-2815224856-594536586-135526Core.job
- c:\users\mqc874\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-03 19:49]
.
2016-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1503781981-2815224856-594536586-135526UA.job
- c:\users\mqc874\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-03 19:49]
.
2016-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2715536563-2913614024-2021022987-11069Core1cf8eeef8b826ea.job
- c:\users\mqc874\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-03 19:49]
.
2016-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2715536563-2913614024-2021022987-11069UA1cf8eeef8d4135a.job
- c:\users\mqc874\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-03 19:49]
.
2016-02-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a8fe8680-abe2-45e8-8d8b-466c8abc0456.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2016-02-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e98c4c5a-8f87-4354-b7ea-3b9df25865ab.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-11-10 20:50 2339032 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-11-10 20:50 2339032 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-11-10 20:50 2339032 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-04-17 12480616]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-06-02 290160]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 2114376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-02-20 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-02-20 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-02-20 441152]
"GlobalProtect"="c:\program files\Palo Alto Networks\GlobalProtect\PanGPA.exe" [2015-09-10 1802032]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2015-06-12 4879264]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-09 170256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: LastPass - file://c:\users\mqc874\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\mqc874\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office15\ONBttnIE.dll/105
Trusted Zone: arrisi.com\arris-mysites
Trusted Zone: arrisi.com\horizon
TCP: DhcpNameServer = 10.35.151.2 10.43.1.1 10.0.248.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
DPF: {F6962361-AD4A-4897-A356-3E10A15A102C} - hxxps://webxadmin-vm.arrisi.com/client/T27LD/webex/ieatgpc1.cab
FF - ProfilePath - c:\users\mqc874\AppData\Roaming\Mozilla\Firefox\Profiles\6illyohj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-atc.exe - (no file)
Wow6432Node-HKCU-Run-GenieFloater - c:\program files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe
SafeBoot-29361337.sys
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-NETGCOMM&0846&1100 - c:\program files (x86)\Netgear\MCU\CP2102\DriverUninstaller.exe VCP CP210x Cardinal\NETGCOMM&0846&1100
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\atccorrector]
"ImagePath"="c:\program files (x86)\FlexibleSoft\Absolute Time Corrector\atcorrector.exe /startedbyscm:72129319-40E32761-atccorrector"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1830819319-1975652134-394877016-74296\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9547D776-A04C-E308-9601-4A3F32D36EB0}*]
@Allowed: (Read) (RestrictedCode)
"oabfmmnffoemkolcioklbofpkdncoa"=hex:6a,61,6d,6d,66,6f,6d,6c,70,70,6c,6c,70,63,
   64,64,64,6d,61,61,00,00
"pahdpfojkjpnkhfclfpnlpaljajcinfd"=hex:6a,61,6d,6d,66,6f,6d,6c,70,70,6c,6c,70,
   63,64,64,64,6d,61,61,00,00
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-02-17  15:41:09
ComboFix-quarantined-files.txt  2016-02-17 20:41
.
Pre-Run: 12,596,416,512 bytes free
Post-Run: 12,463,075,328 bytes free
.
- - End Of File - - D9F289007CABC21A09C61B0F21BA5B31

  • 0

#24
jtemail
Posted 17 February 2016 - 08:20 PM

jtemail

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Now I've run Farbar again and attached the log files.

 

EDIT: These are the original logs.  Let me attach the new ones in the next post.  I got rid of the old ones in this edit.


Edited by jtemail, 17 February 2016 - 08:30 PM.

  • 0

#25
jtemail
Posted 17 February 2016 - 08:29 PM

jtemail

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Here are the current ones just ran:

 

Attached File  FRST.txt   101.97KB   277 downloads

 

Attached File  Addition.txt   60.33KB   316 downloads

 


  • 0

Advertisements

#26
Essexboy
Posted 18 February 2016 - 11:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If this fails we may have to do a registry search

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-1830819319-1975652134-394877016-74296 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-1830819319-1975652134-394877016-74296 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1830819319-1975652134-394877016-74296\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
CHR Extension: (Google Search) - C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-08]
CHR Extension: (Google Slides) - C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-08]
CHR Extension: (Google Slides) - C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-08]
CHR Extension: (Google Slides) - C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-02-15]
CHR Extension: (Google Slides) - C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-02-09]
CHR Extension: (Google Slides) - C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-08]
CHR Extension: (Google Slides) - C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-08]
2016-02-08 15:37 - 2016-02-08 18:19 - 00000000 ____D C:\6Y2UrOId29PWot9k
2016-02-08 14:46 - 2016-02-08 14:46 - 00000000 _____ C:\autoexec.bat
2016-01-22 19:06 - 2016-02-01 00:07 - 00000000 ____D C:\Users\mqc874\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]
2016-01-22 19:06 - 2016-01-22 19:06 - 00138507 _____ C:\Users\mqc874\Downloads\Adobe+Photoshop+CS6+13.0.1+Final++Multilanguage+%28cracked+dll%29+%5BC.torrent
2016-01-22 19:00 - 2016-01-22 19:00 - 00021470 _____ C:\Users\mqc874\Downloads\[www.seedpeer.eu] Adobe Photoshop Cs6 13 0 1 Final Multilanguage Cracked Dll.SEEDPEER.torrent
2016-02-05 09:41 - 2014-05-15 19:50 - 00000000 __SHD C:\Users\mqc874\AppData\LocalLow\EmieUserList
2016-02-05 09:41 - 2014-05-15 19:50 - 00000000 __SHD C:\Users\mqc874\AppData\LocalLow\EmieSiteList
2016-01-27 14:40 - 2014-05-12 09:59 - 00000000 __SHD C:\Users\mqc874\AppData\Local\EmieUserList
2016-01-27 14:40 - 2014-05-12 09:59 - 00000000 __SHD C:\Users\mqc874\AppData\Local\EmieSiteList
2013-05-22 11:10 - 2013-05-22 11:10 - 0000037 ___SH () C:\Users\mqc874\AppData\Local\70149b02515b3bb20dd492.47983420
C:\Program Files (x86)\Mobogenie3
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#27
jtemail
Posted 19 February 2016 - 08:06 AM

jtemail

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Thanks, will try this right now...


  • 0

#28
jtemail
Posted 19 February 2016 - 08:15 AM

jtemail

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Ok, here is the output of the latest try.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by jthompson (2016-02-19 09:08:40) Run:3
Running from C:\Users\mqc874\Desktop
Loaded Profiles: jthompson (Available Profiles: qmigrator & jthompson & QMM-svc & QMM-svc & FirstUser & Batwings)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-1830819319-1975652134-394877016-74296 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-1830819319-1975652134-394877016-74296 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1830819319-1975652134-394877016-74296\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
CHR Extension: (Google Search) - C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-08]
CHR Extension: (Google Slides) - C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-08]
CHR Extension: (Google Slides) - C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-08]
CHR Extension: (Google Slides) - C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-02-15]
CHR Extension: (Google Slides) - C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-02-09]
CHR Extension: (Google Slides) - C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-08]
CHR Extension: (Google Slides) - C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-08]
2016-02-08 15:37 - 2016-02-08 18:19 - 00000000 ____D C:\6Y2UrOId29PWot9k
2016-02-08 14:46 - 2016-02-08 14:46 - 00000000 _____ C:\autoexec.bat
2016-01-22 19:06 - 2016-02-01 00:07 - 00000000 ____D C:\Users\mqc874\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]
2016-01-22 19:06 - 2016-01-22 19:06 - 00138507 _____ C:\Users\mqc874\Downloads\Adobe+Photoshop+CS6+13.0.1+Final++Multilanguage+%28cracked+dll%29+%5BC.torrent
2016-01-22 19:00 - 2016-01-22 19:00 - 00021470 _____ C:\Users\mqc874\Downloads\[www.seedpeer.eu] Adobe Photoshop Cs6 13 0 1 Final Multilanguage Cracked Dll.SEEDPEER.torrent
2016-02-05 09:41 - 2014-05-15 19:50 - 00000000 __SHD C:\Users\mqc874\AppData\LocalLow\EmieUserList
2016-02-05 09:41 - 2014-05-15 19:50 - 00000000 __SHD C:\Users\mqc874\AppData\LocalLow\EmieSiteList
2016-01-27 14:40 - 2014-05-12 09:59 - 00000000 __SHD C:\Users\mqc874\AppData\Local\EmieUserList
2016-01-27 14:40 - 2014-05-12 09:59 - 00000000 __SHD C:\Users\mqc874\AppData\Local\EmieSiteList
2013-05-22 11:10 - 2013-05-22 11:10 - 0000037 ___SH () C:\Users\mqc874\AppData\Local\70149b02515b3bb20dd492.47983420
C:\Program Files (x86)\Mobogenie3
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION => restored successfully
HKU\S-1-5-21-1830819319-1975652134-394877016-74296 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION => restored successfully
HKU\S-1-5-21-1830819319-1975652134-394877016-74296 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION => restored successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1830819319-1975652134-394877016-74296\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}" => key removed successfully
C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => moved successfully
C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap => moved successfully
C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi => moved successfully
C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd => moved successfully
C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma => moved successfully
C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek => moved successfully
C:\Users\mqc874\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake => moved successfully
C:\6Y2UrOId29PWot9k => moved successfully
C:\autoexec.bat => moved successfully
"C:\Users\mqc874\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]" => not found.
C:\Users\mqc874\Downloads\Adobe+Photoshop+CS6+13.0.1+Final++Multilanguage+%28cracked+dll%29+%5BC.torrent => moved successfully
C:\Users\mqc874\Downloads\[www.seedpeer.eu] Adobe Photoshop Cs6 13 0 1 Final Multilanguage Cracked Dll.SEEDPEER.torrent => moved successfully
C:\Users\mqc874\AppData\LocalLow\EmieUserList => moved successfully
C:\Users\mqc874\AppData\LocalLow\EmieSiteList => moved successfully
C:\Users\mqc874\AppData\Local\EmieUserList => moved successfully
C:\Users\mqc874\AppData\Local\EmieSiteList => moved successfully
C:\Users\mqc874\AppData\Local\70149b02515b3bb20dd492.47983420 => moved successfully
"C:\Program Files (x86)\Mobogenie3" => not found.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1830819319-1975652134-394877016-74296\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1830819319-1975652134-394877016-74296\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 206.6 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 09:08:58 ====

  • 0

#29
Essexboy
Posted 19 February 2016 - 08:36 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK it is now a matter of waiting to see if it appears
  • 0

#30
jtemail
Posted 19 February 2016 - 12:52 PM

jtemail

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Unfortunately it has appeared just about an hour ago again. It's just truly amazing how persistent this thing is.  I don't know what the name of this thing is but I've never matched up with something so hard to eradicate.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: adobe

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP