Computer was cleaned but still has problems
I had a pro clean this computer and was told it was clean. Of course I was told by him to run combofix. I did and it found this
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache86\userinit.exe
He went on to continue and clean the system. That was a few days ago. I was told to never run combofix without someone telling me to. I do understand it can mess a computer up but in my case I have an image so I can get it back going if I had to. Today I run combofix again because the computer was slowing down. It still finds the same infected file. I have run that program about 4 times and it always finds that one file infected even though I was told this computer had no problems. Like I mentioned its no big deal if it crashes because I have several acronis backups made and I can get it back running. I just want to know why combofix keeps finding that one file infected. Here are the logs you need
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Tom at 22:01:56 on 2014-01-29
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4528 [GMT -6:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
SP: Webroot SecureAnywhere *Enabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_38_ActiveX.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1058
TCP: NameServer = 24.177.176.38 71.92.29.130 24.217.201.67
TCP: Interfaces\{2FFDAB11-47E1-4C8E-9DC0-7A902F405408} : DHCPNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\1qmzyu6f.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2013-3-29 108832]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-3-24 55856]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2013-4-7 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2013-4-7 183224]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2013-4-7 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2013-3-29 117024]
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2013-4-3 115232]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-4-7 3783672]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-1-28 109352]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-24 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-24 701512]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-3-20 7084672]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2013-4-3 761464]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2013-4-7 367200]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM 64 bit;C:\Windows\System32\drivers\Envy24HF.sys [2007-3-15 150016]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-24 25928]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-1-9 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-13 19456]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-13 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-1-13 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-18 1255736]
.
=============== Created Last 30 ================
.
2014-01-30 03:50:49 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-30 03:41:39 -------- d-s---w- C:\ComboFix
2014-01-29 01:56:45 -------- d-----w- C:\Program Files\HitmanPro
2014-01-29 01:56:34 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-28 10:49:07 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{93E40CBE-B6E8-4C62-B067-D8A010E4FCC6}\mpengine.dll
2014-01-28 01:23:25 -------- d-----w- C:\FRST
2014-01-28 00:18:54 98816 ----a-w- C:\Windows\sed.exe
2014-01-28 00:18:54 256000 ----a-w- C:\Windows\PEV.exe
2014-01-28 00:18:54 208896 ----a-w- C:\Windows\MBR.exe
2014-01-26 01:45:03 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-01-24 04:33:16 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-24 04:32:28 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-01-21 03:43:50 -------- d-----w- C:\Users\Tom\AppData\Local\Macromedia
2014-01-20 20:48:19 -------- d-----w- C:\Program Files\SAMSUNG
2014-01-20 20:48:04 -------- d-----w- C:\ProgramData\Samsung
2014-01-19 15:49:04 -------- d-----w- C:\Windows\ERUNT
2014-01-19 15:47:55 -------- d-----w- C:\AdwCleaner
2014-01-15 22:23:52 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 22:23:52 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 22:23:52 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 22:23:52 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 22:23:52 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 22:23:51 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 22:23:51 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 22:23:51 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 22:23:50 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-15 03:06:00 -------- d-----w- C:\Users\Tom\AppData\Local\Amazon
2014-01-13 22:13:22 -------- d-----w- C:\Users\Tom\AppData\Roaming\HpUpdate
2014-01-13 22:12:34 -------- d-----w- C:\Windows\Hewlett-Packard
2014-01-13 22:03:36 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-01-13 22:03:36 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-01-13 22:00:36 -------- d-----w- C:\Users\Tom\AppData\Local\Secunia PSI
2014-01-13 22:00:27 -------- d-----w- C:\Program Files (x86)\Secunia
2014-01-09 05:20:20 -------- d-----w- C:\Windows\Migration
2014-01-05 02:29:57 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2014-01-05 02:27:48 -------- d-----w- C:\ProgramData\Cisco Systems
.
==================== Find3M ====================
.
2014-01-26 14:11:49 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-26 14:11:49 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-16 05:24:06 154824 ----a-w- C:\Windows\SysWow64\WRusr.dll
2014-01-16 05:24:06 115232 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2014-01-16 05:24:06 104872 ----a-w- C:\Windows\System32\WRusr.dll
2013-12-28 02:22:17 10395072 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
2013-12-18 12:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 22:02:17.95 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/18/2012 4:09:37 PM
System Uptime: 1/29/2014 9:50:10 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | 965P-DS3
Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz | Socket 775 | 1800/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 488 GiB total, 451.63 GiB free.
D: is FIXED (NTFS) - 443 GiB total, 191.18 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP61: 1/27/2014 6:19:02 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Amazon Kindle
Bomgar Representative Console 13.1.3 [remote.sacsinc.com]
BufferChm
C4400
CCleaner
Cisco Connect
Copy
Destinations
DeviceDiscovery
DirectX 9 Runtime
DivX Setup
DocProc
EMC 10 Content
EMCGadgets64
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
HitmanPro 3.7
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3
HP Photosmart Essential 3.5
HP Product Detection
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
ieSpell
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 4.5.1
Microsoft Mouse and Keyboard Center
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
OCR Software by I.R.I.S. 13.0
PS_AIO_03_C4400_Software_Min
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio File Backup
Roxio PhotoShow
Roxio Update Manager
SAMSUNG USB Driver for Mobile Phones
Scan
SmartWebPrinting
SolutionCenter
Sonic CinePlayer Decoder Pack
Status
Toolbox
TrayApp
True Image 2013
UnloadSupport
VC80CRTRedist - 8.0.50727.6195
VD64Inst
WebReg
Webroot SecureAnywhere
Windows 7 Upgrade Advisor
.
==== Event Viewer Messages From Past Week ========
.
1/29/2014 9:50:56 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/29/2014 9:50:56 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
1/29/2014 9:50:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter
1/29/2014 9:45:37 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/29/2014 9:41:18 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
1/29/2014 9:41:18 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
1/28/2014 5:36:35 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort3.
1/28/2014 2:29:23 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
1/28/2014 2:29:23 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
1/27/2014 9:45:20 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/27/2014 9:43:30 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/27/2014 9:43:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/27/2014 9:43:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/27/2014 9:43:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/27/2014 9:43:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/27/2014 9:43:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache RxFilter snapman spldr Wanarpv6
.
==== End Of File ===========================
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-29 22:10:32
-----------------------------
22:10:32.512 OS Version: Windows x64 6.1.7601 Service Pack 1
22:10:32.512 Number of processors: 2 586 0xF02
22:10:32.512 ComputerName: TOM-PC UserName: Tom
22:10:35.320 Initialize success
22:10:44.682 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
22:10:44.682 Disk 0 Vendor: ST31000528AS CC38 Size: 953868MB BusType: 3
22:10:44.775 Disk 0 MBR read successfully
22:10:44.775 Disk 0 MBR scan
22:10:44.775 Disk 0 Windows 7 default MBR code
22:10:44.791 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:10:44.791 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 499900 MB offset 206848
22:10:44.807 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 453866 MB offset 1024002048
22:10:44.838 Disk 0 scanning C:\Windows\system32\drivers
22:10:50.220 Service scanning
22:10:58.893 Service WRkrn C:\Windows\System32\drivers\WRkrn.sys **LOCKED** 32
22:10:59.627 Modules scanning
22:10:59.627 Disk 0 trace - called modules:
22:10:59.642 ntoskrnl.exe CLASSPNP.SYS disk.sys vidsflt.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
22:10:59.642 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e7d060]
22:10:59.658 3 CLASSPNP.SYS[fffff88001ab343f] -> nt!IofCallDriver -> [0xfffffa8005e7c040]
22:10:59.658 5 vidsflt.sys[fffff880010b55f1] -> nt!IofCallDriver -> [0xfffffa8005cf4520]
22:10:59.673 7 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0xfffffa8005cf6060]
22:10:59.673 Scan finished successfully
22:11:18.549 Disk 0 MBR has been saved successfully to "C:\Users\Tom\Desktop\MBR.dat"
22:11:18.565 The log file has been saved successfully to "C:\Users\Tom\Desktop\aswMBR.txt"
.
I tried to backup your Registry with ERUNT but got an error. Will this work with windows 7 pro? if not then please advice me on what I need to do. I just want to find out if something might be hiding in the system that keeps giving that message when running combofix. I do understand your rules said not to run combo and I totally understand. If combo is giving me this message
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache86\userinit.exe
This was the same exact message I got before my computer was cleaned by another malware expert. He did clean it and I have no complaint other than how does this keep showing up if it is clean?
Thanks for taking a look.
-----------------------------------
I did install ERUNT and was able to run it.
Originally Posted by threeputt
