Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Think I got a virus...

Started by stevenlaks , Nov 30 2015 08:15 PM

  • This topic is locked This topic is locked

#16
zep516
Posted 01 December 2015 - 02:14 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
What issues remain ?

Joe
  • 0

Advertisements

#17
stevenlaks
Posted 01 December 2015 - 02:19 PM

stevenlaks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Definitely running much better. Thank you very much. Error at start up is gone. Unwanted desktop icons are gone.

 

However I believe the main threats are still active as I am not able to upgrade operating system from Windows 7 to 10

and still am not able to update Internet Explorer from 8 to 11.

 

I was finally able to download Chrome.

 

When trying to download Windows 10 it simply does nothing.

When trying to download Internet Explorer 11 the download begins, says its installing then says its restarting but fails and says it can't complete.

 

There were 3 files "installed" that I could not uninstall. One was Norton, it's now gone.

PeachTree accounting software is another - program has been deleted, one file remains.

Logitech Web Cam is the other. Logitech is now displaying Like this: Logitech Inc. Inc. Inc. Inc. Inc. Inc. - program has been deleted, one file remains.


  • 0

#18
zep516
Posted 01 December 2015 - 02:36 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Lets run combofix,

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer



Please post the Log from Combofix
  • 0

#19
stevenlaks
Posted 01 December 2015 - 03:15 PM

stevenlaks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

ComboFix 15-11-30.01 - stevenlaks 12/01/2015 15:57:30.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2017 [GMT -5:00]

Running from: c:\users\stevenlaks\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\programdata\AAUserName.txt

c:\users\stevenlaks\AppData\Roaming\Adobe\plugs

c:\windows\msdownld.tmp

.

.

((((((((((((((((((((((((( Files Created from 2015-11-01 to 2015-12-01 )))))))))))))))))))))))))))))))

.

.

2015-12-01 21:06 . 2015-12-01 21:06 -------- d-----w- c:\users\Guest\AppData\Local\temp

2015-12-01 21:06 . 2015-12-01 21:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2015-12-01 20:44 . 2015-12-01 20:44 -------- d-----r- c:\users\Public

2015-12-01 20:04 . 2015-11-17 12:43 11138400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{48BD8070-F98E-43A8-92E6-15CE9F6EC5D6}\mpengine.dll

2015-12-01 16:27 . 2015-12-01 19:52 -------- d-----w- C:\FRST

2015-12-01 16:05 . 2015-12-01 16:06 -------- d-----w- c:\program files (x86)\Common Files\Peach

2015-12-01 14:48 . 2015-11-17 12:43 11138400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2015-12-01 12:40 . 2015-12-01 12:40 0 ----a-w- c:\windows\ativpsrm.bin

2015-12-01 03:47 . 2015-12-01 20:42 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-12-01 03:47 . 2015-10-05 14:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2015-12-01 03:47 . 2015-10-05 14:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2015-12-01 03:47 . 2015-10-05 14:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2015-12-01 03:47 . 2015-12-01 03:47 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware

2015-11-30 14:58 . 2015-11-30 14:58 -------- d-----w- c:\users\stevenlaks\AppData\Local\CEF

2015-11-22 03:00 . 2015-11-22 03:00 -------- d-----w- c:\users\stevenlaks\AppData\Local\GWX

2015-11-19 02:59 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2015-11-19 02:59 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll

2015-11-19 02:09 . 2015-09-02 03:04 41984 ----a-w- c:\windows\system32\lpk.dll

2015-11-19 02:09 . 2015-09-02 03:04 14336 ----a-w- c:\windows\system32\dciman32.dll

2015-11-19 02:09 . 2015-09-02 03:04 46080 ----a-w- c:\windows\system32\atmlib.dll

2015-11-19 02:09 . 2015-09-02 02:48 10240 ----a-w- c:\windows\SysWow64\dciman32.dll

2015-11-19 02:09 . 2015-09-02 02:48 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2015-11-19 02:09 . 2015-09-02 01:47 372736 ----a-w- c:\windows\system32\atmfd.dll

2015-11-19 02:09 . 2015-09-02 01:33 299520 ----a-w- c:\windows\SysWow64\atmfd.dll

2015-11-19 02:09 . 2015-09-02 03:04 100864 ----a-w- c:\windows\system32\fontsub.dll

2015-11-19 02:09 . 2015-09-02 02:48 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

2015-11-19 02:09 . 2015-09-02 02:47 25600 ----a-w- c:\windows\SysWow64\lpk.dll

2015-11-18 23:01 . 2015-06-24 20:00 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60B8007B-FCCF-4784-AD87-667DE7BA73A8}\gapaengine.dll

2015-11-18 23:01 . 2015-04-24 18:17 633856 ----a-w- c:\windows\system32\comctl32.dll

2015-11-18 23:01 . 2015-04-24 17:56 530432 ----a-w- c:\windows\SysWow64\comctl32.dll

2015-11-18 23:01 . 2015-06-02 00:07 254976 ----a-w- c:\windows\system32\cewmdm.dll

2015-11-18 23:01 . 2015-06-01 23:47 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll

2015-11-18 23:00 . 2015-04-18 03:10 460800 ----a-w- c:\windows\system32\certcli.dll

2015-11-18 23:00 . 2015-04-18 02:56 342016 ----a-w- c:\windows\SysWow64\certcli.dll

2015-11-18 22:59 . 2015-07-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe

2015-11-18 22:59 . 2015-07-16 19:11 7077376 ----a-w- c:\windows\system32\mstscax.dll

2015-11-18 22:59 . 2015-07-16 19:12 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll

2015-11-18 22:59 . 2015-07-16 19:11 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll

2015-11-18 22:59 . 2015-07-16 19:12 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll

2015-11-18 22:59 . 2015-07-16 19:12 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll

2015-11-18 22:59 . 2015-07-16 19:11 62976 ----a-w- c:\windows\system32\tsgqec.dll

2015-11-18 22:59 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe

2015-11-18 22:56 . 2015-07-15 18:15 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys

2015-11-18 22:56 . 2015-07-15 18:10 1743360 ----a-w- c:\windows\system32\sysmain.dll

2015-11-18 22:56 . 2015-07-15 18:10 11264 ----a-w- c:\windows\system32\msmmsp.dll

2015-11-18 22:56 . 2015-07-15 18:02 2560 ----a-w- c:\windows\system32\drivers\en-US\mountmgr.sys.mui

2015-11-18 22:54 . 2015-09-01 18:14 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll

2015-11-18 22:54 . 2015-09-01 18:14 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll

2015-11-18 22:54 . 2015-09-01 18:14 110592 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll

2015-11-18 22:54 . 2015-09-01 18:13 224768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe

2015-11-18 22:54 . 2015-09-01 17:52 348672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll

2015-11-18 22:54 . 2015-09-01 17:52 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe

2015-11-18 22:54 . 2015-09-01 18:12 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll

2015-11-18 22:54 . 2015-06-09 18:03 3180544 ----a-w- c:\windows\system32\rdpcorets.dll

2015-11-18 22:54 . 2015-06-09 18:03 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll

2015-11-18 22:54 . 2015-07-09 17:58 82944 ----a-w- c:\windows\system32\dwmapi.dll

2015-11-18 22:54 . 2015-07-09 17:58 1632256 ----a-w- c:\windows\system32\dwmcore.dll

2015-11-18 22:54 . 2015-07-09 17:42 67584 ----a-w- c:\windows\SysWow64\dwmapi.dll

2015-11-18 22:54 . 2015-07-09 17:42 1372160 ----a-w- c:\windows\SysWow64\dwmcore.dll

2015-11-18 22:53 . 2015-07-15 03:17 2048 ----a-w- c:\windows\system32\tzres.dll

2015-11-18 22:53 . 2015-07-15 02:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2015-11-18 22:53 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll

2015-11-18 22:52 . 2015-01-29 03:19 2543104 ----a-w- c:\windows\system32\wpdshext.dll

2015-11-18 22:52 . 2015-01-29 03:19 1195008 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll

2015-11-18 22:52 . 2015-01-29 03:02 2311168 ----a-w- c:\windows\SysWow64\wpdshext.dll

2015-11-18 22:52 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll

2015-11-18 22:52 . 2015-07-01 20:48 102912 ----a-w- c:\windows\system32\davclnt.dll

2015-11-18 22:52 . 2015-07-01 20:30 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll

2015-11-18 22:50 . 2015-07-23 00:02 879104 ----a-w- c:\windows\system32\tdh.dll

2015-11-18 22:50 . 2015-07-23 00:02 879104 ----a-w- c:\windows\system32\advapi32.dll

2015-11-18 22:50 . 2015-07-22 17:53 635392 ----a-w- c:\windows\SysWow64\tdh.dll

2015-11-18 22:50 . 2015-07-22 17:53 641536 ----a-w- c:\windows\SysWow64\advapi32.dll

2015-11-18 22:49 . 2015-10-29 17:49 295936 ----a-w- c:\windows\SysWow64\apphelp.dll

2015-11-18 22:49 . 2015-10-29 17:50 6656 ----a-w- c:\windows\system32\shimeng.dll

2015-11-18 22:49 . 2015-10-29 17:50 342016 ----a-w- c:\windows\system32\apphelp.dll

2015-11-18 22:49 . 2015-10-29 17:50 72192 ----a-w- c:\windows\system32\aelupsvc.dll

2015-11-18 22:49 . 2015-10-29 17:50 5120 ----a-w- c:\windows\SysWow64\shimeng.dll

2015-11-18 22:49 . 2015-10-29 17:50 23552 ----a-w- c:\windows\system32\sdbinst.exe

2015-11-18 22:49 . 2015-10-29 17:49 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe

2015-11-18 22:49 . 2015-07-30 18:06 1648128 ----a-w- c:\windows\system32\DWrite.dll

2015-11-18 22:49 . 2015-07-30 18:06 1180160 ----a-w- c:\windows\system32\FntCache.dll

2015-11-18 22:49 . 2015-07-30 17:57 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll

2015-11-18 22:49 . 2015-07-30 18:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2015-11-18 22:49 . 2015-07-30 17:57 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2015-11-18 22:48 . 2015-07-04 18:07 2087424 ----a-w- c:\windows\system32\ole32.dll

2015-11-18 22:48 . 2015-07-04 17:48 1414656 ----a-w- c:\windows\SysWow64\ole32.dll

2015-11-18 22:48 . 2015-04-27 19:23 188416 ----a-w- c:\windows\system32\cryptsvc.dll

2015-11-18 22:48 . 2015-04-27 19:23 1480192 ----a-w- c:\windows\system32\crypt32.dll

2015-11-18 22:48 . 2015-04-27 19:04 143872 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2015-11-18 22:48 . 2015-04-27 19:04 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll

2015-11-18 22:48 . 2015-04-27 19:23 229376 ----a-w- c:\windows\system32\wintrust.dll

2015-11-18 22:48 . 2015-04-27 19:23 140288 ----a-w- c:\windows\system32\cryptnet.dll

2015-11-18 22:48 . 2015-04-27 19:05 179200 ----a-w- c:\windows\SysWow64\wintrust.dll

2015-11-18 22:48 . 2015-04-27 19:04 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2015-11-18 22:47 . 2015-10-01 18:04 616360 ----a-w- c:\windows\system32\winresume.efi

2015-11-18 22:47 . 2015-10-01 18:00 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe

2015-11-18 22:47 . 2015-10-01 18:06 692672 ----a-w- c:\windows\system32\winload.efi

2015-11-18 22:47 . 2015-10-01 18:00 59392 ----a-w- c:\windows\system32\appidapi.dll

2015-11-18 22:47 . 2015-10-01 18:00 32768 ----a-w- c:\windows\system32\appidsvc.dll

2015-11-18 22:47 . 2015-10-01 17:50 50688 ----a-w- c:\windows\SysWow64\appidapi.dll

2015-11-18 22:47 . 2015-10-01 18:00 63488 ----a-w- c:\windows\system32\setbcdlocale.dll

2015-11-18 22:47 . 2015-10-01 18:00 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe

2015-11-18 22:47 . 2015-10-01 17:00 61440 ----a-w- c:\windows\system32\drivers\appid.sys

2015-11-18 22:45 . 2015-10-20 01:06 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2015-11-18 22:44 . 2015-10-13 16:41 497664 ----a-w- c:\windows\system32\drivers\afd.sys

2015-11-18 22:44 . 2015-10-13 16:40 118272 ----a-w- c:\windows\system32\drivers\tdx.sys

2015-11-18 22:44 . 2015-06-15 21:45 3242496 ----a-w- c:\windows\system32\msi.dll

2015-11-18 22:44 . 2015-06-15 21:43 2364416 ----a-w- c:\windows\SysWow64\msi.dll

2015-11-18 22:44 . 2015-06-15 21:45 504320 ----a-w- c:\windows\system32\msihnd.dll

2015-11-18 22:44 . 2015-06-15 21:44 128000 ----a-w- c:\windows\system32\msiexec.exe

2015-11-18 22:44 . 2015-06-15 21:43 337408 ----a-w- c:\windows\SysWow64\msihnd.dll

2015-11-18 22:44 . 2015-06-15 21:42 73216 ----a-w- c:\windows\SysWow64\msiexec.exe

2015-11-18 22:44 . 2015-06-15 21:42 25088 ----a-w- c:\windows\system32\msimsg.dll

2015-11-18 22:44 . 2015-06-15 21:37 25088 ----a-w- c:\windows\SysWow64\msimsg.dll

2015-11-18 22:43 . 2015-07-09 17:57 193536 ----a-w- c:\windows\system32\notepad.exe

2015-11-18 22:43 . 2015-07-09 17:57 193536 ----a-w- c:\windows\notepad.exe

2015-11-18 22:43 . 2015-07-09 17:42 179712 ----a-w- c:\windows\SysWow64\notepad.exe

2015-11-18 22:42 . 2015-06-25 10:01 1941504 ----a-w- c:\windows\system32\authui.dll

2015-11-18 22:42 . 2015-06-25 10:06 115136 ----a-w- c:\windows\system32\consent.exe

2015-11-18 22:42 . 2015-06-25 10:01 70656 ----a-w- c:\windows\system32\appinfo.dll

2015-11-18 22:42 . 2015-06-25 09:44 1805824 ----a-w- c:\windows\SysWow64\authui.dll

2015-11-18 22:07 . 2015-11-18 22:07 18843848 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2015-11-18 16:22 . 2015-11-18 16:22 225976 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-11-18 22:08 . 2014-01-26 18:24 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2015-11-18 22:08 . 2011-08-17 22:51 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2015-10-29 17:50 . 2015-11-18 22:49 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2015-10-29 17:50 . 2015-11-18 22:49 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2015-10-29 17:50 . 2015-11-18 22:49 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2015-10-29 17:50 . 2015-11-18 22:49 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2015-10-29 17:49 . 2015-11-18 22:49 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2015-10-29 17:49 . 2015-11-18 22:49 562176 ----a-w- c:\windows\apppatch\AcLayers.dll

2015-10-29 17:49 . 2015-11-18 22:49 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll

2015-10-29 17:49 . 2015-11-18 22:49 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2015-10-29 17:39 . 2015-11-18 22:49 2560 ----a-w- c:\windows\apppatch\AcRes.dll

2015-10-27 23:43 . 2010-11-03 05:32 145617392 ----a-w- c:\windows\system32\MRT.exe

2015-10-20 00:45 . 2015-11-18 22:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2015-10-13 06:29 . 2015-10-13 06:29 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll

2015-10-13 06:22 . 2015-10-13 06:22 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

.

c:\users\stevenlaks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]

R3 lvsels64;Logitech Selective Suspend Filter;c:\windows\system32\DRIVERS\lvsels64.sys;c:\windows\SYSNATIVE\DRIVERS\lvsels64.sys [x]

R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe;c:\program files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [x]

S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2015-12-01 10:05 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]

2015-11-18 16:22 286904 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll

.

Contents of the 'Scheduled Tasks' folder

.

2015-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-26 22:08]

.

2015-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 20:29]

.

2015-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 20:29]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Trusted Zone: alipay.com

Trusted Zone: alisoft.com

Trusted Zone: taobao.com

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C292CF53-A553-4966-B315-3783105140BD}: DhcpNameServer = 192.168.88.1

DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/purchase/app/ocx/UpgradeVerify.cab

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

AddRemove-FreeFileViewer_is1 - c:\program files (x86)\FreeFileViewer\unins000.exe

AddRemove-NortonPCCheckup - c:\program files (x86)\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.3.198\InstStub.exe

AddRemove-TradeManager 2010 Beta1 - c:\program files (x86)\trademanager\Uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\{80931a9f5e5146ffebc38bc8d3faec28}*jopa]

"00"="xh/2aus+oImwhIgITuea3EqoIT3uGb2LNk2QpcGOSm8="

.

[HKEY_USERS\S-1-5-21-2496118000-1725222440-1282827072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (S-1-5-21-2496118000-1725222440-1282827072-1000)

@Denied: (2) (LocalSystem)

"Progid"="ThunderbirdEML"

.

[HKEY_USERS\S-1-5-21-2496118000-1725222440-1282827072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.19"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2015-12-01 16:10:39

ComboFix-quarantined-files.txt 2015-12-01 21:10

.

Pre-Run: 233,386,770,432 bytes free

Post-Run: 233,368,223,744 bytes free

.

- - End Of File - - 1502951750403E8949F18319A0177BC6


  • 0

#20
zep516
Posted 01 December 2015 - 03:21 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

What error if any are we experiencing when attempting to download "Internet Explorer 11" ? How long has this been going on ?
  • 0

#21
stevenlaks
Posted 01 December 2015 - 03:33 PM

stevenlaks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

I had a problem with IE in 2011 so I switched to Firefox. I haven't touched this computer since then until about 2 weeks ago so I'm just now starting to deal with these issues. I haven't tried to download IE 11 or upgrade to Windows 10 since this ComboFix.

 

Before this however it wasn't giving me an error message upon download. Windows 10 wouldn't even start to download and wouldn't give any kind verbage, it just did nothing. I would click the download buttons but nothing would happen.

 

IE 11 would begin download and almost complete to the point of completing "install" and message something about restarting, but right after it would say IE 11 did not or could not finish installing and then provide me with a link to an IE 11 troubleshooter, but never in an error message.

 

Is there a fix file I need to run for ComboFix or is it done? If its done I will try to download upgrades again.

 

Steven


  • 0

#22
stevenlaks
Posted 01 December 2015 - 03:37 PM

stevenlaks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Also, Logitech and Peachtree programs are still "installed". I believe they are troubled.


  • 0

#23
zep516
Posted 01 December 2015 - 03:48 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Combofix is done.

I would not be upgrading to Windows 10 anyway, my personal opinion it's still a work in progress. I have users throughout the forum with Windows 10 issues right now, from Internet connections to blue screens.

Lets see if we can fix Internet Explorer, I'll look at Logitech an Peachtree software.

Joe
  • 0

#24
stevenlaks
Posted 02 December 2015 - 05:34 PM

stevenlaks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hey Joe,

 

I was finally able to get rid of all unwanted programs with a Forced Uninstaller.

 

Did all available applicable updates for Windows and Internet Explorer.

Still having trouble upgrading to IE 11 but I'm working on it.

 

Thanks for all your help, you made the difference.

 

 

Steven


  • 0

#25
zep516
Posted 17 December 2015 - 07:53 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP