Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91521 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Strange goings on with Win 8 PC in desktop mode [Solved]


  • This topic is locked This topic is locked
30 replies to this topic

#16 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 18 June 2014 - 08:23 AM

Hi cmanutd99,

:thumbup: The log is rather long, please be patient while I review it.



 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#17 cmanutd99

cmanutd99

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 18 June 2014 - 11:00 AM

No probs mate!!



#18 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 18 June 2014 - 08:54 PM

Hi cmanutd99,

bullseye_zpse9eaf36e.gif Chkdsk in Windows 8

You must run the command prompt as an administrator or in an "elevated mode".

  • Launch the Start Screen by pressing the Windows key or clicking the lower left corner of the Taskbar.
  • From the Start Screen, search for the Windows Command Prompt by typing “cmd”.

    Windows8CommandPrompt_zps3488ee4c.jpeg
  • Right-click on the Command Prompt and choose “Run as Administrator” from the bar at the bottom of the screen.

    Windows8CommandPrompt2_zpsd90e8a33.jpeg
  • Then type in "chkdsk /f /r /x" (make note of the space between chkdsk and each of the /)

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

Post results.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#19 cmanutd99

cmanutd99

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 19 June 2014 - 05:35 AM

Hi,

 

Tried to tun but it states - 

 

The type of file system is NTFS

Cannot lock current drive

 

Chckdsk cannot run because the volume is in use by another process.Would you like to schedule to be checked the next time the system restarts(y/n)

 

i selected yes and rebooted!



#20 cmanutd99

cmanutd99

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 19 June 2014 - 06:52 AM

It has scanned on boot up but then continues to boot so there are no results to post!

It just stated it was 100% complete

#21 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 19 June 2014 - 08:26 AM

Hi cmanutd99,

These instructions may not be 100% accurate for Windows 8, but see if you can locate the chkdsk log.

bullseye_zpse9eaf36e.gif To view results log:

  • Open the Start Menu, and type eventvwr.msc in the search box and press enter.
  • If prompted by UAC, then click on Yes (Windows 7) or Continue (Vista).
  • In the left pane of Event Viewer, double click on Windows Logs to expand it, then right click on Application and click on Find.
  • Copy and paste Chkdsk into the line, and click on Find Next.
  • You will now see the system log for the scan results of Check Disk (chkdsk).
  • In the right had menu select copy, open notepad and paste the chkdsk results into notepad
  • Post in your next reply.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#22 cmanutd99

cmanutd99

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 20 June 2014 - 04:14 AM

Hi,

 

Here is the results:

 

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          19/06/2014 13:52:07
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Desktop
Description:
 
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
Stage 1: Examining basic file system structure ...
  496384 file records processed.                                                        
 
File verification completed.
  4911 large file records processed.                                   
 
  0 bad file records processed.                                     
 
 
Stage 2: Examining file name linkage ...
  569066 index entries processed.                                                       
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
 
Stage 3: Examining security descriptors ...
Cleaning up 7 unused index entries from index $SII of file 0x9.
Cleaning up 7 unused index entries from index $SDH of file 0x9.
Cleaning up 7 unused security descriptors.
Security descriptor verification completed.
  36342 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  40532472 USN bytes processed.                                                           
 
Usn Journal verification completed.
 
Stage 4: Looking for bad clusters in user file data ...
  496368 files processed.                                                               
 
File data verification completed.
 
Stage 5: Looking for bad, free clusters ...
  27989753 free clusters processed.                                                       
 
Free space verification is complete.
 
Windows has scanned the file system and found no problems.
No further action is required.
 
 156927999 KB total disk space.
  44272244 KB in 146433 files.
     87660 KB in 36343 indexes.
         0 KB in bad sectors.
    609083 KB in use by the system.
     65536 KB occupied by the log file.
 111959012 KB available on disk.
 
      4096 bytes in each allocation unit.
  39231999 total allocation units on disk.
  27989753 allocation units available on disk.
 
Internal Info:
00 93 07 00 00 ca 02 00 88 09 05 00 00 00 00 00  ................
03 14 00 00 37 00 00 00 00 00 00 00 00 00 00 00  ....7...........
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-06-19T12:52:07.000000000Z" />
    <EventRecordID>15714</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Desktop</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
Stage 1: Examining basic file system structure ...
  496384 file records processed.                                                        
 
File verification completed.
  4911 large file records processed.                                   
 
  0 bad file records processed.                                     
 
 
Stage 2: Examining file name linkage ...
  569066 index entries processed.                                                       
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
 
Stage 3: Examining security descriptors ...
Cleaning up 7 unused index entries from index $SII of file 0x9.
Cleaning up 7 unused index entries from index $SDH of file 0x9.
Cleaning up 7 unused security descriptors.
Security descriptor verification completed.
  36342 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  40532472 USN bytes processed.                                                           
 
Usn Journal verification completed.
 
Stage 4: Looking for bad clusters in user file data ...
  496368 files processed.                                                               
 
File data verification completed.
 
Stage 5: Looking for bad, free clusters ...
  27989753 free clusters processed.                                                       
 
Free space verification is complete.
 
Windows has scanned the file system and found no problems.
No further action is required.
 
 156927999 KB total disk space.
  44272244 KB in 146433 files.
     87660 KB in 36343 indexes.
         0 KB in bad sectors.
    609083 KB in use by the system.
     65536 KB occupied by the log file.
 111959012 KB available on disk.
 
      4096 bytes in each allocation unit.
  39231999 total allocation units on disk.
  27989753 allocation units available on disk.
 
Internal Info:
00 93 07 00 00 ca 02 00 88 09 05 00 00 00 00 00  ................
03 14 00 00 37 00 00 00 00 00 00 00 00 00 00 00  ....7...........
 
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>


#23 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 20 June 2014 - 10:33 AM

Hi cmanutd99,

Any change in performance?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#24 cmanutd99

cmanutd99

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 20 June 2014 - 11:51 AM

Hi,

 

The strange goings on after boot up seem to stopped for now so i'm hoping all the things you have had me try have been successful.

 

I am going on holiday tonight for a week so i will ask my mum to monitor the situation but finger crossed it stays ok!

 

Thanks for all your help!



#25 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 20 June 2014 - 12:21 PM

Hi cmanutd99,
 

The strange goings on after boot up seem to stopped for now so i'm hoping all the things you have had me try have been successful.

:thumbup:
 

I am going on holiday tonight for a week so i will ask my mum to monitor the situation but finger crossed it stays ok!

OK. I will leave the thread open until you return. If the issues appear to be resolved, we need to do a bit of housekeeping to remove any tools we downloaded then I can send you on your way.

Kindly reply back when you have returned and update me on the status of the computer.


 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#26 cmanutd99

cmanutd99

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 20 June 2014 - 02:39 PM

Thats great many thanks, i'll repost when home a week sunday!!



#27 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 20 June 2014 - 02:49 PM

:thumbup:


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#28 cmanutd99

cmanutd99

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 29 June 2014 - 06:09 AM

Hi,

 

I'm back now and all is still ok with the PC so many thanks!!!



#29 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 29 June 2014 - 09:29 AM

Hi cmanutd99,

We have a few items to take care of before we get to the All Clean Speech.

=========================

bullseye_zpse9eaf36e.gif Remove Disinfection Tools

  • Download Delfix
  • Tick the following boxes:
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore

Delfix_zpsa4372efd.gif

  • Click Run
  • Any other tools and files found can simply be deleted or uninstall via the Control Panel.

= = = = = = = = = = = = = = = = = = = =

With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#30 cmanutd99

cmanutd99

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 30 June 2014 - 06:00 AM

All done and many thanks for all your help!!


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users