Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

restore_files and .abc extensions

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

restore_files and .abc extensions

Unread postby SeaPhor » September 7th, 2015, 6:13 pm

DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17840 BrowserJavaVersion: 11.45.2
Run by home at 16:34:31 on 2015-09-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8047.4545 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\SysWOW64\ctfmon.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\windows\SysWOW64\cmd.exe
C:\Users\home\AppData\Local\Akamai\netsession_win.exe
C:\Users\home\AppData\Local\Akamai\netsession_win.exe
C:\Users\home\AppData\Roaming\Enigma Software Group\sh_installer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.yhs4.search.yahoo.com/yhs/web ... %3DWindows 7 Professional
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Akamai NetSession Interface] "C:\Users\home\AppData\Local\Akamai\netsession_win.exe"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NUSB3MON] "c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
IE: E&xport to Microsoft Excel - c:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 192.168.0.254
TCP: Interfaces\{55242149-D0CE-4903-B1AE-67FABD0F9FF1}\D4F445F425F4C414D20354344453 : NameServer = 75.75.76.76,76.76.76.76
TCP: Interfaces\{55242149-D0CE-4903-B1AE-67FABD0F9FF1}\D4F445F425F4C414D20354344453 : DHCPNameServer = 68.87.66.234 162.150.8.16
TCP: Interfaces\{6A28C6DD-D5CE-49B8-B9C9-7ED6B64E04FC} : DHCPNameServer = 192.168.0.254
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
x64-Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\u75paegz.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Users\home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2015-5-12 253408]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2015-5-7 378336]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2015-6-10 226784]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2015-3-20 40928]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2013-12-15 55280]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2015-3-11 162784]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2015-6-26 293296]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2015-6-16 259040]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2015-5-12 281568]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-3-1 202752]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-7-7 3518376]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-7-7 314304]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-5-1 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-5-1 1772672]
R2 DiagTrack;Diagnostics Tracking Service;C:\windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-11-19 102968]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-11-19 102968]
R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2009-7-8 30520]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2015-3-28 89840]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\windows\System32\drivers\e1k62x64.sys [2010-3-19 293552]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2009-10-26 151936]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\netw5s64.sys [2010-1-13 7675392]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2009-11-20 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2009-11-20 177152]
R3 rismcx64;RICOH Smart Card Reader;C:\windows\System32\drivers\rismcx64.sys [2010-3-19 59008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 rimspci;rimspci;C:\windows\System32\drivers\rimspe64.sys [2010-3-19 61952]
S2 risdpcie;risdpcie;C:\windows\System32\drivers\risdpe64.sys [2010-3-19 79360]
S2 rixdpcie;rixdpcie;C:\windows\System32\drivers\rixdpe64.sys [2010-3-19 55808]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2013-12-15 35104]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2015-7-12 114688]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-12-16 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-12-16 1255736]
S4 AdAppMgrSvc;Autodesk Application Manager Service;C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [2015-4-24 599944]
S4 AESTFilters;Andrea ST Filters Service;C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2013-12-15 89600]
S4 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-3-19 228408]
S4 Hp.Skyroom.Windows.Service;HP SkyRoom;C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2009-11-12 250936]
S4 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2013-12-15 635416]
S4 rgsender;Remote Graphics Sender Service;C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2013-12-15 379904]
S4 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-13 1120752]
S4 SMManager;HP Connection Manager Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [2009-12-3 82760]
S4 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-12-15 2320920]
S4 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2009-10-21 2019120]
.
=============== Created Last 30 ================
.
2015-09-07 20:17:09 -------- d-----w- C:\Users\home\AppData\Roaming\Enigma Software Group
2015-08-16 00:08:27 -------- d-----w- C:\Program Files\TortoiseSVN
2015-08-16 00:08:27 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays
2015-08-16 00:08:27 -------- d-----w- C:\Program Files (x86)\Common Files\TortoiseOverlays
2015-08-09 06:29:05 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
.
==================== Find3M ====================
.
2015-07-04 18:49:09 0 ----a-w- C:\windows\System32\RENA20E.tmp
2015-06-26 14:49:10 293296 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2015-06-26 04:34:28 85328 ----a-w- C:\windows\SysWow64\vcruntime140.dll
2015-06-26 04:34:28 439608 ----a-w- C:\windows\SysWow64\msvcp140.dll
2015-06-26 04:34:28 266928 ----a-w- C:\windows\SysWow64\vccorlib140.dll
2015-06-26 04:34:28 243520 ----a-w- C:\windows\SysWow64\concrt140.dll
2015-06-19 23:03:41 97888 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-06-16 20:55:04 259040 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2015-06-16 03:22:28 778416 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2015-06-16 03:22:28 142512 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-10 21:38:48 226784 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
.
============= FINISH: 16:35:02.06 ===============

Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/15/2013 6:52:51 PM
System Uptime: 9/5/2015 12:35:04 AM (64 hours ago)
.
Motherboard: Hewlett-Packard | | 1520
Processor: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz | CPU 1 | 2667/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 216 GiB total, 18.742 GiB free.
E: is FIXED (FAT32) - 2 GiB total, 1.501 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: swsenfd_1_10_0_14
Device ID: ROOT\LEGACY_SWSENFD_1_10_0_14\0000
Manufacturer:
Name: swsenfd_1_10_0_14
PNP Device ID: ROOT\LEGACY_SWSENFD_1_10_0_14\0000
Service: swsenfd_1_10_0_14
.
==== System Restore Points ===================
.
RP117: 9/7/2015 12:00:01 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 18 NPAPI
Akamai NetSession Interface
ATI Catalyst Install Manager
Autodesk Application Manager
AVG 2015
Bandicam
Bandisoft MPEG-1 Decoder
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
DirectX 9 Runtime
FileZilla Client 3.10.0.2
Google Chrome
Google Update Helper
HP 3D DriveGuard
HP Client Automation Agent Preload
HP Common Access Service Library
HP Connection Manager
HP Customer Experience Enhancements
HP ESU for Microsoft Windows 7
HP Integrated Module with Bluetooth wireless technology
HP Performance Tuning Framework
HP Power Assistant
HP Power Data
HP Quick Launch Buttons
HP QuickLook
HP QuickWeb
HP Setup
HP SkyRoom
HP SoftPaq Download Manager
HP Software Setup
HP Support Assistant
HP Support Solutions Framework
HP User Guides 0159
HP Wallpaper
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Intel PROSet Wireless
Intel(R) Management Engine Components
Intel(R) Network Connections Drivers
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Turbo Boost Technology Driver
Intel® Matrix Storage Manager
Java 8 Update 45
Java 8 Update 45 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 71 (64-bit)
Java SE Development Kit 8 Update 45 (64-bit)
LibreOffice 4.3.4.1
LightScribe System Software
LSI HDA Modem
Microsoft .NET Framework 4.5.1
Microsoft Choice Guard
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Mozilla Firefox 40.0.3 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEC Electronics USB 3.0 Host Controller Driver
NetBeans IDE 8.0.2
PDF Complete Special Edition
QLBCASL
Remote Graphics Receiver
Remote Graphics Sender
RICOH Media Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Business
Roxio Creator Business v10
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.1 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.1 (KB3037581)
Skype Click to Call
Skype™ 7.8
Sonic CinePlayer Decoder Pack
Synaptics Pointing Device Driver
TortoiseSVN 1.9.0.26652 (64 bit)
Unity
Unity Web Player
Validity Fingerprint Driver
VD64Inst
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows 7 Default Setting
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live Essentials
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR 5.11 (64-bit)
WinZip 12.0
.
==== Event Viewer Messages From Past Week ========
.
9/7/2015 2:56:12 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KBOX that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6A28C6DD-D5CE-49B8-B9C9-7ED6B64E04FC}. The master browser is stopping or an election is being forced.
9/6/2015 5:56:23 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
9/5/2015 12:36:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: swsenfd_1_10_0_14
9/5/2015 12:36:11 AM, Error: Service Control Manager [7000] - The rixdpcie service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/5/2015 12:36:11 AM, Error: Service Control Manager [7000] - The risdpcie service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/5/2015 12:36:11 AM, Error: Service Control Manager [7000] - The rimspci service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/4/2015 9:25:31 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/4/2015 9:25:31 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================

Description:
I was a mem here many years ago and know how professional the experts here are.
My son was starting college and needed a better laptop so I HP-Factory restored this one for him to use, then he purchased his own and gave this one back to me, about a month or 2 later I started having issues with the GFX card, and others, then I went through the control Panel's Uninstall programs and uninstalled everything my son had installed, ran CCleaner, and a virus scan. After that I saw ".abc" extensions on many of my files, and over 20.000 sets of "restore_files*****.txt" and "restore_files*****.html" in MANY directories and sub-directories which deleted immediately and began searching for a solution. And Here I am.
SeaPhor
Regular Member
 
Posts: 60
Joined: October 8th, 2007, 10:23 pm
Advertisement
Register to Remove

Re: restore_files and .abc extensions

Unread postby pgmigg » September 8th, 2015, 1:05 am

Hello SeaPhor,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: restore_files and .abc extensions

Unread postby pgmigg » September 8th, 2015, 11:53 am

Hello SeaPhor,

After that I saw ".abc" extensions on many of my files, and over 20.000 sets of "restore_files*****.txt" and "restore_files*****.html" in MANY directories and sub-directories which deleted immediately and began searching for a solution.
You are most likely dealing with a newer unnamed variant of TeslaCrypt which is for the most part the same as Alpha Crypt. :(

Any files that are encrypted with the newer unnamed variant of TeslaCrypt will have the .exx, .xyz, .zzz, .aaa or .abc extension appended to the end of the file name. The .aaa/.abc variant drops files with names like Recovery_File_*****.html, Recovery_File_*****.txt, restore_files_*****.html, restore_files_*****.txt files, (where ***** are random characters) and pretends to be CryptoWall 3.0.

May I draw your attention to the following links: Tesla/Alpha-Cypt Ransomware Information and TeslaDecoder

My son was starting college and needed a better laptop so I HP-Factory restored this one for him to use
If you already made HP Factory restore for your son, I guess you prepared backup of all your important files. Then may be the best idea in such case will be to do it again with hard disk reformatting and forget about this nightmare completely...

Please let me know your decision.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: restore_files and .abc extensions

Unread postby SeaPhor » September 8th, 2015, 5:18 pm

When I first submitted this help request I was on my Primary Windows PC, I felt I could take my time as I have an I identical (hardware and OS) secondary in order to do my work (volunteer developer for a pre-alpha software) in which I check-out code and check -in code- I searched the secondary and found the exact same "restore_files****.txt/html" and ".abc" file extensions, so in order to PROTECT the repository code I powered off both primary and secondary, booted the primary to HP "F11" Factory Restore to start clean.

So, if you wish to continue with the analysis and help me then GREAT! but, if not then I do understand, as a former member and student here I know how professional each expert here is.
I would like to continue if you can.

Thank you,
Shawn Miller (SeaPhor)

Also, I would prefer to "fix" the secondary if posible as the code base I work with is 110GB and takes 3+ days to "check-out" (SVN) not counting all the software I Have to install and configure.
SeaPhor
Regular Member
 
Posts: 60
Joined: October 8th, 2007, 10:23 pm

Re: restore_files and .abc extensions

Unread postby pgmigg » September 8th, 2015, 11:24 pm

Hello SeaPhor,

When I first submitted this help request I was on my Primary Windows PC, I felt I could take my time as I have an I identical (hardware and OS) secondary in order to do my work (volunteer developer for a pre-alpha software) in which I check-out code and check -in code- I searched the secondary and found the exact same "restore_files****.txt/html" and ".abc" file extensions, so in order to PROTECT the repository code I powered off both primary and secondary, booted the primary to HP "F11" Factory Restore to start clean.
Firstly I have two questions:
  1. Is it true that you are using your computers for business purposes?
  2. Please confirm that you made HP-Factory Restore with hard drives reformatting on your primary computer and did not do it on the secondary one where you found the same set of encrypted files?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: restore_files and .abc extensions

Unread postby SeaPhor » September 8th, 2015, 11:51 pm

pgmigg,
[1] - Professionally, I am an IT-Linux Systems Engineer, and use NO MS-WIndows systems for "business purposes". In my Personal time I am also a "VOLUNTEER" developer for a pre-alpha stage software project where I have NO financial or business gain, and the tools my fellow volunteers use requires MS-Windows and that is the ONLY reason I even have or use MS-Windows.
[2] - HP Laptops and Desktops come with the BIOS option of a Factory Restore option (F11 at BIOS level), and that is what I used, I did not "Make" anything, only used what HP ships with ALL of their PCs. And Yes, that is what I did on the primary laptop I used strictly for this Volunteer Project, and the secondary I only kept up-to-date with the latest code so that I could test more than the amount of scenarios that a single login could and was rarely used.
At this time the secondary was powered off and has not been touched otherwise- ONLY the primary was Restored to Factory Shipping Image and I'm still trying to get all I need installed and configured in order to help with the project, but, as I mentioned before- that will take some time to catch up.
SeaPhor
Regular Member
 
Posts: 60
Joined: October 8th, 2007, 10:23 pm

Re: restore_files and .abc extensions

Unread postby pgmigg » September 9th, 2015, 11:02 am

Hello SeaPhor,

Every computer you have where you found "restore_files****.txt/html" and ".abc" file extensions should be nuke, pave, and re-customise for the best results and safety. The most important thing in the treatment of serious infections such as yours - be sure that the infection is completely gone from the hard disk. The best way in such case - a complete reformat of the drive.

Then if you don't want to have to spend time re-customising your computers, I can recommend you to create a system image when you have got your computer the way you want it - any future problems can be resolved quickly and easily.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: restore_files and .abc extensions

Unread postby SeaPhor » September 9th, 2015, 8:04 pm

I only have these 2 windows boxes, If you're saying we can't "Fix" this then thanks for your time, I appreciate your assistance.
SeaPhor
Regular Member
 
Posts: 60
Joined: October 8th, 2007, 10:23 pm

Re: restore_files and .abc extensions

Unread postby pgmigg » September 9th, 2015, 8:46 pm

Hello SeaPhor,

If you're saying we can't "Fix" this then thanks for your time
There is nothing to fix. After Factory Restores you have clean and fresh computers without anything except OS and software installed at the time when you bought them without any kind of infections, malware, and user's files...

I appreciate your assistance.
You are welcome, SeaPhor!

Stay Safe! ;)
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: restore_files and .abc extensions

Unread postby SeaPhor » September 9th, 2015, 10:33 pm

I still have my box powered off in the infected state, clearly, it needs "Fixed"
SeaPhor
Regular Member
 
Posts: 60
Joined: October 8th, 2007, 10:23 pm

Re: restore_files and .abc extensions

Unread postby pgmigg » September 9th, 2015, 11:41 pm

I still have my box powered off in the infected state, clearly, it needs "Fixed"
As I wrote many times, the best solution in such case as yours is exactly the same scheme as you did already with your Primary computer - the Factory Restore (FR)!
No one can guarantee you, that after a very long way of "fixes" (I remember about 110GB of files with code) your Secondary PC will be completely free of infections.

If you use your computers for volunteering development and nothing else, you can easily reload source files and forget about this nightmare after FR.
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: restore_files and .abc extensions

Unread postby Cypher » September 11th, 2015, 11:50 am

As your problems appear to require a reformat, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware