Page 1 of 3 123 Last
  1. #1

    WU Thread 17707 - For BrianDrab

    scannow found corrupt files but was unable to fix


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,605

    Re: WU Thread 17707 - For BrianDrab

    Hi mclevin88. In order to determine whether the issues you are having are related to malware, please provide the logs requested in this topic: Malware Removal Posting Instructions


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,956

    Re: WU Thread 17707 - For BrianDrab

    I'm posting the logs here for convenience and then will post a fix.
    Attached Files Attached Files

  4. #4

    Re: WU Thread 17707 - For BrianDrab

    Thanks. I'll assume that for now you don't need anything else from me.

  5. #5
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,956

    Re: WU Thread 17707 - For BrianDrab

    OK, let's get started.

    Step#1 - Warnings
    #1 - The Dangers of P2P Programs
    IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
    You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

    Here are some information sources about the dangers of P2P programs:
    FBI - Peer to Peer Scams
    USA Today Artticle on P2P Programs
    File Sharing Infects 500,000 Computers

    I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

    It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.

    Please uninstall the following Peer-to-Peer program(s): qBittorrent 3.2.4

    #2 - Registry Cleaning

    I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.
    Answers to common security questions - Best Practices - Anti-Virus and Anti-Malware Software
    miekiemoes' Blog: Registry Cleaners and System Tweaking Tools


    Step#2 - Re-install Chrome

    Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
    1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
    2. Then I need you to go Google Sync and sign into your account
    3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
    4. Now we need to uninstall chrome. Note: When asked about user data or settings you must remove this also so please check the box.
    5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
    6. Import your bookmarks back into Chrome
    7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

    Step#3 - Uninstalls
    Please uninstall the following programs one at a time. Instructions for doing so are here.
    If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.
    Hola™ 1.10.317 - Better Internet - (see here, here, here and here if you need convincing)
    Skype Click to Call


    Step#4 - FRST Fix
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    1. Download attached file and save it to the Desktop.
    Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
    2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
    3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.


    Step#5 - AdWCleaner
    1. Please download AdwCleaner by Xplode onto your desktop.
    2. Close all open programs and internet browsers.
    3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool. Click I agree if you agree with the terms of use.
    4. Click on Scan.
    5. After the scan is complete click on "Cleaning"
    6. Confirm each time with Ok.
    7. Your computer will be rebooted automatically. A text file will open after the restart.
    8. Please post the content of that logfile with your next answer.
    9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[C1].txt as well.


    Items for your next post
    1. Fixlog.txt
    2. Adwcleaner.txt
    Attached Files Attached Files

  6. #6

    Re: WU Thread 17707 - For BrianDrab

    Note: I could not uninstall Skype Click to Call. I got error code 2503 followed by 2502


    • The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503.
    • The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502.


    Contents of Fixlog.txt:

    Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
    Ran by Joshua (2015-11-09 17:48:06) Run:1
    Running from C:\Users\Joshua\Desktop
    Loaded Profiles: Joshua (Available Profiles: Joshua)
    Boot Mode: Normal
    ==============================================


    fixlist content:
    *****************
    CreateRestorePoint:
    (Hola Networks Ltd.) C:\Program Files\Hola\app\hola_svc.exe
    (Hola Networks Ltd.) C:\Program Files\Hola\app\hola_updater.exe
    (Hola Networks Ltd.) C:\Program Files\Hola\app\hola.exe
    HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [2031232 2015-11-08] (Hola Networks Ltd.)
    Startup: C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x art angelica good night kiss 1080p mp4 pornleech t10354206.lnk [2015-10-06]
    ShortcutTarget: x art angelica good night kiss 1080p mp4 pornleech t10354206.lnk -> C:\ProgramData\{5810fe60-34b0-8353-5810-0fe6034bf980}\x art angelica good night kiss 1080p mp4 pornleech t10354206.exe (No File)
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    ProxyEnable: [.DEFAULT] => Proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:53720;https=127.0.0.1:53720
    RemoveProxy:
    FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Joshua\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2015-11-08] ()
    FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Joshua\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2015-11-08] (Hola)
    FF Plugin HKU\S-1-5-21-1107761083-2953826425-3119506108-1001: @hola.org/FlashPlayer -> C:\Users\Joshua\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll [2015-11-05] ()
    FF Plugin HKU\S-1-5-21-1107761083-2953826425-3119506108-1001: @hola.org/vlc -> C:\Users\Joshua\AppData\Local\Hola\firefox\app\vlc\npvlc.dll [2015-11-05] (Hola)
    FF Plugin HKU\S-1-5-21-1107761083-2953826425-3119506108-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hola.org/FlashPlayer -> C:\Users\Joshua\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll [2015-11-05] ()
    FF Plugin HKU\S-1-5-21-1107761083-2953826425-3119506108-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hola.org/vlc -> C:\Users\Joshua\AppData\Local\Hola\firefox\app\vlc\npvlc.dll [2015-11-05] (Hola)
    FF Extension: Hola Better Internet - C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\f30p0o61.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-11-05] [not signed]
    CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-11-08]
    R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [8126592 2015-11-08] (Hola Networks Ltd.)
    R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [8104576 2015-10-25] (Hola Networks Ltd.)
    S3 WinRing0_1_2_0; \??\D:\uTorrent Downloads\OpenHardwareMonitor\OpenHardwareMonitor.sys [X]
    Task: {0FF42913-D390-4A83-AE93-E7BE889FC2FD} - \Optimizer Pro Schedule -> No File <==== ATTENTION
    Task: {12109814-316B-4B9D-8A97-B56EEFC35727} - \GPUP -> No File <==== ATTENTION
    Task: {1DADB620-2365-4C4C-A6EE-4C8C98250FB5} - \Inst_Rep -> No File <==== ATTENTION
    Task: {67460191-824B-4AF8-957F-897E198401C4} - \Smp -> No File <==== ATTENTION
    Task: {6E98D15F-38C4-4A72-AB54-8D75C2D6D67D} - System32\Tasks\q5S0ufZaM7kEsN => C:\Users\Joshua\AppData\Roaming\q5S0ufZaM7kEsN.exe <==== ATTENTION
    Task: {78A285E5-303E-48A2-8AE5-2DF0A4B157C5} - \Jelbrus Secure Web Task -> No File <==== ATTENTION
    Task: {9019EEFB-7133-4694-A4C9-7FFFB1B94413} - \PhraseProfessor Auto Updater 1.10.0.24 Core -> No File <==== ATTENTION
    Task: {90C15D79-12DA-4B2D-B097-381D9FE4B9DE} - \SMW_UpdateTask_Time_323836383030323230342d375b553441415045575a4a6c -> No File <==== ATTENTION
    Task: {A9519FD6-6826-4237-81DA-30CE07071F14} - \PhraseProfessor Auto Updater 1.10.0.24 Pending Update -> No File <==== ATTENTION
    Task: {B4E23D7A-D0D4-4C33-8497-CE28E911C54F} - \IBUpd -> No File <==== ATTENTION
    Task: {C05BAA1E-BCFA-469E-BB37-097D019F67FE} - System32\Tasks\Z5gVwJr6AsMBo2zsej18OCHsm15 => C:\Users\Joshua\AppData\Roaming\Z5gVwJr6AsMBo2zsej18OCHsm15.exe <==== ATTENTION
    Task: {F5EF9DE2-2E06-4622-AC82-1D39D4DC0F4F} - System32\Tasks\dpqlgVd => C:\Users\Joshua\AppData\Roaming\dpqlgVd.exe <==== ATTENTION
    Task: {FA0BE9B3-2897-40B9-A916-0C5F8988B6F9} - System32\Tasks\AtaomK7uBOhTd1iUX => C:\Users\Joshua\AppData\Roaming\AtaomK7uBOhTd1iUX.exe <==== ATTENTION
    Task: C:\Windows\Tasks\AtaomK7uBOhTd1iUX.job => C:\Users\Joshua\AppData\Roaming\AtaomK7uBOhTd1iUX.exe <==== ATTENTION
    Task: C:\Windows\Tasks\dpqlgVd.job => C:\Users\Joshua\AppData\Roaming\dpqlgVd.exe <==== ATTENTION
    Task: C:\Windows\Tasks\q5S0ufZaM7kEsN.job => C:\Users\Joshua\AppData\Roaming\q5S0ufZaM7kEsN.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Z5gVwJr6AsMBo2zsej18OCHsm15.job => C:\Users\Joshua\AppData\Roaming\Z5gVwJr6AsMBo2zsej18OCHsm15.exe <==== ATTENTION
    EmptyTemp:
    *****************


    Restore point was successfully created.
    C:\Program Files\Hola\app\hola_svc.exe => No running process found
    C:\Program Files\Hola\app\hola_updater.exe => No running process found
    C:\Program Files\Hola\app\hola.exe => No running process found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\hola => value not found.
    C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x art angelica good night kiss 1080p mp4 pornleech t10354206.lnk => moved successfully
    C:\ProgramData\{5810fe60-34b0-8353-5810-0fe6034bf980}\x art angelica good night kiss 1080p mp4 pornleech t10354206.exe => not found.
    C:\Windows\system32\GroupPolicy\Machine => moved successfully
    C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
    C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully


    ========= RemoveProxy: =========


    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\S-1-5-21-1107761083-2953826425-3119506108-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\S-1-5-21-1107761083-2953826425-3119506108-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully




    ========= End of RemoveProxy: =========


    "HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/FlashPlayer" => key removed successfully
    C:\Users\Joshua\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll => moved successfully
    "HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/vlc" => key removed successfully
    C:\Users\Joshua\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll => moved successfully
    "HKU\S-1-5-21-1107761083-2953826425-3119506108-1001\Software\MozillaPlugins\@hola.org/FlashPlayer" => key removed successfully
    C:\Users\Joshua\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll => moved successfully
    "HKU\S-1-5-21-1107761083-2953826425-3119506108-1001\Software\MozillaPlugins\@hola.org/vlc" => key removed successfully
    C:\Users\Joshua\AppData\Local\Hola\firefox\app\vlc\npvlc.dll => moved successfully
    HKU\S-1-5-21-1107761083-2953826425-3119506108-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\MozillaPlugins\@hola.org/FlashPlayer => key not found.
    C:\Users\Joshua\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll => not found.
    HKU\S-1-5-21-1107761083-2953826425-3119506108-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\MozillaPlugins\@hola.org/vlc => key not found.
    C:\Users\Joshua\AppData\Local\Hola\firefox\app\vlc\npvlc.dll => not found.
    C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\f30p0o61.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack => moved successfully
    C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => not found
    hola_svc => service not found.
    hola_updater => service not found.
    WinRing0_1_2_0 => service removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0FF42913-D390-4A83-AE93-E7BE889FC2FD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FF42913-D390-4A83-AE93-E7BE889FC2FD}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12109814-316B-4B9D-8A97-B56EEFC35727}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12109814-316B-4B9D-8A97-B56EEFC35727}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUP => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DADB620-2365-4C4C-A6EE-4C8C98250FB5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DADB620-2365-4C4C-A6EE-4C8C98250FB5}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Inst_Rep => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{67460191-824B-4AF8-957F-897E198401C4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67460191-824B-4AF8-957F-897E198401C4}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smp => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6E98D15F-38C4-4A72-AB54-8D75C2D6D67D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E98D15F-38C4-4A72-AB54-8D75C2D6D67D}" => key removed successfully
    C:\Windows\System32\Tasks\q5S0ufZaM7kEsN => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\q5S0ufZaM7kEsN" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78A285E5-303E-48A2-8AE5-2DF0A4B157C5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78A285E5-303E-48A2-8AE5-2DF0A4B157C5}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbrus Secure Web Task => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9019EEFB-7133-4694-A4C9-7FFFB1B94413}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9019EEFB-7133-4694-A4C9-7FFFB1B94413}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PhraseProfessor Auto Updater 1.10.0.24 Core => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90C15D79-12DA-4B2D-B097-381D9FE4B9DE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90C15D79-12DA-4B2D-B097-381D9FE4B9DE}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_323836383030323230342d375b553441415045575a4a6c => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A9519FD6-6826-4237-81DA-30CE07071F14}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9519FD6-6826-4237-81DA-30CE07071F14}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PhraseProfessor Auto Updater 1.10.0.24 Pending Update => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4E23D7A-D0D4-4C33-8497-CE28E911C54F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4E23D7A-D0D4-4C33-8497-CE28E911C54F}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C05BAA1E-BCFA-469E-BB37-097D019F67FE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C05BAA1E-BCFA-469E-BB37-097D019F67FE}" => key removed successfully
    C:\Windows\System32\Tasks\Z5gVwJr6AsMBo2zsej18OCHsm15 => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Z5gVwJr6AsMBo2zsej18OCHsm15" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5EF9DE2-2E06-4622-AC82-1D39D4DC0F4F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5EF9DE2-2E06-4622-AC82-1D39D4DC0F4F}" => key removed successfully
    C:\Windows\System32\Tasks\dpqlgVd => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dpqlgVd" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA0BE9B3-2897-40B9-A916-0C5F8988B6F9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA0BE9B3-2897-40B9-A916-0C5F8988B6F9}" => key removed successfully
    C:\Windows\System32\Tasks\AtaomK7uBOhTd1iUX => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AtaomK7uBOhTd1iUX" => key removed successfully
    C:\Windows\Tasks\AtaomK7uBOhTd1iUX.job => moved successfully
    C:\Windows\Tasks\dpqlgVd.job => moved successfully
    C:\Windows\Tasks\q5S0ufZaM7kEsN.job => moved successfully
    C:\Windows\Tasks\Z5gVwJr6AsMBo2zsej18OCHsm15.job => moved successfully
    EmptyTemp: => 512.9 MB temporary data Removed.




    The system needed a reboot.


    ==== End of Fixlog 17:48:34 ====

    Contents of AdwCleaner[C3].txt:

    # AdwCleaner v5.019 - Logfile created 09/11/2015 at 17:56:48
    # Updated 08/11/2015 by Xplode
    # Database : 2015-11-09.1 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : Joshua - JOSHS_MSI
    # Running from : C:\Users\Joshua\Desktop\AdwCleaner.exe
    # Option : Cleaning
    # Support : Forum - ToolsLib


    ***** [ Services ] *****




    ***** [ Folders ] *****


    [-] Folder Deleted : C:\Program Files\Hola
    [-] Folder Deleted : C:\Program Files (x86)\globalUpdate
    [-] Folder Deleted : C:\Program Files (x86)\predm
    [-] Folder Deleted : C:\ProgramData\{5810fe60-34b0-8353-5810-0fe6034bf980}
    [-] Folder Deleted : C:\Users\Joshua\AppData\Local\globalUpdate
    [-] Folder Deleted : C:\Users\Joshua\AppData\Local\Hola
    [-] Folder Deleted : C:\Users\Joshua\AppData\Roaming\Hola


    ***** [ Files ] *****




    ***** [ DLLs ] *****




    ***** [ Shortcuts ] *****




    ***** [ Scheduled tasks ] *****




    ***** [ Registry ] *****


    [-] Key Deleted : HKLM\SOFTWARE\3e1919de-44ab-4cc2-b4d9-a5faece0cc68
    [-] Key Deleted : HKLM\SOFTWARE\4c702055-3100-47f7-a332-73747362fea8
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{2C09954F-CDA8-4BD1-8794-1D543E050378}]
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    [-] Key Deleted : HKCU\Software\GlobalUpdate
    [-] Key Deleted : HKCU\Software\DAILYPCCLEAN
    [-] Key Deleted : HKCU\Software\WEBAPP
    [-] Key Deleted : HKCU\Software\Hola
    [-] Key Deleted : HKCU\Software\__SP__browser_name__SP__
    [-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Hola
    [-] Key Deleted : HKU\.DEFAULT\Software\Hola
    [-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
    [-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_


    ***** [ Web browsers ] *****




    *************************


    :: "Tracing" keys removed
    :: Winsock settings cleared


    ########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [5106 bytes] ##########

  7. #7
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,956

    Re: WU Thread 17707 - For BrianDrab

    Thanks for the info. Please now do the following.

    Step#1 - JRT by Malwarebytes
    1. Download Junkware Removal Tool to your desktop.
    2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    3. The tool will open. Press any key at the Disclaimer screen and the program will start scanning your system.
    4. Please be patient as this can take a while to complete depending on your system's specifications.
    5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    6. Close the text file and reboot your machine.
    7. Post the contents of JRT.txt into your next message.

    Step#2 - Rootkit Scan
    1. Download aswMBR to your desktop.
    2. Right-click on aswMBR.exe and select Run as administrator to run it.
    3. If you get a question about Virtualization Technology, answer Yes.
    4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    5. Click the "Scan" button to start scan.
    6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


    Items for your next post
    1. JRT log
    2. Rootkit Scan results

  8. #8

    Re: WU Thread 17707 - For BrianDrab

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.6.4 (09.28.2015:1)
    OS: Windows 8.1 x64
    Ran by Joshua on 2015-11-09 at 19:42:53.05
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








    ~~~ Services






    ~~~ Tasks






    ~~~ Registry Values


    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_7AF03CD55FBE5121416D410588C61404






    ~~~ Registry Keys






    ~~~ Files






    ~~~ Folders


    Successfully deleted: [Folder] C:\Users\Joshua\Appdata\Local\crashrpt
    Successfully deleted: [Folder] C:\Users\Joshua\Appdata\Local\installer
    Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin






    ~~~ Chrome




    [C:\Users\Joshua\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset


    [C:\Users\Joshua\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:


    [C:\Users\Joshua\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset


    [C:\Users\Joshua\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    []










    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 2015-11-09 at 19:44:29.27
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2015-11-09 19:48:56
    -----------------------------
    19:48:56.193 OS Version: Windows x64 6.2.9200
    19:48:56.193 Number of processors: 8 586 0x3C03
    19:48:56.193 ComputerName: JOSHS_MSI UserName: Joshua
    19:48:56.378 Initialize success
    19:48:56.483 VM: initialized successfully
    19:48:56.484 VM: Intel CPU supported
    19:49:00.649 VM: disk I/O iaStorA.sys
    19:51:53.144 AVAST engine defs: 15110902
    19:52:10.326 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003e
    19:52:10.328 Disk 0 Vendor: TOSHIBA_THNSNJ128G8NU JUXA0102 Size: 122104MB BusType: 11
    19:52:10.330 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000003f
    19:52:10.332 Disk 1 Vendor: HGST_HTS721010A9E630 JB0OA3J0 Size: 953869MB BusType: 11
    19:52:10.339 Disk 0 MBR read successfully
    19:52:10.341 Disk 0 MBR scan
    19:52:10.347 Disk 0 unknown MBR code
    19:52:10.349 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
    19:52:10.377 Disk 0 scanning C:\Windows\system32\drivers
    19:52:17.224 Service scanning
    19:52:34.409 Modules scanning
    19:52:34.426 Disk 0 trace - called modules:
    19:52:34.441 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
    19:52:34.450 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001927de060]
    19:52:34.457 3 CLASSPNP.SYS[fffff800dcb9e170] -> nt!IofCallDriver -> [0xffffe00190189520]
    19:52:34.461 5 ACPI.sys[fffff800dcef2c21] -> nt!IofCallDriver -> [0xffffe0019018b9f0]
    19:52:34.466 7 ACPI.sys[fffff800dcef2c21] -> nt!IofCallDriver -> \Device\0000003e[0xffffe0019018b060]
    19:52:34.613 AVAST engine scan C:\Windows
    19:52:35.519 AVAST engine scan C:\Windows\system32
    19:55:26.591 AVAST engine scan C:\Windows\system32\drivers
    19:55:33.666 AVAST engine scan C:\Users\Joshua
    19:59:59.666 AVAST engine scan C:\ProgramData
    20:01:16.787 Disk 0 statistics 5938096/0/0 @ 3693.58 MB/s
    20:01:16.791 Scan finished successfully
    21:41:17.503 Disk 0 MBR has been saved successfully to "C:\Users\Joshua\Desktop\MBR.dat"
    21:41:17.508 The log file has been saved successfully to "C:\Users\Joshua\Desktop\aswMBR.txt"

  9. #9
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,956

    Re: WU Thread 17707 - For BrianDrab

    Thanks. Last few things.

    Step#1 - Keeping Java Updated
    WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
    I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to disable Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.

    Note: If you don't use Java or don't know if you need it I would uninstall it.

    If you wish to keep it please follow the instructions below to update to the newest version.
    1. Click the Start button
    2. Type Java
    3. Click on Configure Java in the search results
    4. Click the Update tab
    5. Click the Update Now button and allow the update to download/install.

    Step#2 - Malwarebytes Scan

    • Open Malwarebytes. I see you have it installed.
    • If an update is found you will be prompted to download and install. Go ahead.
    • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
    • Click the Scan button at the top of the form and then click Start Scan button and let complete.
    • If malware was detected you can now click the Remove Selected Button. If no malware was detected you can skip the rest of these bullet items and go to the next step which is to retrieve the Malwarebytes log.
    • Once the malware is removed you may get a prompt asking you to reboot. Note: Please answer Yes.
    • .


    Step#3 - Retrieve Malwarebytes Log
    1. Open up the Malwarebytes program again if it's not already. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
    2. Click the History button as shown in the picture below.
    3. Click Application Logs as shown in the picture below.
    4. Click on the most recent Scan Log as shown in the picture below.


    5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post (Right-click your mouse in the post and select Paste).



    Step#4 - Fresh Set of Logs

    1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
    2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
    3. Press Scan button.
    4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
    5. Please copy and paste log back here.
    6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.



    Items for your next post
    1. Malwarebytes log
    2. FRST and Addition logs

  10. #10

    Re: WU Thread 17707 - For BrianDrab

    Hi BrianDrab,

    How are we doing here? Making any progress? Any idea what the source of the problem is yet?

    When I tried to uninstall Jave 8 Update 40 I got the same error code as with Skype Click to Call (2503 and 2502).

    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Scan Date: 2015-11-10
    Scan Time: 8:41 AM
    Logfile:
    Administrator: Yes


    Version: 2.2.0.1024
    Malware Database: v2015.11.10.03
    Rootkit Database: v2015.11.04.02
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled


    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Joshua


    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 442696
    Time Elapsed: 17 min, 45 sec


    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled


    Processes: 0
    (No malicious items detected)


    Modules: 0
    (No malicious items detected)


    Registry Keys: 0
    (No malicious items detected)


    Registry Values: 0
    (No malicious items detected)


    Registry Data: 0
    (No malicious items detected)


    Folders: 0
    (No malicious items detected)


    Files: 0
    (No malicious items detected)


    Physical Sectors: 0
    (No malicious items detected)




    (end)
    Attached Files Attached Files

  11. #11
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,956

    Re: WU Thread 17707 - For BrianDrab

    Your logs look very clean so yes we are making progress. Let's focus on your issues now. I need you to run a chkdsk.

    Step#1 - ChkDsk Scan
    1. Right-click your Start button and select Command Prompt (Admin). Answer Yes to allow if the User Account Control dialog comes up.
    2. You should now have a black window open that you can type in to.
    3. Please type chkdsk and then press enter.
    4. Chkdsk will start to run. Please allow it to finish. You will know it is running when you see text as follows.


    5. Download ListChkdskResult.exe by SleepyDude and save it on your desktop. If it's already downloaded to your desktop, just skip this step.
    6. Right-click this file and select Run as administrator (Allow if prompted)and a text file will open (and also be saved on the desktop as ListChkdskResult.txt).
    Please copy the contents of this file and paste into your next post.

  12. #12

    Re: WU Thread 17707 - For BrianDrab

    ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013


    ------< Log generate on 2015-11-10 9:42:49 AM >------
    Category: 0
    Computer Name: Joshs_MSI
    Event Code: 26212
    Record Number: 116940
    Source Name: Chkdsk
    Time Written: 11-10-2015 @ 14:42:37
    Event Type: Information
    User:
    Message: Chkdsk was executed in read-only mode on a volume snapshot.


    Checking file system on C:
    The type of the file system is NTFS.
    Volume label is OS_Install.


    WARNING! F parameter not specified.
    Running CHKDSK in read-only mode.


    Stage 1: Examining basic file system structure ...


    846592 file records processed.


    File verification completed.


    8277 large file records processed.




    0 bad file records processed.




    Stage 2: Examining file name linkage ...


    1028072 index entries processed.


    Index verification completed.


    0 unindexed files scanned.




    0 unindexed files recovered.




    Stage 3: Examining security descriptors ...
    Security descriptor verification completed.


    90741 data files processed.


    CHKDSK is verifying Usn Journal...


    38851328 USN bytes processed.


    Usn Journal verification completed.


    Windows has scanned the file system and found no problems.
    No further action is required.


    123980799 KB total disk space.
    96943764 KB in 690548 files.
    418804 KB in 90742 indexes.
    0 KB in bad sectors.
    970923 KB in use by the system.
    65536 KB occupied by the log file.
    25647308 KB available on disk.


    4096 bytes in each allocation unit.
    30995199 total allocation units on disk.
    6411827 allocation units available on disk.


    -----------------------------------------------------------------------
    Category: 0
    Computer Name: Joshs_MSI
    Event Code: 26212
    Record Number: 116843
    Source Name: Chkdsk
    Time Written: 11-10-2015 @ 14:35:47
    Event Type: Information
    User:
    Message: Chkdsk was executed in read-only mode on a volume snapshot.


    Checking file system on C:
    The type of the file system is NTFS.
    Volume label is OS_Install.


    WARNING! F parameter not specified.
    Running CHKDSK in read-only mode.


    Stage 1: Examining basic file system structure ...


    846592 file records processed.


    File verification completed.


    8261 large file records processed.




    0 bad file records processed.




    Stage 2: Examining file name linkage ...


    1028066 index entries processed.


    Index verification completed.


    0 unindexed files scanned.




    0 unindexed files recovered.




    Stage 3: Examining security descriptors ...
    Security descriptor verification completed.


    90738 data files processed.


    CHKDSK is verifying Usn Journal...


    38165592 USN bytes processed.


    Usn Journal verification completed.


    Windows has scanned the file system and found no problems.
    No further action is required.


    123980799 KB total disk space.
    96816588 KB in 690491 files.
    418792 KB in 90739 indexes.
    0 KB in bad sectors.
    969899 KB in use by the system.
    65536 KB occupied by the log file.
    25775520 KB available on disk.


    4096 bytes in each allocation unit.
    30995199 total allocation units on disk.
    6443880 allocation units available on disk.


    -----------------------------------------------------------------------
    Category: 0
    Computer Name: Joshs_MSI
    Event Code: 1001
    Record Number: 107215
    Source Name: Microsoft-Windows-Wininit
    Time Written: 11-09-2015 @ 02:31:14
    Event Type: Information
    User:
    Message:


    Checking file system on C:
    The type of the file system is NTFS.
    Volume label is OS_Install.


    A disk check has been scheduled.
    Windows will now check the disk.


    Stage 1: Examining basic file system structure ...
    832768 file records processed.


    File verification completed.
    8355 large file records processed.


    0 bad file records processed.




    Stage 2: Examining file name linkage ...
    1017878 index entries processed.


    Index verification completed.
    0 unindexed files scanned.


    0 unindexed files recovered.




    Stage 3: Examining security descriptors ...
    Cleaning up 2219 unused index entries from index $SII of file 0x9.
    Cleaning up 2219 unused index entries from index $SDH of file 0x9.
    Cleaning up 2219 unused security descriptors.
    Security descriptor verification completed.
    92556 data files processed.


    CHKDSK is verifying Usn Journal...
    36150424 USN bytes processed.


    Usn Journal verification completed.


    Stage 4: Looking for bad clusters in user file data ...
    832752 files processed.


    File data verification completed.


    Stage 5: Looking for bad, free clusters ...
    978541 free clusters processed.


    Free space verification is complete.


    Windows has made corrections to the file system.
    No further action is required.


    123980799 KB total disk space.
    118678516 KB in 721658 files.
    433644 KB in 92557 indexes.
    0 KB in bad sectors.
    954471 KB in use by the system.
    65536 KB occupied by the log file.
    3914168 KB available on disk.


    4096 bytes in each allocation unit.
    30995199 total allocation units on disk.
    978542 allocation units available on disk.


    Internal Info:
    00 b5 0c 00 8f 6c 0c 00 66 78 16 00 00 00 00 00 .....l..fx......
    eb 02 00 00 3d 00 00 00 00 00 00 00 00 00 00 00 ....=...........


    Windows has finished checking your disk.
    Please wait while your computer restarts.


    -----------------------------------------------------------------------
    Category: 0
    Computer Name: Joshs_MSI
    Event Code: 26226
    Record Number: 107076
    Source Name: Chkdsk
    Time Written: 11-09-2015 @ 01:27:37
    Event Type: Information
    User:
    Message: Chkdsk was executed in scan mode on a volume snapshot.


    Checking file system on D:
    Volume label is Data.


    Stage 1: Examining basic file system structure ...

    106752 file records processed.


    File verification completed.

    748 large file records processed.



    0 bad file records processed.




    Stage 2: Examining file name linkage ...

    119698 index entries processed.


    Index verification completed.








    Stage 3: Examining security descriptors ...
    Security descriptor verification completed.

    6474 data files processed.


    CHKDSK is verifying Usn Journal...

    37789560 USN bytes processed.


    Usn Journal verification completed.


    Windows has scanned the file system and found no problems.
    No further action is required.


    962025471 KB total disk space.
    503824668 KB in 99490 files.
    28024 KB in 6475 indexes.
    239183 KB in use by the system.
    65536 KB occupied by the log file.
    457933596 KB available on disk.


    4096 bytes in each allocation unit.
    240506367 total allocation units on disk.
    114483399 allocation units available on disk.


    ----------------------------------------------------------------------




    Stage 1: Examining basic file system structure ...


    Stage 2: Examining file name linkage ...


    Stage 3: Examining security descriptors ...


    Windows has scanned the file system and found no problems.
    No further action is required.


    -----------------------------------------------------------------------

  13. #13
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,956

    Re: WU Thread 17707 - For BrianDrab

    Good. Are you still having the following issues?

    Programs such as Google Chrome, Firefox, and Adobe Reader routinely stop respondingApplications won't open or come to the front after being minimized to the toolbar

  14. #14

    Re: WU Thread 17707 - For BrianDrab

    At the moment, I cannot replicate either of those problems, but I will keep trying to.

    An issue I am experiencing currnetly is that Windows seems to have deactivated (Windows 8.1 came pre-installed on my laptop).

    I go to Control Panel > System and Security > System, and under Windows activation I see:

    Windows is not activated
    Product ID: Not Available

    I click on Activate Windows which brings me to a screen that says "Activate Windows" and "Thanks, you're all done" but when I check again, Windows is still not activated.

  15. #15

    Re: WU Thread 17707 - For BrianDrab

    Update: I encountered the issue with Adobe Reader. At first, I could bring the program itself up from the taskbar but with multiple documents open, I couldn't (from the taskbar) open a specific document. Then Adobe Reader stopped responding.

  16. #16
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,956

    Re: WU Thread 17707 - For BrianDrab

    Please do the following and let me know when done.

    Step#1 - Run Windows Repairs
    Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.
    1. Download Windows Repair (All-in-One) Portable to your desktop.
    2. Once the file is downloaded, right-click on the file on your desktop and choose Extract All...

    3. Keep the defaults and click the Extract button.
    4. A folder named tweaking.com_windows_repair_aio will be extracted to the desktop. Once the extraction is complete the folder will open.
    5. Inside this folder, there is a folder named Tweaking.com - Windows Repair. Open this folder as well.



    6. Double-click on Repair_Windows.exe to open. Note: Please make sure all of your programs are closed and anything you were working on is saved as we will be rebooting.
    7. When the program opens, click the Reboot to Safe Mode button at the bottom of the screen. Answer Yes to allow.
    8. Once rebooted into Safe Mode, open the program again. When the program opens, click the Repairs tab and click the Open Repairs button.
    9. A backup of your registry will be made. After a few moments you will have many options from which you can choose.
    10. Please click the Unselect All button and then click to enable only the following ones:


    03 - Reset Service Permissions
    04 - Register System Files
    05 - Repair WMI
    06 - Repair Windows Firewall
    10 - Remove Policies Set By Infection
    14 - Remove Temp Files
    15 - Repair Proxy Settings
    21 - Repair MSI (Windows Installer)



    11. Ensure the Restart check box is selected and click the Start Repairs button in the lower right of the screen. This may take some time to run so be patient.

    12. Once the fixes are complete you will be prompted to restart your machine. Answer Yes.

  17. #17

    Re: WU Thread 17707 - For BrianDrab

    Done.

  18. #18
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,956

    Re: WU Thread 17707 - For BrianDrab

    Thanks. Please do the following.

    FRST Fix
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    1. Download attached file and save it to the Desktop.
    Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
    2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
    3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
    Attached Files Attached Files

  19. #19

    Re: WU Thread 17707 - For BrianDrab

    FYI: I got a message from the Action Center that I needed to verify my account on my PC and I did. I didn't check in between Windows Repairs and doing that (whoops), but now Windows is activated again.

    What still concerns me is that I figured if all was fixed, I would see the "Get Windows 10" app, since I have a legitimate copy of Windows 8.1, but I still am not seeing that. I am not positive that that's relevant, just bringing it up in case it is.

  20. #20

    Re: WU Thread 17707 - For BrianDrab

    Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
    Ran by Joshua (2015-11-10 12:11:12) Run:2
    Running from C:\Users\Joshua\Desktop
    Loaded Profiles: Joshua (Available Profiles: Joshua)
    Boot Mode: Normal
    ==============================================


    fixlist content:
    *****************
    Cmd: wevtutil cl application
    Cmd: wevtutil cl system
    Cmd: wevtutil cl security


    *****************




    ========= wevtutil cl application =========




    ========= End of CMD: =========




    ========= wevtutil cl system =========




    ========= End of CMD: =========




    ========= wevtutil cl security =========




    ========= End of CMD: =========




    ==== End of Fixlog 12:11:12 ====

Page 1 of 3 123 Last

Log in

Log in