M melen001 Active member Joined Jun 30, 2016 Posts 40 Location Puerto Rico Jul 15, 2016 #61 Dropbox - CBS.zip
Aura Sysnative Staff, Security Analyst Staff member Joined Mar 16, 2015 Posts 8,061 Jul 15, 2016 #62 Alright so according to the CBS.log, the files are still corrupt, so we'll fix them. I have a new FRST fix ready. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter; Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S); Code: CloseProcesses: CreateRestorePoint: cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd Replace: C:\ReplacementFiles\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\desktop.ini C:\Windows\WinSxS\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\desktop.ini Replace: C:\ReplacementFiles\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\Wildlife.wmv C:\Windows\WinSxS\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\Wildlife.wmv cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms cmd: icacls c:\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Replace: C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\desktop.ini C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\desktop.ini Replace: C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3 C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3 Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480_5sec_6mbps_h264.mp4 C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480_5sec_6mbps_h264.mp4 Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480i_5sec_6mbps_new.mpg C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480i_5sec_6mbps_new.mpg Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480p_5sec_6mbps_new.mpg C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480p_5sec_6mbps_new.mpg Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_10mbps_h264.mp4 C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_10mbps_h264.mp4 Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_MPEG2_HD_15mbps.mpg C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_MPEG2_HD_15mbps.mpg Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_VC1_15mbps.wmv C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_VC1_15mbps.wmv Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsat.wmv C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsat.wmv Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsatencode.wmv C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsatencode.wmv cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Copy and paste its content in your next reply;
Alright so according to the CBS.log, the files are still corrupt, so we'll fix them. I have a new FRST fix ready. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter; Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S); Code: CloseProcesses: CreateRestorePoint: cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd Replace: C:\ReplacementFiles\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\desktop.ini C:\Windows\WinSxS\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\desktop.ini Replace: C:\ReplacementFiles\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\Wildlife.wmv C:\Windows\WinSxS\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\Wildlife.wmv cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms cmd: icacls c:\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Replace: C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\desktop.ini C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\desktop.ini Replace: C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3 C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3 Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480_5sec_6mbps_h264.mp4 C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480_5sec_6mbps_h264.mp4 Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480i_5sec_6mbps_new.mpg C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480i_5sec_6mbps_new.mpg Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480p_5sec_6mbps_new.mpg C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480p_5sec_6mbps_new.mpg Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_10mbps_h264.mp4 C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_10mbps_h264.mp4 Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_MPEG2_HD_15mbps.mpg C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_MPEG2_HD_15mbps.mpg Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_VC1_15mbps.wmv C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_VC1_15mbps.wmv Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsat.wmv C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsat.wmv Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsatencode.wmv C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsatencode.wmv cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Copy and paste its content in your next reply;
M melen001 Active member Joined Jun 30, 2016 Posts 40 Location Puerto Rico Jul 15, 2016 #63 I've also got a file on my desktop named perms..... what is that for??? Fix result of Farbar Recovery Scan Tool (x64) Version: 13-07-2016 02 Ran by melen (2016-07-15 09:31:40) Run:4 Running from C:\Users\melen\Desktop Loaded Profiles: melen (Available Profiles: melen) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd Replace: C:\ReplacementFiles\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\desktop.ini C:\Windows\WinSxS\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\desktop.ini Replace: C:\ReplacementFiles\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\Wildlife.wmv C:\Windows\WinSxS\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\Wildlife.wmv cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms cmd: icacls c:\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Replace: C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\desktop.ini C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\desktop.ini Replace: C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3 C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3 Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480_5sec_6mbps_h264.mp4 C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480_5sec_6mbps_h264.mp4 Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480i_5sec_6mbps_new.mpg C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480i_5sec_6mbps_new.mpg Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480p_5sec_6mbps_new.mpg C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480p_5sec_6mbps_new.mpg Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_10mbps_h264.mp4 C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_10mbps_h264.mp4 Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_MPEG2_HD_15mbps.mpg C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_MPEG2_HD_15mbps.mpg Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_VC1_15mbps.wmv C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_VC1_15mbps.wmv Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsat.wmv C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsat.wmv Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsatencode.wmv C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsatencode.wmv cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms ***************** Processes closed successfully. Restore point was successfully created. ========= icacls c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd /save %userprofile%\desktop\perms ========= processed file: c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= "c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd" => was unlocked "C:\Windows\WinSxS\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\desktop.ini" => not found C:\ReplacementFiles\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\desktop.ini copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\desktop.ini "C:\Windows\WinSxS\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\Wildlife.wmv" => not found C:\ReplacementFiles\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\Wildlife.wmv copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\Wildlife.wmv ========= icacls c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd /setowner "NT SERVICE\TrustedInstaller" ========= processed file: c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= ========= icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms ========= processed file: c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= ========= icacls c:\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /save %userprofile%\desktop\perms ========= c:\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b: The system cannot find the file specified. Successfully processed 0 files; Failed processing 1 files ========= End ofCMD: ========= "c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b" => was unlocked "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\desktop.ini" => not found C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\desktop.ini copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\desktop.ini "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3" => not found C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3 copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3 "Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" -> not found => Could not replace C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3 "Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" -> not found => Could not replace C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3 ========= icacls c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /setowner "NT SERVICE\TrustedInstaller" ========= processed file: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= ========= icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms ========= Successfully processed 0 files; Failed processing 0 files ========= End ofCMD: ========= ========= icacls c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 /save %userprofile%\desktop\perms ========= processed file: c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= "c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4" => was unlocked "C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480_5sec_6mbps_h264.mp4" => not found C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480_5sec_6mbps_h264.mp4 copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480_5sec_6mbps_h264.mp4 "C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480i_5sec_6mbps_new.mpg" => not found C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480i_5sec_6mbps_new.mpg copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480i_5sec_6mbps_new.mpg "C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480p_5sec_6mbps_new.mpg" => not found C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480p_5sec_6mbps_new.mpg copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480p_5sec_6mbps_new.mpg "C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_10mbps_h264.mp4" => not found C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_10mbps_h264.mp4 copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_10mbps_h264.mp4 "C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_MPEG2_HD_15mbps.mpg" => not found C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_MPEG2_HD_15mbps.mpg copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_MPEG2_HD_15mbps.mpg "C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_VC1_15mbps.wmv" => not found C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_VC1_15mbps.wmv copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_VC1_15mbps.wmv "C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsat.wmv" => not found C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsat.wmv copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsat.wmv "C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsatencode.wmv" => not found C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsatencode.wmv copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsatencode.wmv ========= icacls c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 /setowner "NT SERVICE\TrustedInstaller" ========= processed file: c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= ========= icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms ========= processed file: c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= The system needed a reboot. ==== End of Fixlog 09:32:07 ====
I've also got a file on my desktop named perms..... what is that for??? Fix result of Farbar Recovery Scan Tool (x64) Version: 13-07-2016 02 Ran by melen (2016-07-15 09:31:40) Run:4 Running from C:\Users\melen\Desktop Loaded Profiles: melen (Available Profiles: melen) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd Replace: C:\ReplacementFiles\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\desktop.ini C:\Windows\WinSxS\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\desktop.ini Replace: C:\ReplacementFiles\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\Wildlife.wmv C:\Windows\WinSxS\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\Wildlife.wmv cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms cmd: icacls c:\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Replace: C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\desktop.ini C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\desktop.ini Replace: C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3 C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3 Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480_5sec_6mbps_h264.mp4 C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480_5sec_6mbps_h264.mp4 Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480i_5sec_6mbps_new.mpg C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480i_5sec_6mbps_new.mpg Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480p_5sec_6mbps_new.mpg C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480p_5sec_6mbps_new.mpg Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_10mbps_h264.mp4 C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_10mbps_h264.mp4 Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_MPEG2_HD_15mbps.mpg C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_MPEG2_HD_15mbps.mpg Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_VC1_15mbps.wmv C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_VC1_15mbps.wmv Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsat.wmv C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsat.wmv Replace: C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsatencode.wmv C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsatencode.wmv cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms ***************** Processes closed successfully. Restore point was successfully created. ========= icacls c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd /save %userprofile%\desktop\perms ========= processed file: c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= "c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd" => was unlocked "C:\Windows\WinSxS\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\desktop.ini" => not found C:\ReplacementFiles\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\desktop.ini copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\desktop.ini "C:\Windows\WinSxS\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\Wildlife.wmv" => not found C:\ReplacementFiles\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\Wildlife.wmv copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\Wildlife.wmv ========= icacls c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd /setowner "NT SERVICE\TrustedInstaller" ========= processed file: c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= ========= icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms ========= processed file: c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= ========= icacls c:\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /save %userprofile%\desktop\perms ========= c:\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b: The system cannot find the file specified. Successfully processed 0 files; Failed processing 1 files ========= End ofCMD: ========= "c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b" => was unlocked "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\desktop.ini" => not found C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\desktop.ini copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\desktop.ini "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3" => not found C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3 copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3 "Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" -> not found => Could not replace C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3 "Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" -> not found => Could not replace C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Kalimba.mp3 ========= icacls c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /setowner "NT SERVICE\TrustedInstaller" ========= processed file: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= ========= icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms ========= Successfully processed 0 files; Failed processing 0 files ========= End ofCMD: ========= ========= icacls c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 /save %userprofile%\desktop\perms ========= processed file: c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= "c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4" => was unlocked "C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480_5sec_6mbps_h264.mp4" => not found C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480_5sec_6mbps_h264.mp4 copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480_5sec_6mbps_h264.mp4 "C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480i_5sec_6mbps_new.mpg" => not found C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480i_5sec_6mbps_new.mpg copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480i_5sec_6mbps_new.mpg "C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480p_5sec_6mbps_new.mpg" => not found C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480p_5sec_6mbps_new.mpg copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_480p_5sec_6mbps_new.mpg "C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_10mbps_h264.mp4" => not found C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_10mbps_h264.mp4 copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_10mbps_h264.mp4 "C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_MPEG2_HD_15mbps.mpg" => not found C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_MPEG2_HD_15mbps.mpg copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_MPEG2_HD_15mbps.mpg "C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_VC1_15mbps.wmv" => not found C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_VC1_15mbps.wmv copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\Clip_1080_5sec_VC1_15mbps.wmv "C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsat.wmv" => not found C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsat.wmv copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsat.wmv "C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsatencode.wmv" => not found C:\ReplacementFiles\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsatencode.wmv copied successfully to C:\Windows\WinSxS\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\winsatencode.wmv ========= icacls c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 /setowner "NT SERVICE\TrustedInstaller" ========= processed file: c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= ========= icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms ========= processed file: c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4 Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= The system needed a reboot. ==== End of Fixlog 09:32:07 ====
M melen001 Active member Joined Jun 30, 2016 Posts 40 Location Puerto Rico Jul 15, 2016 #64 Just want you to know that my internet provider will be doing some repairs in my neighborhood and I might have my internet connection down for a day or two just in case I don't respond to you. If this happens you know why I haven't responded. As soon as I get my connection back I will message you... just in case this situation does happen.
Just want you to know that my internet provider will be doing some repairs in my neighborhood and I might have my internet connection down for a day or two just in case I don't respond to you. If this happens you know why I haven't responded. As soon as I get my connection back I will message you... just in case this situation does happen.
Aura Sysnative Staff, Security Analyst Staff member Joined Mar 16, 2015 Posts 8,061 Jul 15, 2016 #65 The perms file can be deleted. It was used to store file and folder permissions during the fix. Let's see if the replacements were accepted. Let's run SFC again. System File Checker (SFC) Follow the instructions below to run a SFC scan on your system and to provide the CBS log in your next reply; On Windows Vista & 7, click on the Windows Start Menu, then enter cmd in the search box, right-click on the cmd icon and select Run as Administrator On Windows 8, drag your cursor in the bottom-left corner, and right-click on the metro menu preview, then select Command Prompt (Admin); On Windows 8.1 and Windows 10, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin); Enter the command below and press on Enter; Code: sfc /scannow Note: There's a space between "sfc" and "/scannow"; Once the scan is complete, enter the command below and press on Enter Code: copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt" A file called cbs.txt will have appeared on your Desktop. Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here; Note: Please note that the CBS.log is volatile, which means that if you don't upload it after the SFC scan is completed, it won't have the information from the scan anymore. So archive it and upload it as soon as you can.
The perms file can be deleted. It was used to store file and folder permissions during the fix. Let's see if the replacements were accepted. Let's run SFC again. System File Checker (SFC) Follow the instructions below to run a SFC scan on your system and to provide the CBS log in your next reply; On Windows Vista & 7, click on the Windows Start Menu, then enter cmd in the search box, right-click on the cmd icon and select Run as Administrator On Windows 8, drag your cursor in the bottom-left corner, and right-click on the metro menu preview, then select Command Prompt (Admin); On Windows 8.1 and Windows 10, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin); Enter the command below and press on Enter; Code: sfc /scannow Note: There's a space between "sfc" and "/scannow"; Once the scan is complete, enter the command below and press on Enter Code: copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt" A file called cbs.txt will have appeared on your Desktop. Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here; Note: Please note that the CBS.log is volatile, which means that if you don't upload it after the SFC scan is completed, it won't have the information from the scan anymore. So archive it and upload it as soon as you can.
M melen001 Active member Joined Jun 30, 2016 Posts 40 Location Puerto Rico Jul 15, 2016 #66 Here it is... Dropbox - cbs.txt
M melen001 Active member Joined Jun 30, 2016 Posts 40 Location Puerto Rico Jul 15, 2016 #67 Don't forget that I just might have my internet connection down .... I can see the techs from the company have just arrived so if I don't answer back today you know why.... But I will be back as soon as I get connected....
Don't forget that I just might have my internet connection down .... I can see the techs from the company have just arrived so if I don't answer back today you know why.... But I will be back as soon as I get connected....
Aura Sysnative Staff, Security Analyst Staff member Joined Mar 16, 2015 Posts 8,061 Jul 18, 2016 #68 It seems like the two files with spaces in their names couldn't be replaced. I was expecting this. I'll review the fix tomorrow and adjust it, even if I thought I did.
It seems like the two files with spaces in their names couldn't be replaced. I was expecting this. I'll review the fix tomorrow and adjust it, even if I thought I did.
M melen001 Active member Joined Jun 30, 2016 Posts 40 Location Puerto Rico Jul 18, 2016 #69 Aura said: It seems like the two files with spaces in their names couldn't be replaced. I was expecting this. I'll review the fix tomorrow and adjust it, even if I thought I did. Click to expand... Fine, I'll be expecting your reply with the fix soon... thanks George
Aura said: It seems like the two files with spaces in their names couldn't be replaced. I was expecting this. I'll review the fix tomorrow and adjust it, even if I thought I did. Click to expand... Fine, I'll be expecting your reply with the fix soon... thanks George
Aura Sysnative Staff, Security Analyst Staff member Joined Mar 16, 2015 Posts 8,061 Jul 19, 2016 #70 Alright let's try this. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter; Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S); Code: cmd: icacls c:\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Copy and paste its content in your next reply;
Alright let's try this. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter; Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S); Code: cmd: icacls c:\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Copy and paste its content in your next reply;
M melen001 Active member Joined Jun 30, 2016 Posts 40 Location Puerto Rico Jul 19, 2016 #71 Fix result of Farbar Recovery Scan Tool (x64) Version: 18-07-2016 Ran by melen (2016-07-19 21:27:08) Run:5 Running from C:\Users\melen\Desktop Loaded Profiles: melen (Available Profiles: melen) Boot Mode: Normal ============================================== fixlist content: ***************** cmd: icacls c:\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms ***************** ========= icacls c:\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /save %userprofile%\desktop\perms ========= c:\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b: The system cannot find the file specified. Successfully processed 0 files; Failed processing 1 files ========= End ofCMD: ========= "c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b" => was unlocked "Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" -> not found => Could not replace "Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" -> not found => Could not replace ========= icacls c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /setowner "NT SERVICE\TrustedInstaller" ========= processed file: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= ========= icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms ========= Successfully processed 0 files; Failed processing 0 files ========= End ofCMD: ========= ==== End of Fixlog 21:27:09 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 18-07-2016 Ran by melen (2016-07-19 21:27:08) Run:5 Running from C:\Users\melen\Desktop Loaded Profiles: melen (Available Profiles: melen) Boot Mode: Normal ============================================== fixlist content: ***************** cmd: icacls c:\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms ***************** ========= icacls c:\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /save %userprofile%\desktop\perms ========= c:\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b: The system cannot find the file specified. Successfully processed 0 files; Failed processing 1 files ========= End ofCMD: ========= "c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b" => was unlocked "Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" -> not found => Could not replace "Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" -> not found => Could not replace ========= icacls c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /setowner "NT SERVICE\TrustedInstaller" ========= processed file: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= ========= icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms ========= Successfully processed 0 files; Failed processing 0 files ========= End ofCMD: ========= ==== End of Fixlog 21:27:09 ====
Aura Sysnative Staff, Security Analyst Staff member Joined Mar 16, 2015 Posts 8,061 Jul 20, 2016 #72 Alright, this one will work. Sorry about that. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter; Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S); Code: cmd: icacls c:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Copy and paste its content in your next reply;
Alright, this one will work. Sorry about that. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter; Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S); Code: cmd: icacls c:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Copy and paste its content in your next reply;
M melen001 Active member Joined Jun 30, 2016 Posts 40 Location Puerto Rico Jul 20, 2016 #73 Here you go.... Fix result of Farbar Recovery Scan Tool (x64) Version: 20-07-2016 Ran by melen (2016-07-20 22:05:20) Run:6 Running from C:\Users\melen\Desktop Loaded Profiles: melen (Available Profiles: melen) Boot Mode: Normal ============================================== fixlist content: ***************** cmd: icacls c:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms ***************** ========= icacls c:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /save %userprofile%\desktop\perms ========= processed file: c:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= "c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b" => was unlocked "Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" -> not found => Could not replace "Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" -> not found => Could not replace ========= icacls c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /setowner "NT SERVICE\TrustedInstaller" ========= processed file: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= ========= icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms ========= processed file: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= ==== End of Fixlog 22:05:20 ====
Here you go.... Fix result of Farbar Recovery Scan Tool (x64) Version: 20-07-2016 Ran by melen (2016-07-20 22:05:20) Run:6 Running from C:\Users\melen\Desktop Loaded Profiles: melen (Available Profiles: melen) Boot Mode: Normal ============================================== fixlist content: ***************** cmd: icacls c:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms ***************** ========= icacls c:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /save %userprofile%\desktop\perms ========= processed file: c:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= "c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b" => was unlocked "Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" -> not found => Could not replace "Replace: "C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" "C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3" -> not found => Could not replace ========= icacls c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /setowner "NT SERVICE\TrustedInstaller" ========= processed file: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= ========= icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms ========= processed file: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Successfully processed 1 files; Failed processing 0 files ========= End ofCMD: ========= ==== End of Fixlog 22:05:20 ====
Aura Sysnative Staff, Security Analyst Staff member Joined Mar 16, 2015 Posts 8,061 Jul 21, 2016 #74 Failed once more, but this time the permissions worked. Try this. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter; Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S); Code: cmd: icacls c:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Replace: C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3 C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3 Replace: C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3 C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3 cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Copy and paste its content in your next reply;
Failed once more, but this time the permissions worked. Try this. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter; Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S); Code: cmd: icacls c:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /save %userprofile%\desktop\perms Unlock: c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b Replace: C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3 C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3 Replace: C:\ReplacementFiles\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3 C:\Windows\WinSxS\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Sleep Away.mp3 cmd: icacls c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b /setowner "NT SERVICE\TrustedInstaller" cmd: icacls c:\windows\winsxs\ /restore %userprofile%\desktop\perms Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Copy and paste its content in your next reply;