Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

AGGRESSIVE Malware wrecking my PC please help [Solved]

Aggressive Malware

  • This topic is locked This topic is locked
45 replies to this topic

#16 Juliusmaximus

Juliusmaximus

    Authentic Member

  • Authentic Member
  • PipPip
  • 113 posts

Posted 07 November 2014 - 09:06 AM

Programs uninstalled. 

AdwCleaner log

 

# AdwCleaner v3.311 - Report created 07/11/2014 at 07:38:08
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ortiz Family - ORTIZFAMILY-HP
# Running from : C:\Users\Ortiz Family\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Uncompressor
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Ortiz Family\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ortiz Family\AppData\LocalLow\vshare.tv_Bar
Folder Deleted : C:\Users\Ortiz Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uncompressor
File Deleted : C:\Users\Ortiz Family\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wajam.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2818425
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75CC1BBE-D96F-45DF-A622-D60BFA8AF49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E09EF104-3849-47F4-B005-A120558F3FEF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB61B649-3FC8-4754-89A2-501456130AB5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6C30-11D8-9363-000AE6309654}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{274A791C-9F4A-4E63-BC50-82AA58AB4D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B4B3001E-0F56-4E51-8250-BDE11547EC55}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3013E03D-89D5-4580-8560-DB198297CC29}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{53FDCCB0-2404-4274-9002-5A3A1FD40426}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B69509B5-4A90-4433-A2DE-BE439F6581F2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-6C30-11D8-9363-000AE6309654}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6C30-11D8-9363-000AE6309654}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4B3001E-0F56-4E51-8250-BDE11547EC55}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6C30-11D8-9363-000AE6309654}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4B3001E-0F56-4E51-8250-BDE11547EC55}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{05EF2DEA-ACE3-4716-A101-1E0715719840}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9E10D52-7C31-4DC1-AA2A-FC4C3D0E6A5F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B4B3001E-0F56-4E51-8250-BDE11547EC55}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{75CC1BBE-D96F-45DF-A622-D60BFA8AF49E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E09EF104-3849-47F4-B005-A120558F3FEF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{FB61B649-3FC8-4754-89A2-501456130AB5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\vShare.tv
Key Deleted : HKCU\Software\AppDataLow\Software\vshare.tv_Bar
Key Deleted : HKLM\SOFTWARE\{6CC4BF79-7708-4ECB-8F2B-A11264A67989}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\vshare.tv_Bar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8BA8B13-856D-4DFB-A28F-7EC868142453}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

-\\ Mozilla Firefox v

-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\Ortiz Family\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [8513 octets] - [07/11/2014 07:34:34]
AdwCleaner[S0].txt - [8446 octets] - [07/11/2014 07:38:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8506 octets] ##########


feb21c5184d0069ad579af0763b92356.jpg  Don't cry because it has ended, instead rejoice because it happened. - Gabriel Garcia Marquez, adapted by Dr. Seuss!!!

    Advertisements

Register to Remove


#17 Juliusmaximus

Juliusmaximus

    Authentic Member

  • Authentic Member
  • PipPip
  • 113 posts

Posted 07 November 2014 - 09:09 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by Ortiz Family at 2014-11-07 07:21:38 Run:3
Running from C:\Users\Ortiz Family\Desktop
Loaded Profile: Ortiz Family (Available profiles: Ortiz Family)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4195524230-986017159-2191004378-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
2014-10-31 20:03 - 2014-11-06 13:20 - 00000000 ____D () C:\f0c92b9
2014-10-29 14:08 - 2014-10-29 14:08 - 00000448 ____N () C:\Users\Ortiz Family\AppData\Roaming\麽鎒駓覜
2014-10-13 21:06 - 2014-10-13 21:07 - 00000000 ____D () C:\Users\Ortiz Family\AppData\Local\{BEA14BDE-9E14-44EA-9AB8-394F68781494}
Task: {94A04A22-13CD-4281-9B14-504889B94585} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleUpdate" /f
Folder: C:\Users\Ortiz Family\AppData\Local\893686b8
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-4195524230-986017159-2191004378-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\f0c92b9 => Moved successfully.
C:\Users\Ortiz Family\AppData\Roaming\麽鎒駓覜 => Moved successfully.
C:\Users\Ortiz Family\AppData\Local\{BEA14BDE-9E14-44EA-9AB8-394F68781494} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94A04A22-13CD-4281-9B14-504889B94585}" => Key not found.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => Key not found.
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater" /f => Error: No automatic fix found for this entry.
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleUpdate" /f => Error: No automatic fix found for this entry.

========================= Folder: C:\Users\Ortiz Family\AppData\Local\893686b8 ========================

The path is not a directory.

=========  ipconfig /flushdns =========

========= End of CMD: =========

=========  netsh winsock reset all =========

========= End of CMD: =========

=========  netsh int ipv4 reset =========

========= End of CMD: =========

=========  netsh int ipv6 reset =========

========= End of CMD: =========

EmptyTemp: => Removed 32 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====


feb21c5184d0069ad579af0763b92356.jpg  Don't cry because it has ended, instead rejoice because it happened. - Gabriel Garcia Marquez, adapted by Dr. Seuss!!!


#18 Juliusmaximus

Juliusmaximus

    Authentic Member

  • Authentic Member
  • PipPip
  • 113 posts

Posted 07 November 2014 - 09:16 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.6 (11.05.2014:1)
OS: Windows 7 Home Premium x64
Ran by Ortiz Family on Fri 11/07/2014 at  8:12:00.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Ortiz Family\appdata\local\pc_drivers_headquarters"
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{03BA7E13-29B9-45CD-8159-30295EE9A5C4}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{05CA2058-FBFB-46AB-BEC4-41D554AF25FA}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{2A398F02-BCB5-497A-A8EB-45F4B5F11D3E}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{3761C3D6-0EC2-4006-B4FC-8D5C1B81274F}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{3C89CED3-DA00-4DDB-9562-C78DE3E95A12}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{40278690-3BFF-4650-BC13-E8E7E1A7B3CE}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{480F188E-4716-485C-AF10-73FBAB216D0E}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{6371B064-0F37-4EBD-B40F-563F7A33CB1C}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{6AECAACD-E293-47D3-81AA-653111B6B00D}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{6D390C56-2D38-40F1-8D83-B0559C5C1729}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{72E312EE-F030-48F8-BEB4-FF482B504238}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{7E98891E-F531-4ECE-9D90-24851B6D3950}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{86DD2464-F3F0-4CE8-AA70-D510960185A6}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{91F7BA3A-E6AD-49AC-B628-C53F49BE9192}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{979030AC-38DC-40A5-B0ED-25144E4904D4}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{A1E6B98F-819F-40AB-AE72-1692E58E9F90}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{A2B93AB2-BD0C-4973-8D2B-2C11DCD768EB}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{B0E52C88-EE34-40E2-A9EB-5A5547F9D697}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{C24638E5-B785-4B42-A437-687873369797}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{CE67D16C-DFBF-4A81-B114-1A86CBBC09FE}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{CF9F016A-8D90-404D-9B36-4773AE704967}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{D0401478-9B4D-4274-BA2B-1BE4FA9327E3}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{D18AE7B4-5232-4985-B266-DE3E7AAC88FF}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{D35193C9-24E9-4184-8F1D-826C1D68711B}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{D4F8E827-A3ED-4CDF-9BA5-49F9B9DF7D73}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{D9AEB315-40BB-44CC-AC00-4D4A19E28CA9}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{DF440DBE-16BB-46CB-9C97-9EA20FADB106}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{E0FCC83A-8E3D-4434-84C1-AF0CA42D0361}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{E71AD17C-B606-47CB-BBAC-2FDB74C1FA2A}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{E7E80B4A-1EF8-4498-AFF4-4C59156FB891}
Successfully deleted: [Empty Folder] C:\Users\Ortiz Family\appdata\local\{EF1EC0CB-440B-4F55-9964-EC1221FF9428}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/07/2014 at  8:14:57.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


feb21c5184d0069ad579af0763b92356.jpg  Don't cry because it has ended, instead rejoice because it happened. - Gabriel Garcia Marquez, adapted by Dr. Seuss!!!


#19 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 07 November 2014 - 02:48 PM

Hello Julio, 
 
Please provide an update on your computer after completing the steps below. 
 
STEP 1
xfuv55DC.png.pagespeed.ic.utHP7dQtHY.jpg Creating System Restore Point (W7)

  • Click the Windows Start Button 29Fou9c.jpg. Right-click Computer and click Properties.
  • Click System protection in the panel on the left. 
  • Click the System Protection tab, followed by Create.
  • In the System Protection dialog box, type a description, and click Create.
  • Upon completion, close the window.
     

STEP 2
MgeHyNE.png CHKDSK

  • Note: If you have a Solid State Drive (SSD), do not run CHKDSK. Skip STEP 2, and proceed with STEP 3.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo off
    cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\chkdskquery.txt"
    notepad %userprofile%\Desktop\chkdskquery.txt
    del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file chkdsk.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate chkdsk.bat lmRDSkT.png (W8/7/Vista) on your DesktopRight-click the icon and click AVOiBNU.jpg Run as administrator.
  • CHKDSK may take up to an hour to complete. Allow the programme to run uninterrupted, and do not use your computer during the process.  
  • Upon completion, a log (chkdskquery.txt) will open on your Desktop. Please copy the contents of the log and paste in your next reply.
     

STEP 3
MgeHyNE.png System File Checker (SFC)

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    sfc /scannow
    findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcresults.txt"
    notepad %userprofile%\Desktop\sfcresults.txt
    del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file querysfc.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate querysfc.bat lmRDSkT.png (W8/7/Vista) on your DesktopRight-click the icon and click AVOiBNU.jpg Run as administrator.
  • Upon completion, a log (sfcresults.txt) will open on your Desktop. Copy the contents of the log and paste in your next reply.
     

STEP 4
gxJsKn9.png Farbar Service Scanner (FSS)

  • Please download FSS and save the file to your Desktop.
  • Right-Click FSS.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the following items are checked:
    • H5woOOZ.png
    • TA6BLVm.png
    • e1PK1mD.png
    • mQdJltp.png
    • poNGKHr.png
    • 7wCHunX.png
    • wU6iCZ5.png
  • Click Scan.
  • A log (FSS.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • chkdskquery.txt
  • sfcresults.txt
  • FSS.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#20 Juliusmaximus

Juliusmaximus

    Authentic Member

  • Authentic Member
  • PipPip
  • 113 posts

Posted 07 November 2014 - 04:54 PM

I attempted a chkdsk.bat twice both times it alerted that it could not complete because it was being used by another process.

 

here are the sfc results.... in the meantime I'll proceed with Farbar...

 

2014-11-07 15:40:17, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:40:17, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2014-11-07 15:40:20, Info                  CSI    0000000c [SR] Verify complete
2014-11-07 15:40:21, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:40:21, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2014-11-07 15:40:23, Info                  CSI    00000010 [SR] Verify complete
2014-11-07 15:40:23, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:40:23, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2014-11-07 15:40:26, Info                  CSI    00000014 [SR] Verify complete
2014-11-07 15:40:26, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:40:26, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2014-11-07 15:40:29, Info                  CSI    00000018 [SR] Verify complete
2014-11-07 15:40:29, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:40:29, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2014-11-07 15:40:31, Info                  CSI    0000001c [SR] Verify complete
2014-11-07 15:40:31, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:40:31, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2014-11-07 15:40:34, Info                  CSI    00000020 [SR] Verify complete
2014-11-07 15:40:34, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:40:34, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2014-11-07 15:40:36, Info                  CSI    00000024 [SR] Verify complete
2014-11-07 15:40:37, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:40:37, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2014-11-07 15:40:39, Info                  CSI    00000028 [SR] Verify complete
2014-11-07 15:40:39, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:40:39, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2014-11-07 15:40:42, Info                  CSI    0000002c [SR] Verify complete
2014-11-07 15:40:42, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:40:42, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2014-11-07 15:40:44, Info                  CSI    00000030 [SR] Verify complete
2014-11-07 15:40:44, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:40:44, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2014-11-07 15:40:46, Info                  CSI    00000034 [SR] Verify complete
2014-11-07 15:40:46, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:40:46, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2014-11-07 15:40:49, Info                  CSI    00000038 [SR] Verify complete
2014-11-07 15:40:49, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:40:49, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2014-11-07 15:40:52, Info                  CSI    0000003c [SR] Verify complete
2014-11-07 15:40:52, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:40:52, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2014-11-07 15:40:55, Info                  CSI    00000040 [SR] Verify complete
2014-11-07 15:40:55, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:40:55, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2014-11-07 15:40:58, Info                  CSI    00000044 [SR] Verify complete
2014-11-07 15:40:58, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:40:58, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2014-11-07 15:41:01, Info                  CSI    00000048 [SR] Verify complete
2014-11-07 15:41:01, Info                  CSI    00000049 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:41:01, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
2014-11-07 15:41:03, Info                  CSI    0000004c [SR] Verify complete
2014-11-07 15:41:04, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:41:04, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
2014-11-07 15:41:06, Info                  CSI    00000050 [SR] Verify complete
2014-11-07 15:41:06, Info                  CSI    00000051 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:41:06, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
2014-11-07 15:41:09, Info                  CSI    00000054 [SR] Verify complete
2014-11-07 15:41:09, Info                  CSI    00000055 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:41:09, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
2014-11-07 15:41:11, Info                  CSI    00000058 [SR] Verify complete
2014-11-07 15:41:11, Info                  CSI    00000059 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:41:11, Info                  CSI    0000005a [SR] Beginning Verify and Repair transaction
2014-11-07 15:41:14, Info                  CSI    0000005c [SR] Verify complete
2014-11-07 15:41:15, Info                  CSI    0000005d [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:41:15, Info                  CSI    0000005e [SR] Beginning Verify and Repair transaction
2014-11-07 15:41:16, Info                  CSI    00000060 [SR] Verify complete
2014-11-07 15:41:16, Info                  CSI    00000061 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:41:16, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
2014-11-07 15:41:17, Info                  CSI    00000064 [SR] Verify complete
2014-11-07 15:41:17, Info                  CSI    00000065 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:41:17, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
2014-11-07 15:41:23, Info                  CSI    00000069 [SR] Verify complete
2014-11-07 15:41:23, Info                  CSI    0000006a [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:41:23, Info                  CSI    0000006b [SR] Beginning Verify and Repair transaction
2014-11-07 15:41:28, Info                  CSI    00000070 [SR] Verify complete
2014-11-07 15:41:29, Info                  CSI    00000071 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:41:29, Info                  CSI    00000072 [SR] Beginning Verify and Repair transaction
2014-11-07 15:41:32, Info                  CSI    00000074 [SR] Verify complete
2014-11-07 15:41:33, Info                  CSI    00000075 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:41:33, Info                  CSI    00000076 [SR] Beginning Verify and Repair transaction
2014-11-07 15:41:36, Info                  CSI    00000079 [SR] Verify complete
2014-11-07 15:41:36, Info                  CSI    0000007a [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:41:36, Info                  CSI    0000007b [SR] Beginning Verify and Repair transaction
2014-11-07 15:41:41, Info                  CSI    00000081 [SR] Verify complete
2014-11-07 15:41:41, Info                  CSI    00000082 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:41:41, Info                  CSI    00000083 [SR] Beginning Verify and Repair transaction
2014-11-07 15:41:48, Info                  CSI    000000a4 [SR] Verify complete
2014-11-07 15:41:48, Info                  CSI    000000a5 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:41:48, Info                  CSI    000000a6 [SR] Beginning Verify and Repair transaction
2014-11-07 15:41:53, Info                  CSI    000000a8 [SR] Verify complete
2014-11-07 15:41:54, Info                  CSI    000000a9 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:41:54, Info                  CSI    000000aa [SR] Beginning Verify and Repair transaction
2014-11-07 15:41:58, Info                  CSI    000000ac [SR] Verify complete
2014-11-07 15:41:58, Info                  CSI    000000ad [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:41:58, Info                  CSI    000000ae [SR] Beginning Verify and Repair transaction
2014-11-07 15:42:03, Info                  CSI    000000b0 [SR] Verify complete
2014-11-07 15:42:04, Info                  CSI    000000b1 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:42:04, Info                  CSI    000000b2 [SR] Beginning Verify and Repair transaction
2014-11-07 15:42:08, Info                  CSI    000000b4 [SR] Verify complete
2014-11-07 15:42:08, Info                  CSI    000000b5 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:42:08, Info                  CSI    000000b6 [SR] Beginning Verify and Repair transaction
2014-11-07 15:42:12, Info                  CSI    000000b8 [SR] Verify complete
2014-11-07 15:42:12, Info                  CSI    000000b9 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:42:12, Info                  CSI    000000ba [SR] Beginning Verify and Repair transaction
2014-11-07 15:42:19, Info                  CSI    000000be [SR] Verify complete
2014-11-07 15:42:19, Info                  CSI    000000bf [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:42:19, Info                  CSI    000000c0 [SR] Beginning Verify and Repair transaction
2014-11-07 15:42:25, Info                  CSI    000000e1 [SR] Verify complete
2014-11-07 15:42:25, Info                  CSI    000000e2 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:42:25, Info                  CSI    000000e3 [SR] Beginning Verify and Repair transaction
2014-11-07 15:42:33, Info                  CSI    000000e5 [SR] Verify complete
2014-11-07 15:42:33, Info                  CSI    000000e6 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:42:33, Info                  CSI    000000e7 [SR] Beginning Verify and Repair transaction
2014-11-07 15:42:40, Info                  CSI    000000eb [SR] Verify complete
2014-11-07 15:42:40, Info                  CSI    000000ec [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:42:40, Info                  CSI    000000ed [SR] Beginning Verify and Repair transaction
2014-11-07 15:42:42, Info                  CSI    000000ef [SR] Verify complete
2014-11-07 15:42:42, Info                  CSI    000000f0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:42:42, Info                  CSI    000000f1 [SR] Beginning Verify and Repair transaction
2014-11-07 15:42:43, Info                  CSI    000000f3 [SR] Verify complete
2014-11-07 15:42:43, Info                  CSI    000000f4 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:42:43, Info                  CSI    000000f5 [SR] Beginning Verify and Repair transaction
2014-11-07 15:42:45, Info                  CSI    000000f7 [SR] Verify complete
2014-11-07 15:42:45, Info                  CSI    000000f8 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:42:45, Info                  CSI    000000f9 [SR] Beginning Verify and Repair transaction
2014-11-07 15:42:53, Info                  CSI    0000010c [SR] Verify complete
2014-11-07 15:42:53, Info                  CSI    0000010d [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:42:53, Info                  CSI    0000010e [SR] Beginning Verify and Repair transaction
2014-11-07 15:42:55, Info                  CSI    00000110 [SR] Verify complete
2014-11-07 15:42:55, Info                  CSI    00000111 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:42:55, Info                  CSI    00000112 [SR] Beginning Verify and Repair transaction
2014-11-07 15:42:56, Info                  CSI    00000114 [SR] Verify complete
2014-11-07 15:42:57, Info                  CSI    00000115 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:42:57, Info                  CSI    00000116 [SR] Beginning Verify and Repair transaction
2014-11-07 15:42:59, Info                  CSI    00000118 [SR] Verify complete
2014-11-07 15:42:59, Info                  CSI    00000119 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:42:59, Info                  CSI    0000011a [SR] Beginning Verify and Repair transaction
2014-11-07 15:43:04, Info                  CSI    0000011d [SR] Verify complete
2014-11-07 15:43:04, Info                  CSI    0000011e [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:43:04, Info                  CSI    0000011f [SR] Beginning Verify and Repair transaction
2014-11-07 15:43:14, Info                  CSI    00000122 [SR] Verify complete
2014-11-07 15:43:14, Info                  CSI    00000123 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:43:14, Info                  CSI    00000124 [SR] Beginning Verify and Repair transaction
2014-11-07 15:43:17, Info                  CSI    00000126 [SR] Verify complete
2014-11-07 15:43:18, Info                  CSI    00000127 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:43:18, Info                  CSI    00000128 [SR] Beginning Verify and Repair transaction
2014-11-07 15:43:20, Info                  CSI    0000012a [SR] Verify complete
2014-11-07 15:43:20, Info                  CSI    0000012b [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:43:20, Info                  CSI    0000012c [SR] Beginning Verify and Repair transaction
2014-11-07 15:43:25, Info                  CSI    0000012e [SR] Verify complete
2014-11-07 15:43:25, Info                  CSI    0000012f [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:43:25, Info                  CSI    00000130 [SR] Beginning Verify and Repair transaction
2014-11-07 15:43:30, Info                  CSI    00000132 [SR] Verify complete
2014-11-07 15:43:30, Info                  CSI    00000133 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:43:30, Info                  CSI    00000134 [SR] Beginning Verify and Repair transaction
2014-11-07 15:43:34, Info                  CSI    00000136 [SR] Verify complete
2014-11-07 15:43:35, Info                  CSI    00000137 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:43:35, Info                  CSI    00000138 [SR] Beginning Verify and Repair transaction
2014-11-07 15:43:45, Info                  CSI    00000150 [SR] Verify complete
2014-11-07 15:43:45, Info                  CSI    00000151 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:43:45, Info                  CSI    00000152 [SR] Beginning Verify and Repair transaction
2014-11-07 15:43:50, Info                  CSI    00000154 [SR] Verify complete
2014-11-07 15:43:50, Info                  CSI    00000155 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:43:50, Info                  CSI    00000156 [SR] Beginning Verify and Repair transaction
2014-11-07 15:44:02, Info                  CSI    00000158 [SR] Verify complete
2014-11-07 15:44:02, Info                  CSI    00000159 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:44:02, Info                  CSI    0000015a [SR] Beginning Verify and Repair transaction
2014-11-07 15:44:09, Info                  CSI    0000015d [SR] Verify complete
2014-11-07 15:44:09, Info                  CSI    0000015e [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:44:09, Info                  CSI    0000015f [SR] Beginning Verify and Repair transaction
2014-11-07 15:44:15, Info                  CSI    00000161 [SR] Verify complete
2014-11-07 15:44:15, Info                  CSI    00000162 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:44:15, Info                  CSI    00000163 [SR] Beginning Verify and Repair transaction
2014-11-07 15:44:20, Info                  CSI    00000165 [SR] Verify complete
2014-11-07 15:44:20, Info                  CSI    00000166 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:44:20, Info                  CSI    00000167 [SR] Beginning Verify and Repair transaction
2014-11-07 15:44:25, Info                  CSI    00000169 [SR] Verify complete
2014-11-07 15:44:25, Info                  CSI    0000016a [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:44:25, Info                  CSI    0000016b [SR] Beginning Verify and Repair transaction
2014-11-07 15:44:29, Info                  CSI    0000016d [SR] Verify complete
2014-11-07 15:44:29, Info                  CSI    0000016e [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:44:29, Info                  CSI    0000016f [SR] Beginning Verify and Repair transaction
2014-11-07 15:44:33, Info                  CSI    00000173 [SR] Verify complete
2014-11-07 15:44:34, Info                  CSI    00000174 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:44:34, Info                  CSI    00000175 [SR] Beginning Verify and Repair transaction
2014-11-07 15:44:44, Info                  CSI    00000177 [SR] Verify complete
2014-11-07 15:44:45, Info                  CSI    00000178 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:44:45, Info                  CSI    00000179 [SR] Beginning Verify and Repair transaction
2014-11-07 15:44:50, Info                  CSI    0000017c [SR] Verify complete
2014-11-07 15:44:51, Info                  CSI    0000017d [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:44:51, Info                  CSI    0000017e [SR] Beginning Verify and Repair transaction
2014-11-07 15:44:55, Info                  CSI    00000180 [SR] Verify complete
2014-11-07 15:44:55, Info                  CSI    00000181 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:44:55, Info                  CSI    00000182 [SR] Beginning Verify and Repair transaction
2014-11-07 15:45:00, Info                  CSI    00000185 [SR] Verify complete
2014-11-07 15:45:00, Info                  CSI    00000186 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:45:00, Info                  CSI    00000187 [SR] Beginning Verify and Repair transaction
2014-11-07 15:45:09, Info                  CSI    0000018a [SR] Verify complete
2014-11-07 15:45:09, Info                  CSI    0000018b [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:45:09, Info                  CSI    0000018c [SR] Beginning Verify and Repair transaction
2014-11-07 15:45:14, Info                  CSI    0000018e [SR] Verify complete
2014-11-07 15:45:14, Info                  CSI    0000018f [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:45:14, Info                  CSI    00000190 [SR] Beginning Verify and Repair transaction
2014-11-07 15:45:19, Info                  CSI    00000192 [SR] Verify complete
2014-11-07 15:45:19, Info                  CSI    00000193 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:45:19, Info                  CSI    00000194 [SR] Beginning Verify and Repair transaction
2014-11-07 15:45:24, Info                  CSI    00000196 [SR] Verify complete
2014-11-07 15:45:24, Info                  CSI    00000197 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:45:24, Info                  CSI    00000198 [SR] Beginning Verify and Repair transaction
2014-11-07 15:45:32, Info                  CSI    0000019b [SR] Verify complete
2014-11-07 15:45:32, Info                  CSI    0000019c [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:45:32, Info                  CSI    0000019d [SR] Beginning Verify and Repair transaction
2014-11-07 15:45:36, Info                  CSI    0000019f [SR] Verify complete
2014-11-07 15:45:36, Info                  CSI    000001a0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:45:36, Info                  CSI    000001a1 [SR] Beginning Verify and Repair transaction
2014-11-07 15:45:41, Info                  CSI    000001a3 [SR] Verify complete
2014-11-07 15:45:41, Info                  CSI    000001a4 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:45:41, Info                  CSI    000001a5 [SR] Beginning Verify and Repair transaction
2014-11-07 15:45:46, Info                  CSI    000001a8 [SR] Verify complete
2014-11-07 15:45:46, Info                  CSI    000001a9 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:45:46, Info                  CSI    000001aa [SR] Beginning Verify and Repair transaction
2014-11-07 15:45:51, Info                  CSI    000001ae [SR] Verify complete
2014-11-07 15:45:52, Info                  CSI    000001af [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:45:52, Info                  CSI    000001b0 [SR] Beginning Verify and Repair transaction
2014-11-07 15:45:58, Info                  CSI    000001b2 [SR] Verify complete
2014-11-07 15:45:58, Info                  CSI    000001b3 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:45:58, Info                  CSI    000001b4 [SR] Beginning Verify and Repair transaction
2014-11-07 15:46:05, Info                  CSI    000001b7 [SR] Verify complete
2014-11-07 15:46:05, Info                  CSI    000001b8 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:46:05, Info                  CSI    000001b9 [SR] Beginning Verify and Repair transaction
2014-11-07 15:46:14, Info                  CSI    000001bb [SR] Verify complete
2014-11-07 15:46:14, Info                  CSI    000001bc [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:46:14, Info                  CSI    000001bd [SR] Beginning Verify and Repair transaction
2014-11-07 15:46:15, Info                  CSI    000001bf [SR] Verify complete
2014-11-07 15:46:15, Info                  CSI    000001c0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:46:15, Info                  CSI    000001c1 [SR] Beginning Verify and Repair transaction
2014-11-07 15:46:19, Info                  CSI    000001c3 [SR] Verify complete
2014-11-07 15:46:19, Info                  CSI    000001c4 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:46:19, Info                  CSI    000001c5 [SR] Beginning Verify and Repair transaction
2014-11-07 15:46:21, Info                  CSI    000001c7 [SR] Verify complete
2014-11-07 15:46:21, Info                  CSI    000001c8 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:46:21, Info                  CSI    000001c9 [SR] Beginning Verify and Repair transaction
2014-11-07 15:46:27, Info                  CSI    000001cb [SR] Verify complete
2014-11-07 15:46:27, Info                  CSI    000001cc [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:46:27, Info                  CSI    000001cd [SR] Beginning Verify and Repair transaction
2014-11-07 15:46:33, Info                  CSI    000001cf [SR] Verify complete
2014-11-07 15:46:33, Info                  CSI    000001d0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:46:33, Info                  CSI    000001d1 [SR] Beginning Verify and Repair transaction
2014-11-07 15:46:35, Info                  CSI    000001d3 [SR] Verify complete
2014-11-07 15:46:35, Info                  CSI    000001d4 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:46:35, Info                  CSI    000001d5 [SR] Beginning Verify and Repair transaction
2014-11-07 15:46:39, Info                  CSI    000001d7 [SR] Verify complete
2014-11-07 15:46:40, Info                  CSI    000001d8 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:46:40, Info                  CSI    000001d9 [SR] Beginning Verify and Repair transaction
2014-11-07 15:46:52, Info                  CSI    000001db [SR] Verify complete
2014-11-07 15:46:53, Info                  CSI    000001dc [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:46:53, Info                  CSI    000001dd [SR] Beginning Verify and Repair transaction
2014-11-07 15:46:55, Info                  CSI    000001df [SR] Verify complete
2014-11-07 15:46:55, Info                  CSI    000001e0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:46:55, Info                  CSI    000001e1 [SR] Beginning Verify and Repair transaction
2014-11-07 15:46:58, Info                  CSI    000001e3 [SR] Verify complete
2014-11-07 15:46:58, Info                  CSI    000001e4 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:46:58, Info                  CSI    000001e5 [SR] Beginning Verify and Repair transaction
2014-11-07 15:47:00, Info                  CSI    000001e7 [SR] Verify complete
2014-11-07 15:47:00, Info                  CSI    000001e8 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:47:00, Info                  CSI    000001e9 [SR] Beginning Verify and Repair transaction
2014-11-07 15:47:04, Info                  CSI    000001eb [SR] Verify complete
2014-11-07 15:47:04, Info                  CSI    000001ec [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:47:04, Info                  CSI    000001ed [SR] Beginning Verify and Repair transaction
2014-11-07 15:47:07, Info                  CSI    000001ef [SR] Verify complete
2014-11-07 15:47:07, Info                  CSI    000001f0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:47:07, Info                  CSI    000001f1 [SR] Beginning Verify and Repair transaction
2014-11-07 15:47:09, Info                  CSI    000001f3 [SR] Verify complete
2014-11-07 15:47:09, Info                  CSI    000001f4 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:47:09, Info                  CSI    000001f5 [SR] Beginning Verify and Repair transaction
2014-11-07 15:47:11, Info                  CSI    000001f7 [SR] Verify complete
2014-11-07 15:47:11, Info                  CSI    000001f8 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:47:11, Info                  CSI    000001f9 [SR] Beginning Verify and Repair transaction
2014-11-07 15:47:15, Info                  CSI    000001fb [SR] Verify complete
2014-11-07 15:47:15, Info                  CSI    000001fc [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:47:15, Info                  CSI    000001fd [SR] Beginning Verify and Repair transaction
2014-11-07 15:47:19, Info                  CSI    00000205 [SR] Verify complete
2014-11-07 15:47:20, Info                  CSI    00000206 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:47:20, Info                  CSI    00000207 [SR] Beginning Verify and Repair transaction
2014-11-07 15:47:24, Info                  CSI    00000209 [SR] Verify complete
2014-11-07 15:47:24, Info                  CSI    0000020a [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:47:24, Info                  CSI    0000020b [SR] Beginning Verify and Repair transaction
2014-11-07 15:47:27, Info                  CSI    0000020d [SR] Verify complete
2014-11-07 15:47:27, Info                  CSI    0000020e [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:47:27, Info                  CSI    0000020f [SR] Beginning Verify and Repair transaction
2014-11-07 15:47:32, Info                  CSI    00000211 [SR] Verify complete
2014-11-07 15:47:32, Info                  CSI    00000212 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:47:32, Info                  CSI    00000213 [SR] Beginning Verify and Repair transaction
2014-11-07 15:47:39, Info                  CSI    00000216 [SR] Verify complete
2014-11-07 15:47:39, Info                  CSI    00000217 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:47:39, Info                  CSI    00000218 [SR] Beginning Verify and Repair transaction
2014-11-07 15:47:44, Info                  CSI    0000021a [SR] Verify complete
2014-11-07 15:47:45, Info                  CSI    0000021b [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:47:45, Info                  CSI    0000021c [SR] Beginning Verify and Repair transaction
2014-11-07 15:47:46, Info                  CSI    0000021e [SR] Verify complete
2014-11-07 15:47:46, Info                  CSI    0000021f [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:47:46, Info                  CSI    00000220 [SR] Beginning Verify and Repair transaction
2014-11-07 15:47:52, Info                  CSI    00000222 [SR] Verify complete
2014-11-07 15:47:53, Info                  CSI    00000223 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:47:53, Info                  CSI    00000224 [SR] Beginning Verify and Repair transaction
2014-11-07 15:48:04, Info                  CSI    00000229 [SR] Verify complete
2014-11-07 15:48:04, Info                  CSI    0000022a [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:48:04, Info                  CSI    0000022b [SR] Beginning Verify and Repair transaction
2014-11-07 15:48:11, Info                  CSI    00000230 [SR] Verify complete
2014-11-07 15:48:12, Info                  CSI    00000231 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:48:12, Info                  CSI    00000232 [SR] Beginning Verify and Repair transaction
2014-11-07 15:48:18, Info                  CSI    00000236 [SR] Verify complete
2014-11-07 15:48:18, Info                  CSI    00000237 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:48:18, Info                  CSI    00000238 [SR] Beginning Verify and Repair transaction
2014-11-07 15:48:25, Info                  CSI    00000242 [SR] Verify complete
2014-11-07 15:48:25, Info                  CSI    00000243 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:48:25, Info                  CSI    00000244 [SR] Beginning Verify and Repair transaction
2014-11-07 15:48:31, Info                  CSI    0000024a [SR] Verify complete
2014-11-07 15:48:31, Info                  CSI    0000024b [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:48:31, Info                  CSI    0000024c [SR] Beginning Verify and Repair transaction
2014-11-07 15:48:36, Info                  CSI    0000024e [SR] Verify complete
2014-11-07 15:48:36, Info                  CSI    0000024f [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:48:36, Info                  CSI    00000250 [SR] Beginning Verify and Repair transaction
2014-11-07 15:48:39, Info                  CSI    00000254 [SR] Verify complete
2014-11-07 15:48:39, Info                  CSI    00000255 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:48:39, Info                  CSI    00000256 [SR] Beginning Verify and Repair transaction
2014-11-07 15:48:43, Info                  CSI    00000263 [SR] Verify complete
2014-11-07 15:48:43, Info                  CSI    00000264 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:48:43, Info                  CSI    00000265 [SR] Beginning Verify and Repair transaction
2014-11-07 15:48:49, Info                  CSI    0000027f [SR] Verify complete
2014-11-07 15:48:49, Info                  CSI    00000280 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:48:49, Info                  CSI    00000281 [SR] Beginning Verify and Repair transaction
2014-11-07 15:48:53, Info                  CSI    00000283 [SR] Verify complete
2014-11-07 15:48:54, Info                  CSI    00000284 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:48:54, Info                  CSI    00000285 [SR] Beginning Verify and Repair transaction
2014-11-07 15:48:58, Info                  CSI    00000287 [SR] Verify complete
2014-11-07 15:48:58, Info                  CSI    00000288 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:48:58, Info                  CSI    00000289 [SR] Beginning Verify and Repair transaction
2014-11-07 15:49:02, Info                  CSI    0000028b [SR] Verify complete
2014-11-07 15:49:02, Info                  CSI    0000028c [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:49:02, Info                  CSI    0000028d [SR] Beginning Verify and Repair transaction
2014-11-07 15:49:06, Info                  CSI    0000029b [SR] Verify complete
2014-11-07 15:49:06, Info                  CSI    0000029c [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:49:06, Info                  CSI    0000029d [SR] Beginning Verify and Repair transaction
2014-11-07 15:49:11, Info                  CSI    0000029f [SR] Verify complete
2014-11-07 15:49:11, Info                  CSI    000002a0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:49:11, Info                  CSI    000002a1 [SR] Beginning Verify and Repair transaction
2014-11-07 15:49:18, Info                  CSI    000002af [SR] Verify complete
2014-11-07 15:49:18, Info                  CSI    000002b0 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:49:18, Info                  CSI    000002b1 [SR] Beginning Verify and Repair transaction
2014-11-07 15:49:20, Info                  CSI    000002b3 [SR] Verify complete
2014-11-07 15:49:20, Info                  CSI    000002b4 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:49:20, Info                  CSI    000002b5 [SR] Beginning Verify and Repair transaction
2014-11-07 15:49:26, Info                  CSI    000002b8 [SR] Verify complete
2014-11-07 15:49:26, Info                  CSI    000002b9 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:49:26, Info                  CSI    000002ba [SR] Beginning Verify and Repair transaction
2014-11-07 15:49:28, Info                  CSI    000002bc [SR] Verify complete
2014-11-07 15:49:29, Info                  CSI    000002bd [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:49:29, Info                  CSI    000002be [SR] Beginning Verify and Repair transaction
2014-11-07 15:49:30, Info                  CSI    000002c0 [SR] Verify complete
2014-11-07 15:49:30, Info                  CSI    000002c1 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:49:30, Info                  CSI    000002c2 [SR] Beginning Verify and Repair transaction
2014-11-07 15:49:36, Info                  CSI    000002c4 [SR] Verify complete
2014-11-07 15:49:36, Info                  CSI    000002c5 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:49:36, Info                  CSI    000002c6 [SR] Beginning Verify and Repair transaction
2014-11-07 15:49:39, Info                  CSI    000002c8 [SR] Verify complete
2014-11-07 15:49:40, Info                  CSI    000002c9 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:49:40, Info                  CSI    000002ca [SR] Beginning Verify and Repair transaction
2014-11-07 15:49:47, Info                  CSI    000002e4 [SR] Verify complete
2014-11-07 15:49:47, Info                  CSI    000002e5 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:49:47, Info                  CSI    000002e6 [SR] Beginning Verify and Repair transaction
2014-11-07 15:49:51, Info                  CSI    000002e8 [SR] Verify complete
2014-11-07 15:49:52, Info                  CSI    000002e9 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:49:52, Info                  CSI    000002ea [SR] Beginning Verify and Repair transaction
2014-11-07 15:50:02, Info                  CSI    000002ec [SR] Verify complete
2014-11-07 15:50:02, Info                  CSI    000002ed [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:50:02, Info                  CSI    000002ee [SR] Beginning Verify and Repair transaction
2014-11-07 15:50:06, Info                  CSI    000002f0 [SR] Verify complete
2014-11-07 15:50:06, Info                  CSI    000002f1 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:50:06, Info                  CSI    000002f2 [SR] Beginning Verify and Repair transaction
2014-11-07 15:50:09, Info                  CSI    000002f6 [SR] Verify complete
2014-11-07 15:50:09, Info                  CSI    000002f7 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:50:09, Info                  CSI    000002f8 [SR] Beginning Verify and Repair transaction
2014-11-07 15:50:12, Info                  CSI    000002fa [SR] Verify complete
2014-11-07 15:50:12, Info                  CSI    000002fb [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:50:12, Info                  CSI    000002fc [SR] Beginning Verify and Repair transaction
2014-11-07 15:50:17, Info                  CSI    000002fe [SR] Verify complete
2014-11-07 15:50:17, Info                  CSI    000002ff [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:50:17, Info                  CSI    00000300 [SR] Beginning Verify and Repair transaction
2014-11-07 15:50:20, Info                  CSI    00000302 [SR] Verify complete
2014-11-07 15:50:20, Info                  CSI    00000303 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:50:20, Info                  CSI    00000304 [SR] Beginning Verify and Repair transaction
2014-11-07 15:50:25, Info                  CSI    00000307 [SR] Verify complete
2014-11-07 15:50:25, Info                  CSI    00000308 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:50:25, Info                  CSI    00000309 [SR] Beginning Verify and Repair transaction
2014-11-07 15:50:28, Info                  CSI    0000030b [SR] Verify complete
2014-11-07 15:50:28, Info                  CSI    0000030c [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:50:28, Info                  CSI    0000030d [SR] Beginning Verify and Repair transaction
2014-11-07 15:50:31, Info                  CSI    0000030f [SR] Verify complete
2014-11-07 15:50:31, Info                  CSI    00000310 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:50:31, Info                  CSI    00000311 [SR] Beginning Verify and Repair transaction
2014-11-07 15:50:35, Info                  CSI    00000313 [SR] Verify complete
2014-11-07 15:50:35, Info                  CSI    00000314 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:50:35, Info                  CSI    00000315 [SR] Beginning Verify and Repair transaction
2014-11-07 15:50:42, Info                  CSI    00000318 [SR] Verify complete
2014-11-07 15:50:42, Info                  CSI    00000319 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:50:42, Info                  CSI    0000031a [SR] Beginning Verify and Repair transaction
2014-11-07 15:50:45, Info                  CSI    0000031c [SR] Verify complete
2014-11-07 15:50:46, Info                  CSI    0000031d [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:50:46, Info                  CSI    0000031e [SR] Beginning Verify and Repair transaction
2014-11-07 15:50:50, Info                  CSI    00000320 [SR] Verify complete
2014-11-07 15:50:50, Info                  CSI    00000321 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:50:50, Info                  CSI    00000322 [SR] Beginning Verify and Repair transaction
2014-11-07 15:50:55, Info                  CSI    00000324 [SR] Verify complete
2014-11-07 15:50:55, Info                  CSI    00000325 [SR] Verifying 100 (0x0000000000000064) components
2014-11-07 15:50:55, Info                  CSI    00000326 [SR] Beginning Verify and Repair transaction
2014-11-07 15:51:00, Info                  CSI    00000328 [SR] Verify complete
2014-11-07 15:51:00, Info                  CSI    00000329 [SR] Verifying 33 (0x0000000000000021) components
2014-11-07 15:51:00, Info                  CSI    0000032a [SR] Beginning Verify and Repair transaction
2014-11-07 15:51:01, Info                  CSI    0000032c [SR] Verify complete
2014-11-07 15:51:01, Info                  CSI    0000032d [SR] Repairing 0 components
2014-11-07 15:51:01, Info                  CSI    0000032e [SR] Beginning Verify and Repair transaction
2014-11-07 15:51:01, Info                  CSI    00000330 [SR] Repair complete
 


feb21c5184d0069ad579af0763b92356.jpg  Don't cry because it has ended, instead rejoice because it happened. - Gabriel Garcia Marquez, adapted by Dr. Seuss!!!


#21 Juliusmaximus

Juliusmaximus

    Authentic Member

  • Authentic Member
  • PipPip
  • 113 posts

Posted 07 November 2014 - 04:58 PM

I forgot to mention I created the system restore first, prior to failed check disk

 

Farbar Service Scanner Version: 21-07-2014
Ran by Ortiz Family (administrator) on 07-11-2014 at 15:55:19
Running from "C:\Users\Ortiz Family\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****


Edited by Juliusmaximus, 07 November 2014 - 05:46 PM.

feb21c5184d0069ad579af0763b92356.jpg  Don't cry because it has ended, instead rejoice because it happened. - Gabriel Garcia Marquez, adapted by Dr. Seuss!!!


#22 Juliusmaximus

Juliusmaximus

    Authentic Member

  • Authentic Member
  • PipPip
  • 113 posts

Posted 07 November 2014 - 05:49 PM

As per computer performance, it is much more stable again.  I'm sure you were able to gather I am still running Malware bytes anti malware (trial version) and Microsoft Security Essentials, are these adequate or what would you better recommend? 

Thank You.


feb21c5184d0069ad579af0763b92356.jpg  Don't cry because it has ended, instead rejoice because it happened. - Gabriel Garcia Marquez, adapted by Dr. Seuss!!!


#23 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 07 November 2014 - 07:00 PM

Hi Julio,
 
We can discuss security programmes, and methods for reducing the risk of reinfection at the end of this process. :)
 
Due to an error in one of your logs, it's important we run CHKDSK. Try this alternative method.
 
MgeHyNE.png CHKDSK (Alternative Method)

  • Note: If you have a Solid State Drive (SSD), do not run CHKDSK.
  • Click Start and type CMD in the Search Bar. Right-Click CMD.exe and select AVOiBNU.jpg Run as administrator.
  • In the command window type the following and press Enter on your keyboard.
    chkdsk c: /x /r
  • If you are prompted to schedule CHKDSK to run the next time the computer restarts, type y and press Enter on your keyboard.
  • Type Exit and press Enter on your keyboard.
  • Restart your computer. CHKDSK will automatically run.
  • Note: This process can take up to an hour
  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type eventvwr.msc and click OK.
  • Click Windows Logs.
  • Right-click Application and click Find.
    • If CHKDSK ran within Windows (you didn't have to restart the computer), type Chkdsk into the text field and click Find Next. The log should appear. Highlight the text, Copy and paste in your next reply.
    • If CHKDSK ran after a restart, type Winlogon (XP) / Wininit (Vista/7) / Chkdsk (8) into the text field and click Find Next. The log should appear. Highlight the text, Copy and paste in your next reply.
  • ​For instructions accompanied by screenshots, please refer to the following article

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#24 Juliusmaximus

Juliusmaximus

    Authentic Member

  • Authentic Member
  • PipPip
  • 113 posts

Posted 08 November 2014 - 08:54 AM

The chkdsk ran upon restart, completed but I can not find the log.  Followed screenshot example: Windows Key > eventvwr.msc > Windows Logs > Right-click Application (Find option is "grayed" out and unavailable).  Suggestions?

Attached Thumbnails

  • Event Viewer Screenshot.jpg

Edited by Juliusmaximus, 08 November 2014 - 08:55 AM.

feb21c5184d0069ad579af0763b92356.jpg  Don't cry because it has ended, instead rejoice because it happened. - Gabriel Garcia Marquez, adapted by Dr. Seuss!!!


#25 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 08 November 2014 - 02:09 PM

Hi Julio, 

 

Try Option 2 in the article linked at the end of my instructions. 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

    Advertisements

Register to Remove


#26 Juliusmaximus

Juliusmaximus

    Authentic Member

  • Authentic Member
  • PipPip
  • 113 posts

Posted 08 November 2014 - 11:41 PM

Well that was easy!!! :) and voila...

 

TimeCreated : 11/8/2014 11:23:55 AM
Message     :
             
              Checking file system on C:
              The type of the file system is NTFS.
              Volume label is OS.
             
              A disk check has been scheduled.
              Windows will now check the disk.                        
             
              CHKDSK is verifying files (stage 1 of 5)...
                624128 file records processed.                                
                     
              File verification completed.
                1223 large file records processed.                            
                   
                0 bad file records processed.                                 
                
                0 EA records processed.                                       
                
                43 reparse records processed.                                 
                 
              CHKDSK is verifying indexes (stage 2 of 5)...
                722442 index entries processed.                               
                     
              Index verification completed.
                0 unindexed files scanned.                                    
                
                0 unindexed files recovered.                                  
                
              CHKDSK is verifying security descriptors (stage 3 of 5)...
                624128 file SDs/SIDs processed.                               
                     
              Cleaning up 8 unused index entries from index $SII of file 0x9.
              Cleaning up 8 unused index entries from index $SDH of file 0x9.
              Cleaning up 8 unused security descriptors.
              Security descriptor verification completed.
                49158 data files processed.                                   
                    
              CHKDSK is verifying Usn Journal...
                34233296 USN bytes processed.                                 
                       
              Usn Journal verification completed.
              CHKDSK is verifying file data (stage 4 of 5)...
                624112 files processed.                                       
                     
              File data verification completed.
              CHKDSK is verifying free space (stage 5 of 5)...
                158654657 free clusters processed.                            
                        
              Free space verification is complete.
              Windows has checked the file system and found no problems.
             
               963119103 KB total disk space.
               327611628 KB in 235172 files.
                  132620 KB in 49159 indexes.
                       0 KB in bad sectors.
                  756227 KB in use by the system.
                   65536 KB occupied by the log file.
               634618628 KB available on disk.
             
                    4096 bytes in each allocation unit.
               240779775 total allocation units on disk.
               158654657 allocation units available on disk.
             
              Internal Info:
              00 86 09 00 b7 56 04 00 cb c3 07 00 00 00 00 00  .....V..........
              a9 3d 00 00 2b 00 00 00 00 00 00 00 00 00 00 00  .=..+...........
              00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
             
              Windows has finished checking your disk.
              Please wait while your computer restarts.
             

TimeCreated : 11/8/2014 5:30:11 AM
Message     :
             
              Checking file system on C:
              The type of the file system is NTFS.
              Volume label is OS.
             
              A disk check has been scheduled.
              Windows will now check the disk.                        
             
              CHKDSK is verifying files (stage 1 of 5)...
                624128 file records processed.                                
                     
              File verification completed.
                1223 large file records processed.                            
                   
                0 bad file records processed.                                 
                
                0 EA records processed.                                       
                
                43 reparse records processed.                                 
                 
              CHKDSK is verifying indexes (stage 2 of 5)...
                722428 index entries processed.                               
                     
              Index verification completed.
                0 unindexed files scanned.                                    
                
                0 unindexed files recovered.                                  
                
              CHKDSK is verifying security descriptors (stage 3 of 5)...
                624128 file SDs/SIDs processed.                               
                     
              Cleaning up 8 unused index entries from index $SII of file 0x9.
              Cleaning up 8 unused index entries from index $SDH of file 0x9.
              Cleaning up 8 unused security descriptors.
              Security descriptor verification completed.
                49151 data files processed.                                   
                    
              CHKDSK is verifying Usn Journal...
                37464288 USN bytes processed.                                 
                       
              Usn Journal verification completed.
              CHKDSK is verifying file data (stage 4 of 5)...
                624112 files processed.                                       
                     
              File data verification completed.
              CHKDSK is verifying free space (stage 5 of 5)...
                158659261 free clusters processed.                            
                        
              Free space verification is complete.
              Windows has checked the file system and found no problems.
             
               963119103 KB total disk space.
               327590176 KB in 234672 files.
                  132588 KB in 49152 indexes.
                       0 KB in bad sectors.
                  759295 KB in use by the system.
                   65536 KB occupied by the log file.
               634637044 KB available on disk.
             
                    4096 bytes in each allocation unit.
               240779775 total allocation units on disk.
               158659261 allocation units available on disk.
             
              Internal Info:
              00 86 09 00 bc 54 04 00 fa bf 07 00 00 00 00 00  .....T..........
              a7 3d 00 00 2b 00 00 00 00 00 00 00 00 00 00 00  .=..+...........
              00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
             
              Windows has finished checking your disk.
              Please wait while your computer restarts.
             

TimeCreated : 11/7/2014 10:15:10 PM
Message     :
             
              Checking file system on C:
              The type of the file system is NTFS.
              Volume label is OS.
             
              A disk check has been scheduled.
              Windows will now check the disk.                        
             
              CHKDSK is verifying files (stage 1 of 5)...
                624128 file records processed.                                
                     
              File verification completed.
                1223 large file records processed.                            
                   
                0 bad file records processed.                                 
                
                0 EA records processed.                                       
                
                43 reparse records processed.                                 
                 
              CHKDSK is verifying indexes (stage 2 of 5)...
                722418 index entries processed.                               
                     
              Index verification completed.
                0 unindexed files scanned.                                    
                
                0 unindexed files recovered.                                  
                
              CHKDSK is verifying security descriptors (stage 3 of 5)...
                624128 file SDs/SIDs processed.                               
                     
              Cleaning up 74 unused index entries from index $SII of file 0x9.
              Cleaning up 74 unused index entries from index $SDH of file 0x9.
              Cleaning up 74 unused security descriptors.
              Security descriptor verification completed.
                49146 data files processed.                                   
                    
              CHKDSK is verifying Usn Journal...
                35841656 USN bytes processed.                                 
                       
              Usn Journal verification completed.
              CHKDSK is verifying file data (stage 4 of 5)...
                624112 files processed.                                       
                     
              File data verification completed.
              CHKDSK is verifying free space (stage 5 of 5)...
                158673559 free clusters processed.                            
                        
              Free space verification is complete.
              Windows has checked the file system and found no problems.
             
               963119103 KB total disk space.
               327534536 KB in 234622 files.
                  132572 KB in 49147 indexes.
                       0 KB in bad sectors.
                  757759 KB in use by the system.
                   65536 KB occupied by the log file.
               634694236 KB available on disk.
             
                    4096 bytes in each allocation unit.
               240779775 total allocation units on disk.
               158673559 allocation units available on disk.
             
              Internal Info:
              00 86 09 00 85 54 04 00 5d bf 07 00 00 00 00 00  .....T..].......
              a7 3d 00 00 2b 00 00 00 00 00 00 00 00 00 00 00  .=..+...........
              00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
             
              Windows has finished checking your disk.
              Please wait while your computer restarts.


feb21c5184d0069ad579af0763b92356.jpg  Don't cry because it has ended, instead rejoice because it happened. - Gabriel Garcia Marquez, adapted by Dr. Seuss!!!


#27 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 09 November 2014 - 01:42 AM

Hi Julio, 
 
Logs look OK. 
We need to check for remnants. 
 
Let me know how your PC is performing afterwards. 
 
STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 2
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM Scan log
  • ESET Online Scan log
  • How is your PC performing?

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#28 Juliusmaximus

Juliusmaximus

    Authentic Member

  • Authentic Member
  • PipPip
  • 113 posts

Posted 09 November 2014 - 04:09 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/9/2014
Scan Time: 9:55:27 AM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.09.05
Rootkit Database: v2014.11.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ortiz Family

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341787
Time Elapsed: 13 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
Trojan.Agent, C:\ProgramData\Windows Genuine Advantage\{53B13453-4351-4FCA-B899-4D5F649373B9}\msiexec.exe, Quarantined, [58fc2217d4a8a59123aee27a0af6bd43],
Trojan.Agent.ED, C:\ProgramData\Windows Genuine Advantage\{6CCEC5F1-0199-40F2-BAAD-1B2EFB36A604}\msiexec.exe, Quarantined, [5202c574156733038e07d8074ab7d62a],
Trojan.Zemot, C:\ProgramData\Windows Genuine Advantage\{DAF01E58-2B00-4790-B4F9-EA5BAFC61976}\msiexec.exe, Quarantined, [d08413263b41a591e59cde0139c85ea2],

Physical Sectors: 0
(No malicious items detected)

(end)


Edited by Juliusmaximus, 09 November 2014 - 04:10 PM.

feb21c5184d0069ad579af0763b92356.jpg  Don't cry because it has ended, instead rejoice because it happened. - Gabriel Garcia Marquez, adapted by Dr. Seuss!!!


#29 Juliusmaximus

Juliusmaximus

    Authentic Member

  • Authentic Member
  • PipPip
  • 113 posts

Posted 09 November 2014 - 04:23 PM

Eset coming soon.  computer is running efficiently, the only thing I notice is "shut down" takes an excessively long time to actually shut down during reboots, so much so that I have to power down manually, then upon start up the alert "blue screen" your system unexpectedly....  But while the computer is in use it is running efficiently.  


Edited by Juliusmaximus, 09 November 2014 - 05:57 PM.

feb21c5184d0069ad579af0763b92356.jpg  Don't cry because it has ended, instead rejoice because it happened. - Gabriel Garcia Marquez, adapted by Dr. Seuss!!!


#30 Juliusmaximus

Juliusmaximus

    Authentic Member

  • Authentic Member
  • PipPip
  • 113 posts

Posted 09 November 2014 - 08:42 PM

C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\AdwCleaner\Quarantine\C\Users\Ortiz Family\AppData\LocalLow\vshare.tv_Bar\ldrtbvsha.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ortiz Family\AppData\LocalLow\vshare.tv_Bar\tbvsha.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Downloads\VipBoxSportsApp_setup(14).exe Win32/Adware.1ClickDownload.G application
C:\Downloads\vshare-plugin-v7.exe a variant of Win32/Toolbar.Conduit.AI potentially unwanted application
C:\FRST\Quarantine\C\Users\Ortiz Family\AppData\Local\pyjp1zv.exe.xBAD Win32/Adware.XPAntiSpyware.AH application
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Windows Genuine Advantage\{1CB42FC4-D2BA-43FD-9B8B-E0B8EC5D2A35}\msiexec.exe a variant of Win32/Kryptik.CPHG trojan
C:\ProgramData\Windows Genuine Advantage\{AC353D82-A487-4951-A2F2-3B24F64180AE}\msiexec.exe a variant of Win32/Kryptik.CPHG trojan
C:\Qoobox\Quarantine\C\Users\Ortiz Family\AppData\Local\bcikmao.dll.vir a variant of Win32/TrojanProxy.Agent.NYP trojan
C:\Qoobox\Quarantine\C\Users\Ortiz Family\AppData\Local\edg9CA1.exe.vir Win32/Dridex.E trojan
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Speed Test (4354)\AddonsFramework.Typelib.dll a variant of Win32/Toolbar.Besttoolbars.H potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Speed Test (4354)\AddonsFramework.Typelib64.dll a variant of Win64/Toolbar.Besttoolbars.B potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Speed Test (4354)\BackgroundHost.exe Win32/Toolbar.Besttoolbars.G potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Speed Test (4354)\BackgroundHost64.exe Win64/Toolbar.Besttoolbars.A potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Speed Test (4354)\ButtonSite.dll a variant of Win32/Toolbar.Besttoolbars.H potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Speed Test (4354)\ButtonSite64.dll a variant of Win32/Toolbar.Besttoolbars.H potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Speed Test (4354)\ScriptHost.dll a variant of Win32/Toolbar.Besttoolbars.H potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Speed Test (4354)\ScriptHost64.dll a variant of Win32/Toolbar.Besttoolbars.H potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Users\Ortiz Family\AppData\Roaming\freegames4357\install_helper.exe a variant of Win32/bProtector.H potentially unwanted application
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinDownloadergen.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Windows Genuine Advantage\{1CB42FC4-D2BA-43FD-9B8B-E0B8EC5D2A35}\msiexec.exe a variant of Win32/Kryptik.CPHG trojan
C:\Users\All Users\Windows Genuine Advantage\{AC353D82-A487-4951-A2F2-3B24F64180AE}\msiexec.exe a variant of Win32/Kryptik.CPHG trojan
C:\Users\Ortiz Family\Downloads\Ocean screen saver\Ocean Life Aquarium Animated Wallpaper Collection_secure.exe Win32/TopMedia.A potentially unwanted application
C:\Windows\pss\f0c92b9.exe.Startup Win32/Filecoder.CO trojan
C:\Windows\pss\f0c92b9.exe.vir.Startup Win32/Filecoder.CO trojan


feb21c5184d0069ad579af0763b92356.jpg  Don't cry because it has ended, instead rejoice because it happened. - Gabriel Garcia Marquez, adapted by Dr. Seuss!!!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users