Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Combofix, all personal user files deleted


  • This topic is locked This topic is locked
5 replies to this topic

#1 pcsolutions50501

pcsolutions50501

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 30 December 2014 - 02:46 PM

Hello,

I apologize in advance. I know I'm supposed to get help before running Combofix, but 99% of the time we have had no issues with it. This time however, it decided that all the user's personal files were infections.

I am uploading the dds.txt, attach.txt, and Combofix.txt.

I need to figure out how to get their files back, hopefully without manually having to change each extension.

Again, thank you in advance!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by hughes at 13:20:16 on 2014-12-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3691.2235 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\OpenDownloaderManager\ODM.exe
C:\Program Files (x86)\AppGraffiti\AppGraffiti.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
mStart Page = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
mSearch Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
mSearch Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: {C35B7206-62EB-F808-5475-18A6FDE7DD94} - <orphaned>
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Open Download Manager] C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorun
uRun: [AppGraffiti] "C:\Program Files (x86)\AppGraffiti\AppGraffiti.exe"
uRunOnce: [Adobe Speed Launcher] 1419964669
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Download all with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlall.htm
IE: Download selected with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlselected.htm
IE: Download video with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htm
IE: Download with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dllink.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{C77F5066-5B68-4472-B670-72488BA97C0F} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-16 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-16 40064]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-12-26 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-12-26 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-12-26 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-12-26 436624]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 172344]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-3-24 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-6 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-5 365568]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-12-26 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-12-26 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-12-26 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-26 50344]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-9-6 197536]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-24 1817088]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-12-24 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-12-24 969016]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-3-24 46136]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-25 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-12-24 129752]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-3-24 1857600]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-3-24 335464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-24 436840]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-3-24 44672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-23 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-12-24 63704]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2014-5-16 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-18 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: switch.exe: open="C:\Program Files (x86)\NCH Software\Switch\switch" "%L"
.
=============== Created Last 30 ================
.
2014-12-30 18:41:59 -------- d-----w- C:\Users\hughes\AppData\Roaming\RealNetworks
2014-12-30 18:41:59 -------- d-----w- C:\Users\hughes\AppData\Local\Google
2014-12-30 18:37:50 -------- d-sh--w- C:\Users\hughes\AppData\Local\EmieUserList
2014-12-30 18:37:50 -------- d-sh--w- C:\Users\hughes\AppData\Local\EmieSiteList
2014-12-30 18:37:50 -------- d-sh--w- C:\Users\hughes\AppData\Local\EmieBrowserModeList
2014-12-30 18:37:49 -------- d-----w- C:\Users\hughes\AppData\Roaming\Synaptics
2014-12-30 18:26:47 -------- d-sh--w- C:\$RECYCLE.BIN
2014-12-30 18:25:19 -------- d-----w- C:\Users\hughes\AppData\Local\ATI
2014-12-30 18:24:53 -------- d-----w- C:\Users\hughes\AppData\Roaming\hpqLog
2014-12-30 18:17:44 -------- d-----w- C:\Users\hughes\AppData\Roaming\Open Download Manager
2014-12-30 15:05:05 11870360 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{34331229-C775-4CB7-8F4E-9CC2449DB3D8}\mpengine.dll
2014-12-29 16:55:01 -------- d-----w- C:\ComboFixMe
2014-12-27 19:20:21 -------- d-----w- C:\SUPERDelete
2014-12-26 16:08:49 -------- d-----w- C:\Users\hughes\AppData\Roaming\AVAST Software
2014-12-26 16:07:29 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-12-26 16:07:29 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-12-26 16:07:28 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-12-26 16:07:28 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-12-26 16:07:28 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-12-26 16:07:28 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-12-26 16:07:28 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-12-26 16:07:14 43152 ----a-w- C:\Windows\avastSS.scr
2014-12-24 22:02:02 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-24 21:58:42 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-12-24 21:58:42 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-12-24 21:58:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-24 15:36:17 -------- d-s---w- C:\Windows\System32\CompatTel
2014-12-24 15:36:17 -------- d-----w- C:\Windows\System32\appraiser
2014-12-24 15:21:55 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-12-24 15:21:55 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-12-24 15:21:54 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-12-24 15:21:53 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-12-24 15:16:47 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-24 15:16:47 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-23 22:03:38 -------- d-----w- C:\Windows\SysWow64\mjcm
2014-12-23 22:03:38 -------- d-----w- C:\Windows\System32\tprb
2014-12-23 17:52:49 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-12-23 16:58:45 -------- d-----w- C:\Windows\Migration
2014-12-23 16:19:53 -------- d-----r- C:\Program Files (x86)\Skype
2014-12-23 15:35:41 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
2014-12-23 15:35:41 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2014-12-23 15:35:41 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-23 15:35:41 24576 ----a-w- C:\Windows\System32\mfpmp.exe
2014-12-23 15:35:41 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2014-12-23 15:35:41 206848 ----a-w- C:\Windows\System32\mfps.dll
2014-12-23 15:35:41 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2014-12-23 15:35:41 2048 ----a-w- C:\Windows\System32\mferror.dll
2014-12-23 15:35:41 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
2014-12-23 15:35:40 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-23 15:23:37 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-12-23 15:23:37 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-12-23 15:23:36 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-12-23 15:23:36 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-12-23 15:23:32 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-12-23 15:23:32 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-12-23 15:22:51 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-12-23 15:22:51 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-12-22 22:24:00 484864 ----a-w- C:\Windows\System32\wer.dll
2014-12-22 22:24:00 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-12-22 22:23:57 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-12-22 22:23:57 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-12-22 22:23:57 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-12-22 22:23:57 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-12-22 22:23:14 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-12-22 22:23:14 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-12-22 22:15:53 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-12-22 22:15:52 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-12-22 22:15:00 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-12-22 22:15:00 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-12-22 22:15:00 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-12-22 22:14:59 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-12-22 22:14:59 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-12-22 22:14:59 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-12-22 22:14:59 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-12-22 22:14:59 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-12-22 22:14:59 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-12-22 22:14:59 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-12-22 22:14:59 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-12-22 22:14:59 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-12-22 22:05:06 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2014-12-22 22:05:04 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-12-22 22:05:04 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-12-22 22:05:04 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-12-22 22:05:02 878080 ----a-w- C:\Windows\System32\IMJP10K.DLL
2014-12-22 22:05:02 701440 ----a-w- C:\Windows\SysWow64\IMJP10K.DLL
2014-12-22 22:03:52 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-22 22:03:52 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-22 22:03:51 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-22 22:03:51 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-22 22:03:51 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-22 22:03:51 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-22 22:03:51 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-22 22:03:50 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-22 22:03:44 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-12-22 22:03:42 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-12-22 22:03:42 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-12-22 22:03:41 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-12-22 22:03:41 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-12-22 22:00:58 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-12-22 22:00:58 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-12-22 22:00:57 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-12-22 21:52:10 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-12-22 21:52:10 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-12-22 21:52:10 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-12-22 21:52:10 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-12-22 21:52:09 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-12-22 21:52:09 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-12-22 21:51:58 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-12-22 21:51:58 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-12-22 21:51:58 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-12-22 21:51:57 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-12-22 21:51:57 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-12-22 21:51:57 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-12-22 21:51:57 112064 ----a-w- C:\Windows\System32\consent.exe
2014-12-22 17:11:54 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-12-22 17:11:54 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-12-22 16:57:02 -------- d-----w- C:\ProgramData\dl159
2014-12-19 16:01:36 335360 ----a-w- C:\Windows\System32\msieftp.dll
2014-12-19 16:01:36 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2014-12-19 16:01:34 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-12-19 16:01:31 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-12-19 16:01:29 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-12-19 16:01:01 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-12-19 16:01:01 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-12-19 16:00:58 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-12-19 16:00:57 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-12-19 15:54:10 -------- d-----w- C:\ProgramData\dtdata
.
==================== Find3M ====================
.
2014-12-02 10:21:14 33792 ----a-w- C:\Windows\System32\ImHttpComm.dll
2014-11-24 20:04:56 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-21 12:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-26 23:45:50 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2014-10-26 23:45:50 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2014-10-26 23:45:49 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2014-10-26 23:45:49 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-03 02:12:23 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2014-10-03 02:12:23 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
2014-10-03 02:12:22 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-10-03 02:12:22 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 02:11:49 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:44:25 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
2013-10-19 22:36:35 50053120 ----a-w- C:\Program Files (x86)\GUT4F78.tmp
.
============= FINISH: 13:23:53.46 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/6/2012 1:51:46 AM
System Uptime: 12/30/2014 12:27:59 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 3577
Processor: AMD E-450 APU with Radeon™ HD Graphics | Socket FT1 | 1650/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 447 GiB total, 359.204 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.624 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.084 GiB free.
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP196: 12/24/2014 8:55:07 AM - Windows Update
RP197: 12/24/2014 11:38:14 AM - Windows Update
RP198: 12/24/2014 11:45:06 AM - Windows Update
RP199: 12/26/2014 9:28:08 AM - Windows Update
RP200: 12/26/2014 10:04:30 AM - avast! antivirus system restore point
RP201: 12/26/2014 4:21:46 PM - Removed iTunes
RP202: 12/29/2014 10:55:23 AM - ComboFix created restore point
RP203: 12/30/2014 9:02:19 AM - Windows Update
.
==== Installed Programs ======================
.
18 Wheels of Steel - Convoy (remove only)
18 Wheels of Steel: American Long Haul
18 Wheels of Steel: Haulin'
18 WoS American Long Haul
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.13) MUI
Adobe Shockwave Player 11.5
AMD APP SDK Runtime
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
AppGraffiti
Apple Software Update
ATI Catalyst Install Manager
Avast Free Antivirus
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CyberLink YouCam
D3DX10
ESU for Microsoft Windows 7 SP1
Express Burn
Express Zip
Farming Simulator 2013 Demo
FTDownloader
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Documentation
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
Itibiti RTC
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.4.1028
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
MixPad
Mixxx 1.10.0
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Open Downloader Manager
OpenAL
Photo Story 3 for Windows
PlayReady PC Runtime x86
Prime Desktop 3D
Ralink RT5390 802.11b/g/n WiFi Adapter
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
RealUpgrade 1.1
Recovery Manager
Rhapsody
Rig N Roll - Freight Tycoon Compilation (Remove Only)
RoxioNow Player
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Skype™ 6.11
SUPERAntiSpyware
Switch Sound File Converter
Synaptics TouchPad Driver
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
12/30/2014 12:29:32 PM, Error: Service Control Manager [7034] - The HP Auto service terminated unexpectedly. It has done this 1 time(s).
12/30/2014 12:17:07 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/30/2014 1:19:41 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
12/29/2014 12:00:25 PM, Error: Application Popup [1060] - \??\C:\ComboFixMe\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/29/2014 10:39:51 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
12/28/2014 4:01:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
12/27/2014 1:13:23 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12/24/2014 9:41:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2952664).
12/24/2014 3:57:18 PM, Error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
12/24/2014 11:18:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
12/24/2014 10:25:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
12/23/2014 4:01:59 PM, Error: Service Control Manager [7031] - The IBUpdaterService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/23/2014 12:21:08 PM, Error: Service Control Manager [7031] - The Hotspot Shield Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/23/2014 11:31:14 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for Windows 7 for x64-based Systems (KB3008923).
12/23/2014 11:18:54 AM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
12/23/2014 11:15:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2952664).
12/23/2014 11:15:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2847077).
12/23/2014 11:15:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Cumulative Security Update for Internet Explorer 10 for Windows 7 for x64-based Systems (KB3003057).
12/23/2014 10:18:25 AM, Error: Service Control Manager [7034] - The BitGuard service terminated unexpectedly. It has done this 1 time(s).
12/23/2014 10:14:14 AM, Error: Service Control Manager [7034] - The FastFreeConverterUpdt service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

Attached Files


Edited by Oh My!, 04 January 2015 - 02:25 PM.
Logs posted


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 04 January 2015 - 02:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/561516 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:51 PM

Posted 04 January 2015 - 03:32 PM

Greetings pcsolutions50501 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Yes, this is a bit of a mess. We are going to create some backups because this is such a significant "fix". Following that we will run a script that will hopefully restore the majority of the files. However, you will need to manually restore all .zip files from the quarantine folder into its normal folder. You can do that by listing all individual .zip files in a Combofix script. The way I have designed this fix Combofix will not automatically do that for and I think that is something you can tackle on your own.

Let's see what we can do. Please do this.

===================================================

Please create a System Restore Point

===================================================

Please make a copy of the enitre C:\Qoobox folder and paste it onto your desktop.

===================================================

Running Combofix Script

-------------------
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text below into the Notepad document
DeQuarantine::
c:\program files (x86)
c:\users
Quit:
  • Save this on your desktop as CFScript.txt

CFScriptB-4.gif

  • Referring to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Dequarantine log

Edited by Oh My!, 04 January 2015 - 03:34 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 pcsolutions50501

pcsolutions50501
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 05 January 2015 - 09:11 AM

Hello, I have to apologize.

 

The customer decided that they did not care about their personal information and wanted us to just reload the computer.

 

Please close this topic, or instruct me on how to close it.  Again, my apologizes.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:51 PM

Posted 05 January 2015 - 10:38 AM

No problem, thanks for letting us know.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:51 PM

Posted 05 January 2015 - 10:38 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users