Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is reinstall of Win 7 64-bit necessary...again? Ugh..


  • Please log in to reply
13 replies to this topic

#1 Milla-Bach

Milla-Bach

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:08:26 PM

Posted 10 February 2015 - 02:12 AM

Hello everyone, It's been a few years since I have had to ask for your help. Can someone please take a look at what my system is running and let me know if the better way to fix some of the known and unknown issues is to just reinstall again. I sure would appreciate any advice. Thank you.


Edited by hamluis, 11 February 2015 - 07:41 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:26 AM

Posted 10 February 2015 - 03:08 AM

Hi,

 

Could you please download and run MiniToolbox and check

  • report ie proxy
  • hosts
  • events
  • errors
  • programs
  • problem devices

Then copy and paste the results in your reply.

 

Lets see if we can't get you cleaned up.

 

:)


Edited by TsVk!, 10 February 2015 - 03:21 AM.


#3 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:08:26 PM

Posted 10 February 2015 - 03:39 AM

Hello and thank you for such a quick response! I ran the MiniToolbox but I can't seen to post the results.  Would it be ok if I rebooted in safe-mode to continue? I'm not sure if I'm just doing this wrong or if it has something to do with the virus.

:)


Edited by hamluis, 10 February 2015 - 04:48 PM.
Removed unnecessary quotebox - Hamluis.


#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:26 AM

Posted 10 February 2015 - 04:13 AM

If you have a virus you need to follow this guide, There are some fully qualified malware helpers over there who will sort you out.



#5 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:08:26 PM

Posted 10 February 2015 - 04:29 AM

MiniToolBox by Farbar  Version: 30-11-2014
Ran by MILLA (administrator) on 10-02-2015 at 03:11:25
Running from "C:\Users\MILLA\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Network
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/10/2015 03:04:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/10/2015 03:02:57 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x00000000.
 
Error: (02/10/2015 03:02:57 AM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x8007043C
 
Error: (02/10/2015 02:14:18 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (02/10/2015 02:14:18 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (02/10/2015 02:14:18 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (02/10/2015 02:14:18 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (02/10/2015 02:14:18 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (02/10/2015 02:14:17 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (02/10/2015 02:14:17 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)
 
 
System errors:
=============
Error: (02/10/2015 03:03:13 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
Error: (02/10/2015 03:03:11 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (02/10/2015 03:03:11 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (02/10/2015 03:03:11 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (02/10/2015 03:03:12 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (02/10/2015 03:03:12 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (02/10/2015 03:03:10 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (02/10/2015 03:03:10 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (02/10/2015 03:03:10 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (02/10/2015 03:03:10 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (02/10/2015 03:04:27 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/10/2015 03:02:57 AM) (Source: Winlogon)(User: )
Description: 0x000000000x00000001
 
Error: (02/10/2015 03:02:57 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x8007043C
 
Error: (02/10/2015 02:14:18 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
 
Error: (02/10/2015 02:14:18 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (02/10/2015 02:14:18 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (02/10/2015 02:14:18 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (02/10/2015 02:14:18 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (02/10/2015 02:14:17 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
Error: (02/10/2015 02:14:17 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-07 17:55:51.520
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-07 17:55:51.427
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-07 17:55:51.333
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-07 17:55:51.255
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-06 10:54:45.188
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-06 10:54:45.095
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-06 10:54:45.001
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-06 10:54:44.892
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-01 01:54:37.773
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-01 01:54:37.648
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
 
=========================== Installed Programs ============================
Advanced Task Manager for Windows Vista & Windows XP (HKLM-x32\...\ATM5_is1) (Version:  - Innovative Solutions)
Advanced Uninstaller PRO - Version 11 (HKLM-x32\...\AU11_is1) (Version: 11.58.0.216 - Innovative Solutions)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.20.0.1429 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.4.1 - CrystalIDEA Software, Inc.)
 
========================= Devices: ================================
 
Name: TEAC USB   HS-SD Card USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: TEAC USB   HS-xD/SM USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: TEAC USB   HS-CF Card USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: TEAC USB   HS-MS Card USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
**** End of log ****
 


#6 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:26 AM

Posted 10 February 2015 - 04:49 AM

I don't see any obvious signs of malware, let's try fix some issues.

 

You have a bit of a corruption problem with your search indexer, please follow these points.

 

1) Hold down the Win key kb5646-001_en_v10.png and press R > type "cmd" in the Run box, enter > type "sfc /scannow" and hit enter

2) Hold down the Win key kb5646-001_en_v10.png and press R > type "regedit" in the Run box, enter > Go to:

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\SetupCompleted]
 

Check if its been set to "0", if so then set it to "1" (DWORD)

 

 

How did you go?



#7 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:08:26 PM

Posted 10 February 2015 - 05:20 AM

Ok, Verification 100% complete. Windows Resource Protection found corrupt files but was unable to fix some of them. Details included in CBS.Log windir\Logs\CBS\CBS.log   For example C:\Windows\Logs\CBS

 

And for #2 DWORD was set to "1"



#8 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:26 AM

Posted 10 February 2015 - 05:34 AM

I've gotta go now, kids bed time.

 

I will post further instructions tomorrow on how to find the files we need to fix.

 

TsVk!



#9 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:08:26 PM

Posted 10 February 2015 - 05:46 AM

Ok, Thank you again for your time and help sir, very much appreciated.



#10 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:26 AM

Posted 10 February 2015 - 09:43 PM

Hi there's 2 other things I would like to try before we start looking at patching files manually...

 

Please run sfc again, but from a boot disk. Follow method 1 in this tutorial.

 

then....

 

Please open an elevated command prompt and enter

Dism /Online /Cleanup-Image /RestoreHealth

It can take a while, please be patient.

 

How did that go?


Edited by TsVk!, 10 February 2015 - 09:47 PM.


#11 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:08:26 PM

Posted 11 February 2015 - 01:17 AM

I believe my operating system partition needs repair, I'm not sure if I figured it properly when I installed Windows 7 on this computer now after looking at the volumes listed when I typed Diskpart in the command prompt. I'm no pro at this so I really do appreciate your help with this mess I managed to make. I tried to enter the code sfc /scannow /offbootdir=c:\ /offwindir=c: \windows   I know that drive C is where the repair needs to be run but I don't see any other partition other than volume #6 has no drive LTR no Label Fs is FAT the size is 47MB status is Healthy and Info is Hidden? I feel like a real dummy, maybe I needed to create another partition before I reinstalled Windows 7 on this computer, I tried to but obviously failed. I did manage to pull some information for you, it's the log file that was produced after I ran the elevated command prompt...

 

2015-02-10 23:51:41, Info                  DISM   PID=1340 Scratch directory set to 'C:\Users\MILLA\AppData\Local\Temp\'. - CDISMManager::put_ScratchDir
2015-02-10 23:51:41, Info                  DISM   PID=1340 Successfully loaded the ImageSession at "C:\Windows\System32\Dism" - CDISMManager::LoadImageSession
2015-02-10 23:51:41, Info                  DISM   DISM Provider Store: PID=1340 Found and Initialized the DISM Logger. - CDISMProviderStore::Internal_InitializeLogger
2015-02-10 23:51:41, Info                  DISM   DISM Provider Store: PID=1340 Failed to get and initialize the PE Provider.  Continuing by assuming that it is not a WinPE image. - CDISMProviderStore::Final_OnConnect
2015-02-10 23:51:41, Info                  DISM   DISM Provider Store: PID=1340 Finished initializing the Provider Map. - CDISMProviderStore::Final_OnConnect
2015-02-10 23:51:41, Info                  DISM   DISM Provider Store: PID=1340 Getting Provider DISMLogger - CDISMProviderStore::GetProvider
2015-02-10 23:51:41, Info                  DISM   DISM Provider Store: PID=1340 Provider has previously been initialized.  Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:41, Info                  DISM   DISM Provider Store: PID=1340 Getting Provider DISMLogger - CDISMProviderStore::GetProvider
2015-02-10 23:51:41, Info                  DISM   DISM Provider Store: PID=1340 Provider has previously been initialized.  Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:41, Info                  DISM   DISM Manager: PID=1340 Successfully created the local image session and provider store. - CDISMManager::CreateLocalImageSession
2015-02-10 23:51:41, Info                  DISM   DISM Provider Store: PID=1340 Getting Provider DISMLogger - CDISMProviderStore::GetProvider
2015-02-10 23:51:41, Info                  DISM   DISM Provider Store: PID=1340 Provider has previously been initialized.  Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:41, Info                  DISM   DISM.EXE: 
2015-02-10 23:51:41, Info                  DISM   DISM.EXE: <----- Starting Dism.exe session ----->
2015-02-10 23:51:41, Info                  DISM   DISM.EXE: 
2015-02-10 23:51:41, Info                  DISM   DISM.EXE: Host machine information: OS Version=6.1.7601, Running architecture=amd64, Number of processors=2
2015-02-10 23:51:41, Info                  DISM   DISM.EXE: Executing command line: Dism  /Online /Cleanup-Image /RestoreHealth
2015-02-10 23:51:41, Info                  DISM   DISM Provider Store: PID=1340 Getting Provider FolderManager - CDISMProviderStore::GetProvider
2015-02-10 23:51:41, Info                  DISM   DISM Provider Store: PID=1340 Provider has not previously been encountered.  Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:41, Info                  DISM   DISM Provider Store: PID=1340 Loading Provider from location C:\Windows\System32\Dism\FolderProvider.dll - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:41, Info                  DISM   DISM Provider Store: PID=1340 Connecting to the provider located at C:\Windows\System32\Dism\FolderProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2015-02-10 23:51:41, Info                  DISM   DISM Provider Store: PID=1340 Getting Provider FolderManager - CDISMProviderStore::GetProvider
2015-02-10 23:51:41, Info                  DISM   DISM Provider Store: PID=1340 Provider has previously been initialized.  Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:43, Info                  DISM   DISM Manager: PID=1340 Successfully loaded the ImageSession at "C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C" - CDISMManager::LoadImageSession
2015-02-10 23:51:43, Info                  DISM   DISM Image Session: PID=2884 Instantiating the Provider Store. - CDISMImageSession::get_ProviderStore
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Initializing a provider store for the IMAGE session type. - CDISMProviderStore::Final_OnConnect
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Provider has not previously been encountered.  Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Loading Provider from location C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C\OSProvider.dll - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Connecting to the provider located at C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C\OSProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2015-02-10 23:51:43, Info                  DISM   DISM OS Provider: PID=2884 Defaulting SystemPath to C:\ - CDISMOSServiceManager::Final_OnConnect
2015-02-10 23:51:43, Info                  DISM   DISM OS Provider: PID=2884 Defaulting Windows folder to C:\Windows - CDISMOSServiceManager::Final_OnConnect
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Attempting to initialize the logger from the Image Session. - CDISMProviderStore::Final_OnConnect
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Provider has not previously been encountered.  Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Loading Provider from location C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C\LogProvider.dll - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Connecting to the provider located at C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C\LogProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Getting Provider OSServices - CDISMProviderStore::GetProvider
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Provider has previously been initialized.  Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Found and Initialized the DISM Logger. - CDISMProviderStore::Internal_InitializeLogger
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Provider has not previously been encountered.  Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Loading Provider from location C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C\PEProvider.dll - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:43, Warning               DISM   DISM Provider Store: PID=2884 Failed to Load the provider: C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C\PEProvider.dll. - CDISMProviderStore::Internal_GetProvider(hr:0x8007007e)
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Failed to get and initialize the PE Provider.  Continuing by assuming that it is not a WinPE image. - CDISMProviderStore::Final_OnConnect
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Finished initializing the Provider Map. - CDISMProviderStore::Final_OnConnect
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Getting Provider DISMLogger - CDISMProviderStore::GetProvider
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Provider has previously been initialized.  Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:43, Info                  DISM   DISM Manager: PID=1340 Image session successfully loaded from the temporary location: C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C - CDISMManager::CreateImageSession
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Getting Provider OSServices - CDISMProviderStore::GetProvider
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Provider has previously been initialized.  Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:43, Info                  CSI    00000001 Shim considered [l:256{128}]"\??\C:\Windows\Servicing\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\pkgmgr.exe" : got STATUS_OBJECT_PATH_NOT_FOUND
2015-02-10 23:51:43, Info                  CSI    00000002 Shim considered [l:250{125}]"\??\C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\pkgmgr.exe" : got STATUS_SUCCESS
2015-02-10 23:51:43, Info                  DISM   DISM.EXE: Target image information: OS Version=6.1.7601.17592, Image architecture=amd64
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Getting the collection of providers from an image provider store type. - CDISMProviderStore::GetProviderCollection
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Provider has not previously been encountered.  Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Loading Provider from location C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C\CbsProvider.dll - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Connecting to the provider located at C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C\CbsProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2015-02-10 23:51:43, Info                  DISM   DISM Provider Store: PID=2884 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2015-02-10 23:51:43, Info                  CSI    00000001 Shim considered [l:256{128}]"\??\C:\Windows\Servicing\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\pkgmgr.exe" : got STATUS_OBJECT_PATH_NOT_FOUND
2015-02-10 23:51:43, Info                  CSI    00000002 Shim considered [l:250{125}]"\??\C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\pkgmgr.exe" : got STATUS_SUCCESS
2015-02-10 23:51:44, Info                  DISM   DISM Package Manager: PID=2884 Finished initializing the CbsConUI Handler. - CCbsConUIHandler::Initialize
2015-02-10 23:51:44, Info                  CSI    00000001 Shim considered [l:256{128}]"\??\C:\Windows\Servicing\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\pkgmgr.exe" : got STATUS_OBJECT_PATH_NOT_FOUND
2015-02-10 23:51:44, Info                  CSI    00000002 Shim considered [l:250{125}]"\??\C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\pkgmgr.exe" : got STATUS_SUCCESS
2015-02-10 23:51:44, Info                  DISM   DISM Package Manager: PID=2884 CBS is being initialized for online use. More information about CBS actions can be located at: %windir%\logs\cbs\cbs.log - CDISMPackageManager::Initialize
2015-02-10 23:51:44, Info                  DISM   DISM Package Manager: PID=2884 Loaded servicing stack for online use only. - CDISMPackageManager::RefreshInstanceAndLock
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Provider has not previously been encountered.  Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Loading Provider from location C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C\MsiProvider.dll - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Connecting to the provider located at C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C\MsiProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Provider has not previously been encountered.  Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Loading Provider from location C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C\IntlProvider.dll - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Connecting to the provider located at C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C\IntlProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Provider has not previously been encountered.  Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Loading Provider from location C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C\DmiProvider.dll - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Connecting to the provider located at C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C\DmiProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2015-02-10 23:51:44, Info                  CSI    00000001 Shim considered [l:256{128}]"\??\C:\Windows\Servicing\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\pkgmgr.exe" : got STATUS_OBJECT_PATH_NOT_FOUND
2015-02-10 23:51:44, Info                  CSI    00000002 Shim considered [l:250{125}]"\??\C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\pkgmgr.exe" : got STATUS_SUCCESS
2015-02-10 23:51:44, Info                  DISM   DISM OS Provider: PID=2884 Successfully loaded the hive. - CDISMOSServiceManager::DetermineBootDrive
2015-02-10 23:51:44, Info                  DISM   DISM Driver Manager: PID=2884 Further logs for driver related operations can be found in the target operating system at %WINDIR%\inf\setupapi.offline.log - CDriverManager::Initialize
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Provider has not previously been encountered.  Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Loading Provider from location C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C\UnattendProvider.dll - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Connecting to the provider located at C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C\UnattendProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Provider has not previously been encountered.  Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Loading Provider from location C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C\SmiProvider.dll - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Connecting to the provider located at C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C\SmiProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Provider has not previously been encountered.  Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Loading Provider from location C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C\TransmogProvider.dll - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Connecting to the provider located at C:\Users\MILLA\AppData\Local\Temp\D394D0A5-D68E-46B5-AE3C-18F9FD54E56C\TransmogProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Getting Provider DISM Package Manager - CDISMProviderStore::GetProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Provider has previously been initialized.  Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Getting Provider DISM Unattend Manager - CDISMProviderStore::GetProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Provider has previously been initialized.  Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:44, Info                  DISM   DISM.EXE: Got the collection of providers. Now enumerating them to build the command table.
2015-02-10 23:51:44, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: DISM Package Manager
2015-02-10 23:51:44, Info                  DISM   DISM.EXE: Succesfully registered commands for the provider: DISM Package Manager.
2015-02-10 23:51:44, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: OSServices
2015-02-10 23:51:44, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: MsiManager
2015-02-10 23:51:44, Info                  DISM   DISM.EXE: Succesfully registered commands for the provider: MsiManager.
2015-02-10 23:51:44, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: IntlManager
2015-02-10 23:51:44, Info                  DISM   DISM.EXE: Succesfully registered commands for the provider: IntlManager.
2015-02-10 23:51:44, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: DriverManager
2015-02-10 23:51:44, Info                  DISM   DISM.EXE: Succesfully registered commands for the provider: DriverManager.
2015-02-10 23:51:44, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: DISM Unattend Manager
2015-02-10 23:51:44, Info                  DISM   DISM.EXE: Succesfully registered commands for the provider: DISM Unattend Manager.
2015-02-10 23:51:44, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: DISM Log Provider
2015-02-10 23:51:44, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: SmiManager
2015-02-10 23:51:44, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: Edition Manager
2015-02-10 23:51:44, Info                  DISM   DISM Transmog Provider: PID=2884 Current image session is [ONLINE] - CTransmogManager::GetMode
2015-02-10 23:51:44, Info                  DISM   DISM.EXE: Succesfully registered commands for the provider: Edition Manager.
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Getting Provider DISM Package Manager - CDISMProviderStore::GetProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Provider has previously been initialized.  Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2015-02-10 23:51:44, Info                  DISM   DISM Package Manager: PID=2884 Processing the top level command token(cleanup-image). - CPackageManagerCLIHandler::Private_ValidateCmdLine
2015-02-10 23:51:44, Info                  DISM   DISM Package Manager: PID=2884 The option(restorehealth) is not recognized in this context. - CPackageManagerCLIHandler::Private_ValidateCmdLine
2015-02-10 23:51:44, Info                  DISM   DISM Package Manager: PID=2884 Further logs for online package and feature related operations can be found at %WINDIR%\logs\CBS\cbs.log - CPackageManagerCLIHandler::ExecuteCmdLine
2015-02-10 23:51:44, Info                  DISM   DISM Image Session: PID=2884 Disconnecting the provider store - CDISMImageSession::Final_OnDisconnect
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Finalizing the servicing provider(DISM Package Manager) - CDISMProviderStore::Internal_DisconnectProvider
2015-02-10 23:51:44, Info                  DISM   DISM Package Manager: PID=2884 Finalizing CBS core. - CDISMPackageManager::Finalize
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Disconnecting Provider: DISM Package Manager - CDISMProviderStore::Internal_DisconnectProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Found the OSServices.  Waiting to finalize it until all other providers are unloaded. - CDISMProviderStore::Final_OnDisconnect
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Finalizing the servicing provider(MsiManager) - CDISMProviderStore::Internal_DisconnectProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Disconnecting Provider: MsiManager - CDISMProviderStore::Internal_DisconnectProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Finalizing the servicing provider(IntlManager) - CDISMProviderStore::Internal_DisconnectProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Disconnecting Provider: IntlManager - CDISMProviderStore::Internal_DisconnectProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Found the PE Provider.  Waiting to finalize it until all other providers are unloaded. - CDISMProviderStore::Final_OnDisconnect
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Finalizing the servicing provider(DriverManager) - CDISMProviderStore::Internal_DisconnectProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Disconnecting Provider: DriverManager - CDISMProviderStore::Internal_DisconnectProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Finalizing the servicing provider(DISM Unattend Manager) - CDISMProviderStore::Internal_DisconnectProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Disconnecting Provider: DISM Unattend Manager - CDISMProviderStore::Internal_DisconnectProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Found the OSServices.  Waiting to finalize it until all other providers are unloaded. - CDISMProviderStore::Final_OnDisconnect
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Finalizing the servicing provider(SmiManager) - CDISMProviderStore::Internal_DisconnectProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Disconnecting Provider: SmiManager - CDISMProviderStore::Internal_DisconnectProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Finalizing the servicing provider(Edition Manager) - CDISMProviderStore::Internal_DisconnectProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Disconnecting Provider: Edition Manager - CDISMProviderStore::Internal_DisconnectProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Releasing the local reference to OSServices. - CDISMProviderStore::Internal_DisconnectProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Disconnecting Provider: OSServices - CDISMProviderStore::Internal_DisconnectProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=2884 Releasing the local reference to DISMLogger.  Stop logging. - CDISMProviderStore::Internal_DisconnectProvider
2015-02-10 23:51:44, Info                  DISM   DISM.EXE: Image session has been closed. Reboot required=no.
2015-02-10 23:51:44, Info                  DISM   DISM.EXE: 
2015-02-10 23:51:44, Info                  DISM   DISM.EXE: <----- Ending Dism.exe session ----->
2015-02-10 23:51:44, Info                  DISM   DISM.EXE: 
2015-02-10 23:51:44, Info                  DISM   DISM Image Session: PID=1340 Disconnecting the provider store - CDISMImageSession::Final_OnDisconnect
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=1340 Disconnecting Provider: FolderManager - CDISMProviderStore::Internal_DisconnectProvider
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=1340 Found the OSServices.  Waiting to finalize it until all other providers are unloaded. - CDISMProviderStore::Final_OnDisconnect
2015-02-10 23:51:44, Info                  DISM   DISM Provider Store: PID=1340 Releasing the local reference to DISMLogger.  Stop logging. - CDISMProviderStore::Internal_DisconnectProvider


#12 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:26 AM

Posted 11 February 2015 - 02:07 AM

 

I believe my operating system partition needs repair, I'm not sure if I figured it properly when I installed Windows 7 on this computer now after looking at the volumes listed when I typed Diskpart in the command prompt.

Did you look carefully at step 5 of the tutorial?



#13 Milla-Bach

Milla-Bach
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:08:26 PM

Posted 11 February 2015 - 02:17 AM

Hello, I'm quickly trying to install an antivirus program right at the moment since I can no longer access Bitdefender. I ran Combofix and here are the results if it can help you determine if my computer is infected, it had to reboot my computer so I guess I'm just assuming the worst. I will look closer at step 5 of the tutorial as soon as I have another AV downloaded and running, thanks :) I should be back here shortly.

 

ComboFix 15-02-09.01 - MILLA 02/11/2015   0:43.18.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2037.1417 [GMT -6:00]
Running from: c:\users\MILLA\Desktop\ComboFix.exe
FW: Bitdefender Firewall *Disabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
SP: Bitdefender Antispyware *Disabled/Outdated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-11 to 2015-02-11  )))))))))))))))))))))))))))))))
.
.
2015-02-11 06:49 . 2015-02-11 06:49 -------- d-----w- c:\users\MARA\AppData\Local\temp
2015-02-11 02:20 . 2015-02-11 02:25 -------- d-----w- c:\windows\system32\catroot2
2015-02-11 00:40 . 2015-02-11 00:40 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-11 00:40 . 2015-02-11 00:40 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-11 00:40 . 2014-11-21 12:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-11 00:39 . 2014-11-21 12:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-10 22:54 . 2015-02-10 22:54 -------- d-----w- c:\program files (x86)\Tweaking.com
2015-02-10 13:58 . 2015-02-10 13:58 33360 ----a-w- c:\windows\system32\bdsandboxuh.dll
2015-02-10 13:48 . 2013-08-13 19:38 3271472 ----a-w- C:\bdr-bz01
2015-02-10 13:48 . 2014-10-15 22:14 452040 ----a-w- c:\windows\system32\drivers\trufos.sys
2015-02-10 13:48 . 2014-10-22 15:29 155912 ----a-w- c:\windows\system32\drivers\gzflt.sys
2015-02-10 13:16 . 2015-02-10 13:16 74000 ----a-w- c:\windows\system32\bdsandboxuiskin32.dll
2015-02-10 13:16 . 2015-02-10 13:16 677104 ----a-w- c:\windows\system32\drivers\avckf.sys
2015-02-10 12:38 . 2015-02-10 12:40 -------- d-----w- C:\AdwCleaner
2015-02-10 12:09 . 2015-02-10 19:03 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-10 12:08 . 2014-11-21 12:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-10 11:29 . 2015-02-10 11:29 -------- d-----w- c:\program files\Microsoft Silverlight
2015-02-10 11:29 . 2015-02-10 11:29 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-02-10 11:04 . 2015-02-10 11:05 -------- d-----w- c:\program files (x86)\SpywareBlaster
2015-02-10 10:09 . 2015-02-10 10:09 -------- d-----w- c:\windows\SysWow64\AdvancedInstallers
2015-02-10 10:09 . 2015-02-10 10:09 -------- d-----w- c:\windows\Downloaded Program Files
2015-02-10 09:31 . 2015-02-10 09:34 -------- d-----w- C:\FRST
2015-02-10 07:36 . 2015-02-10 07:36 -------- d-----w- c:\program files (x86)\Belarc
2015-02-10 06:22 . 2015-02-10 12:09 -------- d-----w- c:\programdata\Malwarebytes
2015-02-08 07:54 . 2014-08-07 08:08 33360 ----a-w- c:\windows\system32\drivers\CisUtMonitor.sys
2015-02-08 07:54 . 2015-02-08 07:54 -------- d-----w- c:\program files\Uninstall Tool
2015-02-08 07:08 . 2015-02-08 07:08 -------- d-----w- c:\users\MARA\AppData\Local\EmieUserList
2015-02-08 07:08 . 2015-02-08 07:08 -------- d-----w- c:\users\MARA\AppData\Local\EmieSiteList
2015-02-08 07:08 . 2015-02-08 07:08 -------- d-----w- c:\users\MARA\AppData\Local\EmieBrowserModeList
2015-02-08 06:41 . 2015-02-08 06:41 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2015-02-08 00:39 . 2015-02-08 00:39 -------- d-----w- c:\users\MARA\AppData\Local\Innovative Solutions
2015-02-08 00:39 . 2015-02-08 00:39 -------- d-----w- c:\programdata\Innovative Solutions
2015-02-08 00:39 . 2014-03-07 15:25 42496 ----a-w- c:\windows\SysWow64\AdvUninstCPL.cpl
2015-02-08 00:39 . 2015-02-08 00:53 -------- d-----w- c:\program files (x86)\Innovative Solutions
2015-02-08 00:09 . 2015-02-08 00:09 -------- d-----w- c:\users\MARA\AppData\Local\VS Revo Group
2015-02-08 00:08 . 2015-02-08 00:08 -------- d-----w- c:\users\MARA\AppData\Local\Programs
2015-02-08 00:04 . 2015-02-08 00:10 -------- d-----w- c:\users\MARA\AppData\Local\Mozilla
2015-02-07 23:43 . 2015-02-07 23:49 -------- d-----w- c:\users\MARA\AppData\Roaming\Bitdefender
2015-02-07 23:41 . 2015-02-08 07:08 -------- d-----w- c:\users\MARA\AppData\Local\Microsoft
2015-02-07 09:50 . 2015-02-07 09:50 -------- d-----w- c:\users\Default
2015-02-07 04:39 . 2009-07-14 20:21 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2015-02-07 04:39 . 2015-02-07 08:48 -------- d-----w- c:\programdata\BDLogging
2015-02-07 04:39 . 2012-04-17 20:34 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2015-02-07 04:39 . 2015-02-10 13:58 82824 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2015-02-07 04:39 . 2014-12-02 22:37 74000 ----a-w- c:\windows\SysWow64\bdsandboxuiskin32.dll
2015-02-07 04:39 . 2013-11-13 21:41 93600 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2015-02-07 04:39 . 2007-04-11 17:11 511328 ----a-w- c:\windows\capicom.dll
2015-02-07 04:39 . 2015-02-10 13:16 262544 ----a-w- c:\windows\system32\drivers\avchv.sys
2015-02-07 04:39 . 2015-02-10 13:16 1306464 ----a-w- c:\windows\system32\drivers\avc3.sys
2015-02-07 04:35 . 2015-02-10 13:58 84848 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2015-02-07 04:35 . 2015-02-10 13:53 -------- d-----w- c:\programdata\Bitdefender
2015-02-07 04:32 . 2015-02-10 13:48 -------- d-----w- c:\program files\Bitdefender
2015-02-07 04:31 . 2015-02-10 13:48 -------- d-----w- c:\program files\Common Files\Bitdefender
2015-02-07 02:57 . 2015-02-07 02:57 -------- d-----w- c:\programdata\RogueKiller
2015-02-07 01:24 . 2015-02-07 01:24 53248 ----a-w- c:\windows\SysWow64\zlib.dll
2015-02-07 01:24 . 2015-02-07 01:24 -------- d-----w- C:\Support
2015-02-07 01:01 . 2015-02-10 10:09 -------- d-----w- c:\users\Public
2015-02-07 01:01 . 2015-02-07 01:01 -------- d-----w- c:\program files\CCleaner
2015-02-06 17:24 . 2015-02-06 17:27 -------- d-----w- C:\EEK
2015-02-06 12:56 . 2015-02-06 12:56 -------- d-----w- c:\programdata\VS Revo Group
2015-02-06 12:56 . 2009-12-30 16:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2015-02-06 12:56 . 2015-02-06 12:56 -------- d-----w- c:\program files\VS Revo Group
2015-02-03 10:10 . 2015-02-10 17:15 -------- d-----w- c:\users\MILLA
2015-02-01 13:34 . 2015-02-08 00:12 -------- d-----w- c:\program files (x86)\MRU-Blaster
2015-02-01 13:30 . 2015-02-01 13:30 -------- d-----w- c:\programdata\Licenses
2015-02-01 13:30 . 2011-11-04 11:13 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2015-02-01 13:30 . 2009-03-24 18:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2015-02-01 12:54 . 2012-07-30 17:14 31616 ----a-w- c:\windows\system32\FoolishEventLogMsgHelper.dll
2015-02-01 12:03 . 2015-02-07 09:48 196608 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2015-02-01 12:00 . 2015-02-01 12:00 -------- d-----w- c:\windows\SysWow64\BestPractices
2015-02-01 12:00 . 2015-02-01 12:00 -------- d-----w- c:\windows\system32\BestPractices
2015-02-01 12:00 . 2015-02-10 16:00 -------- d-----w- C:\inetpub
2015-02-01 07:03 . 2015-02-01 07:03 -------- d-----w- c:\windows\CheckSur
2015-01-31 19:25 . 2015-01-31 19:25 18126512 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-01-27 15:05 . 2014-12-15 12:13 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3C41757-1D0C-4D20-92B3-2310B1E80C2E}\mpengine.dll
2015-01-27 14:52 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-27 14:52 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-27 14:52 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-27 14:52 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-27 10:59 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-27 10:58 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-27 10:58 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-27 10:58 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-27 10:58 . 2014-12-12 05:31 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-27 10:58 . 2014-12-12 05:31 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-27 10:58 . 2014-12-12 05:31 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-27 10:58 . 2014-12-12 05:07 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-27 10:58 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-07 02:57 . 2014-12-31 10:49 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-01 22:59 . 2014-12-31 12:52 42 ----a-w- c:\windows\system32\tempreg.bat
2014-12-17 01:49 . 2014-12-17 01:49 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-12-17 01:49 . 2014-12-17 01:49 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2014-12-17 01:49 . 2014-12-17 01:49 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2014-12-16 22:05 . 2014-12-16 22:05 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-12-16 22:05 . 2014-12-16 22:05 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-12-16 22:05 . 2014-12-16 22:05 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-12-16 22:05 . 2014-12-16 22:05 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-12-16 22:05 . 2014-12-16 22:05 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-12-16 22:05 . 2014-12-16 22:05 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-12-16 22:05 . 2014-12-16 22:05 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-12-16 22:05 . 2014-12-16 22:05 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-12-16 22:05 . 2014-12-16 22:05 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-12-16 22:05 . 2014-12-16 22:05 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-12-16 22:05 . 2014-12-16 22:05 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-12-16 22:05 . 2014-12-16 22:05 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-16 22:05 . 2014-12-16 22:05 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-12-16 22:05 . 2014-12-16 22:05 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-12-16 22:05 . 2014-12-16 22:05 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-12-16 22:05 . 2014-12-16 22:05 633856 ----a-w- c:\windows\system32\ieui.dll
2014-12-16 22:05 . 2014-12-16 22:05 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-12-16 22:05 . 2014-12-16 22:05 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-12-16 22:05 . 2014-12-16 22:05 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-12-16 22:05 . 2014-12-16 22:05 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-12-16 22:05 . 2014-12-16 22:05 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-12-16 22:05 . 2014-12-16 22:05 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-12-16 22:05 . 2014-12-16 22:05 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-12-16 22:05 . 2014-12-16 22:05 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-12-16 22:05 . 2014-12-16 22:05 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-12-16 22:05 . 2014-12-16 22:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-12-16 22:05 . 2014-12-16 22:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-12-16 22:05 . 2014-12-16 22:05 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-12-16 22:05 . 2014-12-16 22:05 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-12-16 22:05 . 2014-12-16 22:05 413696 ----a-w- c:\windows\system32\html.iec
2014-12-16 22:05 . 2014-12-16 22:05 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-12-16 22:05 . 2014-12-16 22:05 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-12-16 22:05 . 2014-12-16 22:05 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-12-16 22:05 . 2014-12-16 22:05 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-12-16 22:05 . 2014-12-16 22:05 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-12-16 22:05 . 2014-12-16 22:05 247808 ----a-w- c:\windows\system32\msls31.dll
2014-12-16 22:05 . 2014-12-16 22:05 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-12-16 22:05 . 2014-12-16 22:05 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-12-16 22:05 . 2014-12-16 22:05 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-12-16 22:05 . 2014-12-16 22:05 199680 ----a-w- c:\windows\system32\msrating.dll
2014-12-16 22:05 . 2014-12-16 22:05 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-12-16 22:05 . 2014-12-16 22:05 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-12-16 22:05 . 2014-12-16 22:05 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-12-16 22:05 . 2014-12-16 22:05 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-12-16 22:05 . 2014-12-16 22:05 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-12-16 22:05 . 2014-12-16 22:05 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-12-16 22:05 . 2014-12-16 22:05 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-12-16 22:05 . 2014-12-16 22:05 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-12-16 22:05 . 2014-12-16 22:05 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-12-16 22:05 . 2014-12-16 22:05 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-12-16 22:05 . 2014-12-16 22:05 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-12-16 22:05 . 2014-12-16 22:05 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-12-16 22:05 . 2014-12-16 22:05 81408 ----a-w- c:\windows\system32\icardie.dll
2014-12-16 22:05 . 2014-12-16 22:05 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-12-16 22:05 . 2014-12-16 22:05 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-12-16 22:05 . 2014-12-16 22:05 774144 ----a-w- c:\windows\system32\jscript.dll
2014-12-16 22:05 . 2014-12-16 22:05 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-12-16 22:05 . 2014-12-16 22:05 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-12-16 22:05 . 2014-12-16 22:05 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-12-16 22:05 . 2014-12-16 22:05 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-12-16 22:05 . 2014-12-16 22:05 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-12-16 22:05 . 2014-12-16 22:05 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-12-16 22:05 . 2014-12-16 22:05 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-12-16 22:05 . 2014-12-16 22:05 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-12-16 22:05 . 2014-12-16 22:05 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-12-16 22:05 . 2014-12-16 22:05 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-12-16 22:05 . 2014-12-16 22:05 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-12-16 22:05 . 2014-12-16 22:05 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-12-16 22:05 . 2014-12-16 22:05 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-12-16 22:05 . 2014-12-16 22:05 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-12-16 22:05 . 2014-12-16 22:05 235520 ----a-w- c:\windows\system32\url.dll
2014-12-16 22:05 . 2014-12-16 22:05 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-12-16 22:05 . 2014-12-16 22:05 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-12-16 22:05 . 2014-12-16 22:05 147968 ----a-w- c:\windows\system32\occache.dll
2014-12-16 22:05 . 2014-12-16 22:05 143872 ----a-w- c:\windows\system32\wextract.exe
2014-12-16 22:05 . 2014-12-16 22:05 13824 ----a-w- c:\windows\system32\mshta.exe
2014-12-16 22:05 . 2014-12-16 22:05 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-12-16 22:05 . 2014-12-16 22:05 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-12-16 22:05 . 2014-12-16 22:05 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-12-16 22:05 . 2014-12-16 22:05 101376 ----a-w- c:\windows\system32\inseng.dll
2014-12-16 22:03 . 2014-12-16 22:03 878080 ----a-w- c:\windows\system32\advapi32.dll
2014-12-16 22:03 . 2014-12-16 22:03 859648 ----a-w- c:\windows\system32\tdh.dll
2014-12-16 22:03 . 2014-12-16 22:03 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2014-12-16 22:03 . 2014-12-16 22:03 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2014-12-16 22:03 . 2014-12-16 22:03 1732032 ----a-w- c:\windows\system32\ntdll.dll
2014-12-16 22:03 . 2014-12-16 22:03 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2014-12-16 22:02 . 2014-12-16 22:02 327168 ----a-w- c:\windows\system32\mswsock.dll
2014-12-16 22:02 . 2014-12-16 22:02 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2014-12-16 22:02 . 2014-12-16 22:02 68608 ----a-w- c:\windows\system32\taskhost.exe
2014-12-16 21:57 . 2014-12-16 21:57 9728 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-12-16 21:57 . 2014-12-16 21:57 9728 ----a-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-12-16 21:57 . 2014-12-16 21:57 5632 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-12-16 21:57 . 2014-12-16 21:57 5632 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-12-16 21:57 . 2014-12-16 21:57 5632 ----a-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-12-16 21:57 . 2014-12-16 21:57 5632 ----a-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender 2015\bdwtxag.exe" [2015-02-10 790880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LocalAccountTokenFilterPolicy"= 1 (0x1)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 CisUtMonitor;CisUtMonitor;c:\windows\system32\DRIVERS\CisUtMonitor.sys;c:\windows\SYSNATIVE\DRIVERS\CisUtMonitor.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\BIN\cleanhlp64.sys;c:\eek\BIN\cleanhlp64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 esihdrv;esihdrv;c:\users\MARA\AppData\Local\Temp\esihdrv.sys;c:\users\MARA\AppData\Local\Temp\esihdrv.sys [x]
R3 InnovativeSolutions_monitor;Innovative Solutions Service Monitor;c:\program files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe;c:\program files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [x]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R4 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R4 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]
R4 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\BIN\a2ddax64.sys;c:\eek\BIN\a2ddax64.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ   w3svc was
apphost REG_MULTI_SZ   apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-03 03:51]
.
2015-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-03 03:51]
.
2015-02-08 c:\windows\Tasks\RunUninstallTool_SkipUac.job
- c:\program files\Uninstall Tool\UninstallTool.exe [2015-02-08 07:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2014-07-04 23:58 206352 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2014-07-04 23:58 206352 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2014-07-04 23:58 206352 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2014-07-04 23:58 206352 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2015\bdagent.exe" [2015-02-10 1689576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\MILLA\AppData\Roaming\Mozilla\Firefox\Profiles\iax09hwq.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3290119370-742891325-88322259-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6B0DA6F-56B2-8925-C98A-BB9F206EADAE}*]
@Allowed: (Read) (RestrictedCode)
"jalhlpbnnehoipighood"=hex:62,61,6a,6a,00,00
"ialahhebcjbdafodjj"=hex:6b,61,63,6a,68,61,61,6d,6f,6f,66,6b,6e,70,68,6b,65,6f,
   69,61,67,61,00,00
"habbjahlmaamdjbp"=hex:6b,61,63,6a,68,61,61,6d,6f,6f,66,6b,6e,70,68,6b,65,6f,
   69,61,67,61,00,00
"jalhlpbnnehoipighoce"=hex:62,61,6a,6a,00,00
.
Completion time: 2015-02-11  00:54:49 - machine was rebooted
ComboFix-quarantined-files.txt  2015-02-11 06:54
ComboFix2.txt  2015-02-11 02:49
ComboFix3.txt  2015-02-10 18:15
ComboFix4.txt  2015-02-08 07:02
ComboFix5.txt  2015-02-11 06:42
.
Pre-Run: 233,157,623,808 bytes free
Post-Run: 232,835,723,264 bytes free
.
- - End Of File - - B9BD17CC20AD3D8B9568029835B04B51
A36C5E4F47E84449FF07ED3517B43A31


#14 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:26 AM

Posted 11 February 2015 - 02:40 AM

Combofix should not be run without trained advice.

 

As this subject has become increasingly indicative of malware, and as a trainee malware helper I cannot offer any further advice sorry.

 

I will request the thread be moved to the "Am I Infected" forum, where you can get help.


Edited by TsVk!, 11 February 2015 - 02:41 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users