Jump to content

dllhost.exe*32 multiple processes, total slowdown


Ibflunkie

Recommended Posts

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\hp games\bejeweled 2 deluxe\wtmui_de\sounds\firecrackle.ogg
c:\program files (x86)\hp games\bejeweled 2 deluxe\wtmui_default\sounds\firecrackle.ogg
c:\program files (x86)\hp games\bejeweled 2 deluxe\wtmui_es\sounds\firecrackle.ogg
c:\program files (x86)\hp games\bejeweled 2 deluxe\wtmui_fr\sounds\firecrackle.ogg
c:\program files (x86)\hp games\bejeweled 2 deluxe\wtmui_it\sounds\firecrackle.ogg
c:\program files (x86)\hp games\mah jong quest\images\tile_firecracker-1.pnge
c:\program files (x86)\hp games\mah jong quest\images\tile_firecracker-2.pnge
c:\program files (x86)\hp games\mah jong quest\images\tile_firecracker-3.pnge
c:\program files (x86)\hp games\mah jong quest\images\tile_firecracker1.pnge
c:\program files (x86)\hp games\mah jong quest\images\kwazi3\level5-1cracktop.jpge
c:\program files (x86)\hp games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack1.jpge
c:\program files (x86)\hp games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack2.jpge
c:\users\aaron\appdata\local\virtualstore\program files (x86)\electronic arts\the battle for middle-earth ii\crack\easy good\ini.big
c:\users\aaron\documents\game stuff\games\lotr bfme\bfme i\cracks\ini.big
c:\users\aaron\documents\game stuff\games\lotr bfme\bfme i\cracks\crack\game.dat
c:\users\aaron\documents\game stuff\games\lotr bfme\bfme i\cracks\nocd crack\game.dat
c:\users\aaron\documents\game stuff\games\lotr bfme\bfme i\cracks\nocd crack\hoodlum.nfo
c:\users\aaron\documents\game stuff\games\lotr bfme\bfme i\cracks\original game file\game.dat
c:\users\aaron\documents\game stuff\games\lotr bfme\bfme ii\crack\easy good\ini.big
c:\users\aaron\documents\game stuff\games\lotr bfme\bfme ii\crack\finalbig040b\finalbig.exe
c:\users\aaron\documents\game stuff\games\lotr bfme\bfme ii\crack\finalbig040b\finalbig.ini
c:\users\aaron\documents\game stuff\games\lotr bfme\bfme ii\crack\finalbig040b\readme.txt
c:\users\aaron\documents\game stuff\games\lotr bfme\bfme ii\crack\original ini\ini.big
scanner sequence 3.ZZ.11.JIAPJZ
 ----- EOF -----
 

Link to post
Share on other sites

  • Replies 86
  • Created
  • Last Reply

Top Posters In This Topic

OK. That's identified two other cracked games. The script below will remove the threats flagged by ESET, and the two cracked game folders from CKScanner.

After completing the below, please provide an update on your computer. Is the reboot issue the only issue remaining? Have all malware issues been resolved?

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.

    startc:\users\aaron\appdata\local\virtualstore\program files (x86)\electronic arts\the battle for middle-earth ™ iic:\users\aaron\documents\game stuff\games\lotr bfmeC:\Program Files (x86)\Installer Files\BitTorrent-6.4b.exeC:\Program Files (x86)\Installer Files\Free Ipod Video Converter setup.exeC:\Users\Aaron\AppData\Local\Downloaded Installations\{557CEC25-E448-49C7-883A-40B2460C468C}\Mobile Mouse Server.msiC:\Users\Aaron\AppData\Local\Temp\AskInstallChecker.exeC:\Users\Aaron\AppData\Local\Temp\bitool.dllC:\Users\Aaron\AppData\Local\Temp\~+JF6159530706802982684.tmpC:\Users\Aaron\AppData\Local\Temp\16f8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSFKF674\thisistheindex[1].htmC:\Users\Aaron\Documents\Game Stuff\Games\Star Wars Empire at WarC:\Users\Aaron\Documents\Miscellaneous\Harry Potter Audio Books, movies\j.k. rowling - harry potter series complete [books 1-7] [epub].exeC:\Users\Aaron\Downloads\Galaxy.On.Fire.2.HD-RELOADEDC:\Users\Aaron\Music\LoL_psf\winamp5622_full_emusic-7plus_en-us.exeEmptyTemp:end
  • Click File, Save As and type fixlist.txt as the File Name.
  • Important: The file must be saved in the same location as FRST64.exe.
NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.
  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-10-2014 02
Ran by Aaron at 2014-10-16 10:25:07 Run:5
Running from C:\Users\Aaron\Desktop
Loaded Profile: Aaron (Available profiles: Aaron)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
c:\users\aaron\appdata\local\virtualstore\program files (x86)\electronic arts\the battle for middle-earth ™ ii
c:\users\aaron\documents\game stuff\games\lotr bfme
C:\Program Files (x86)\Installer Files\BitTorrent-6.4b.exe
C:\Program Files (x86)\Installer Files\Free Ipod Video Converter setup.exe
C:\Users\Aaron\AppData\Local\Downloaded Installations\{557CEC25-E448-49C7-883A-40B2460C468C}\Mobile Mouse Server.msi
C:\Users\Aaron\AppData\Local\Temp\AskInstallChecker.exe
C:\Users\Aaron\AppData\Local\Temp\bitool.dll
C:\Users\Aaron\AppData\Local\Temp\~+JF6159530706802982684.tmp
C:\Users\Aaron\AppData\Local\Temp\16f8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSFKF674\thisistheindex[1].htm
C:\Users\Aaron\Documents\Game Stuff\Games\Star Wars Empire at War
C:\Users\Aaron\Documents\Miscellaneous\Harry Potter Audio Books, movies\j.k. rowling - harry potter series complete [books 1-7] [epub].exe
C:\Users\Aaron\Downloads\Galaxy.On.Fire.2.HD-RELOADED
C:\Users\Aaron\Music\LoL_psf\winamp5622_full_emusic-7plus_en-us.exe
EmptyTemp:
end
*****************

"c:\users\aaron\appdata\local\virtualstore\program files (x86)\electronic arts\the battle for middle-earth ™ ii" => File/Directory not found.
c:\users\aaron\documents\game stuff\games\lotr bfme => Moved successfully.
C:\Program Files (x86)\Installer Files\BitTorrent-6.4b.exe => Moved successfully.
C:\Program Files (x86)\Installer Files\Free Ipod Video Converter setup.exe => Moved successfully.
C:\Users\Aaron\AppData\Local\Downloaded Installations\{557CEC25-E448-49C7-883A-40B2460C468C}\Mobile Mouse Server.msi => Moved successfully.
C:\Users\Aaron\AppData\Local\Temp\AskInstallChecker.exe => Moved successfully.
C:\Users\Aaron\AppData\Local\Temp\bitool.dll => Moved successfully.
C:\Users\Aaron\AppData\Local\Temp\~+JF6159530706802982684.tmp => Moved successfully.
C:\Users\Aaron\AppData\Local\Temp\16f8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSFKF674\thisistheindex[1].htm => Moved successfully.
C:\Users\Aaron\Documents\Game Stuff\Games\Star Wars Empire at War => Moved successfully.
C:\Users\Aaron\Documents\Miscellaneous\Harry Potter Audio Books, movies\j.k. rowling - harry potter series complete [books 1-7] [epub].exe => Moved successfully.
C:\Users\Aaron\Downloads\Galaxy.On.Fire.2.HD-RELOADED => Moved successfully.
C:\Users\Aaron\Music\LoL_psf\winamp5622_full_emusic-7plus_en-us.exe => Moved successfully.
 

Link to post
Share on other sites

Just realized that I forgot to answer the questions as well as post the log...

I cannot replicate the reboot issue the same way, which is strange to me, but... I won't rule out the possibility of it happening again, but it hasn't since my last post about it.

I'm seeing no issues otherwise that I know of; the operation has been smooth for some time since the dllhosts disappeared.

Link to post
Share on other sites

OK. 

 

In the meantime, lets check for HDD errors and damaged System Files. 

 

STEP 1
MgeHyNE.png CHKDSK

  • Note: If you have a Solid State Drive (SSD), do not run CHKDSK. Skip STEP 1, and proceed with STEP 2.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo offcmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\chkdskquery.txt"notepad %userprofile%\Desktop\chkdskquery.txtdel %0
  • Click Format. Ensure Wordwrap is unchecked.
  • Click File, Save As and name the file chkdsk.bat.
  • Select All Files as the Save as type.
  • Save the file to your Desktop.
  • Locate chkdsk.bat lmRDSkT.png (W8/7/Vista) on your Desktop. Right-click the icon and click AVOiBNU.jpg Run as administrator.
  • CHKDSK may take up to an hour to complete. Allow the programme to run uninterrupted, and do not use your computer during the process.  
  • Upon completion, a log (chkdskquery.txt) will open on your Desktop. Please copy the contents of the log and paste in your next reply.
     

STEP 2
MgeHyNE.png System File Checker (SFC)

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    sfc /scannowfindstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcresults.txt"notepad %userprofile%\Desktop\sfcresults.txtdel %0
  • Click Format. Ensure Wordwrap is unchecked.
  • Click File, Save As and name the file querysfc.bat.
  • Select All Files as the Save as type.
  • Save the file to your Desktop.
  • Locate querysfc.bat lmRDSkT.png (W8/7/Vista) on your Desktop. Right-click the icon and click AVOiBNU.jpg Run as administrator.
  • Upon completion, a log (sfcresults.txt) will open on your Desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • chkdskquery.txt
  • sfcresults.txt
Link to post
Share on other sites

Okay. Every time I try to run chkdsk.bat, it gives me a message in the command window saying,

 

The process cannot access the file because it is being used by another process.

 

It also opens a blank notepad file titled 'chkdskquery.txt'.     That's it.

 

 

The System File Checker script ran; the log is posted below.

 

 

 

 

2014-10-20 15:24:11, Info                  CSI    00000142 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:24:11, Info                  CSI    00000143 [sR] Beginning Verify and Repair transaction
2014-10-20 15:24:16, Info                  CSI    00000145 [sR] Verify complete
2014-10-20 15:24:17, Info                  CSI    00000146 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:24:17, Info                  CSI    00000147 [sR] Beginning Verify and Repair transaction
2014-10-20 15:24:21, Info                  CSI    00000149 [sR] Verify complete
2014-10-20 15:24:23, Info                  CSI    0000014a [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:24:23, Info                  CSI    0000014b [sR] Beginning Verify and Repair transaction
2014-10-20 15:24:26, Info                  CSI    0000014d [sR] Verify complete
2014-10-20 15:24:28, Info                  CSI    0000014e [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:24:28, Info                  CSI    0000014f [sR] Beginning Verify and Repair transaction
2014-10-20 15:24:31, Info                  CSI    00000151 [sR] Verify complete
2014-10-20 15:24:34, Info                  CSI    00000152 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:24:34, Info                  CSI    00000153 [sR] Beginning Verify and Repair transaction
2014-10-20 15:24:38, Info                  CSI    00000155 [sR] Verify complete
2014-10-20 15:24:40, Info                  CSI    00000156 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:24:40, Info                  CSI    00000157 [sR] Beginning Verify and Repair transaction
2014-10-20 15:24:44, Info                  CSI    00000159 [sR] Verify complete
2014-10-20 15:24:46, Info                  CSI    0000015a [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:24:46, Info                  CSI    0000015b [sR] Beginning Verify and Repair transaction
2014-10-20 15:24:50, Info                  CSI    0000015d [sR] Verify complete
2014-10-20 15:24:52, Info                  CSI    0000015e [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:24:52, Info                  CSI    0000015f [sR] Beginning Verify and Repair transaction
2014-10-20 15:24:55, Info                  CSI    00000161 [sR] Verify complete
2014-10-20 15:24:57, Info                  CSI    00000162 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:24:57, Info                  CSI    00000163 [sR] Beginning Verify and Repair transaction
2014-10-20 15:25:01, Info                  CSI    00000165 [sR] Verify complete
2014-10-20 15:25:03, Info                  CSI    00000166 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:25:03, Info                  CSI    00000167 [sR] Beginning Verify and Repair transaction
2014-10-20 15:25:06, Info                  CSI    00000169 [sR] Verify complete
2014-10-20 15:25:08, Info                  CSI    0000016a [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:25:08, Info                  CSI    0000016b [sR] Beginning Verify and Repair transaction
2014-10-20 15:25:11, Info                  CSI    0000016d [sR] Verify complete
2014-10-20 15:25:13, Info                  CSI    0000016e [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:25:13, Info                  CSI    0000016f [sR] Beginning Verify and Repair transaction
2014-10-20 15:25:16, Info                  CSI    00000171 [sR] Verify complete
2014-10-20 15:25:18, Info                  CSI    00000172 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:25:18, Info                  CSI    00000173 [sR] Beginning Verify and Repair transaction
2014-10-20 15:25:21, Info                  CSI    00000175 [sR] Verify complete
2014-10-20 15:25:22, Info                  CSI    00000176 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:25:22, Info                  CSI    00000177 [sR] Beginning Verify and Repair transaction
2014-10-20 15:25:26, Info                  CSI    00000179 [sR] Verify complete
2014-10-20 15:25:28, Info                  CSI    0000017a [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:25:28, Info                  CSI    0000017b [sR] Beginning Verify and Repair transaction
2014-10-20 15:25:31, Info                  CSI    0000017d [sR] Verify complete
2014-10-20 15:25:33, Info                  CSI    0000017e [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:25:33, Info                  CSI    0000017f [sR] Beginning Verify and Repair transaction
2014-10-20 15:25:36, Info                  CSI    00000181 [sR] Verify complete
2014-10-20 15:25:38, Info                  CSI    00000182 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:25:38, Info                  CSI    00000183 [sR] Beginning Verify and Repair transaction
2014-10-20 15:25:42, Info                  CSI    00000185 [sR] Verify complete
2014-10-20 15:25:43, Info                  CSI    00000186 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:25:43, Info                  CSI    00000187 [sR] Beginning Verify and Repair transaction
2014-10-20 15:25:47, Info                  CSI    00000189 [sR] Verify complete
2014-10-20 15:25:49, Info                  CSI    0000018a [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:25:49, Info                  CSI    0000018b [sR] Beginning Verify and Repair transaction
2014-10-20 15:25:52, Info                  CSI    0000018d [sR] Verify complete
2014-10-20 15:25:53, Info                  CSI    0000018e [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:25:53, Info                  CSI    0000018f [sR] Beginning Verify and Repair transaction
2014-10-20 15:25:57, Info                  CSI    00000191 [sR] Verify complete
2014-10-20 15:25:58, Info                  CSI    00000192 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:25:58, Info                  CSI    00000193 [sR] Beginning Verify and Repair transaction
2014-10-20 15:26:02, Info                  CSI    00000195 [sR] Verify complete
2014-10-20 15:26:03, Info                  CSI    00000196 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:26:03, Info                  CSI    00000197 [sR] Beginning Verify and Repair transaction
2014-10-20 15:26:06, Info                  CSI    00000199 [sR] Verify complete
2014-10-20 15:26:08, Info                  CSI    0000019a [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:26:08, Info                  CSI    0000019b [sR] Beginning Verify and Repair transaction
2014-10-20 15:26:12, Info                  CSI    0000019d [sR] Verify complete
2014-10-20 15:26:13, Info                  CSI    0000019e [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:26:13, Info                  CSI    0000019f [sR] Beginning Verify and Repair transaction
2014-10-20 15:26:17, Info                  CSI    000001a1 [sR] Verify complete
2014-10-20 15:26:19, Info                  CSI    000001a2 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:26:19, Info                  CSI    000001a3 [sR] Beginning Verify and Repair transaction
2014-10-20 15:26:22, Info                  CSI    000001a5 [sR] Verify complete
2014-10-20 15:26:23, Info                  CSI    000001a6 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:26:23, Info                  CSI    000001a7 [sR] Beginning Verify and Repair transaction
2014-10-20 15:26:27, Info                  CSI    000001a9 [sR] Verify complete
2014-10-20 15:26:28, Info                  CSI    000001aa [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:26:28, Info                  CSI    000001ab [sR] Beginning Verify and Repair transaction
2014-10-20 15:26:32, Info                  CSI    000001ad [sR] Verify complete
2014-10-20 15:26:33, Info                  CSI    000001ae [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:26:33, Info                  CSI    000001af [sR] Beginning Verify and Repair transaction
2014-10-20 15:26:37, Info                  CSI    000001b1 [sR] Verify complete
2014-10-20 15:26:38, Info                  CSI    000001b2 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:26:38, Info                  CSI    000001b3 [sR] Beginning Verify and Repair transaction
2014-10-20 15:26:41, Info                  CSI    000001b5 [sR] Verify complete
2014-10-20 15:26:42, Info                  CSI    000001b6 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:26:42, Info                  CSI    000001b7 [sR] Beginning Verify and Repair transaction
2014-10-20 15:26:49, Info                  CSI    000001b9 [sR] Verify complete
2014-10-20 15:26:50, Info                  CSI    000001ba [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:26:50, Info                  CSI    000001bb [sR] Beginning Verify and Repair transaction
2014-10-20 15:26:55, Info                  CSI    000001bd [sR] Verify complete
2014-10-20 15:26:56, Info                  CSI    000001be [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:26:56, Info                  CSI    000001bf [sR] Beginning Verify and Repair transaction
2014-10-20 15:26:59, Info                  CSI    000001c1 [sR] Verify complete
2014-10-20 15:27:01, Info                  CSI    000001c2 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:27:01, Info                  CSI    000001c3 [sR] Beginning Verify and Repair transaction
2014-10-20 15:27:05, Info                  CSI    000001c5 [sR] Verify complete
2014-10-20 15:27:06, Info                  CSI    000001c6 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:27:06, Info                  CSI    000001c7 [sR] Beginning Verify and Repair transaction
2014-10-20 15:27:10, Info                  CSI    000001c9 [sR] Verify complete
2014-10-20 15:27:11, Info                  CSI    000001ca [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:27:11, Info                  CSI    000001cb [sR] Beginning Verify and Repair transaction
2014-10-20 15:27:13, Info                  CSI    000001cd [sR] Verify complete
2014-10-20 15:27:13, Info                  CSI    000001ce [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:27:13, Info                  CSI    000001cf [sR] Beginning Verify and Repair transaction
2014-10-20 15:27:16, Info                  CSI    000001d1 [sR] Verify complete
2014-10-20 15:27:16, Info                  CSI    000001d2 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:27:16, Info                  CSI    000001d3 [sR] Beginning Verify and Repair transaction
2014-10-20 15:27:18, Info                  CSI    000001d5 [sR] Verify complete
2014-10-20 15:27:19, Info                  CSI    000001d6 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:27:19, Info                  CSI    000001d7 [sR] Beginning Verify and Repair transaction
2014-10-20 15:27:21, Info                  CSI    000001d9 [sR] Verify complete
2014-10-20 15:27:21, Info                  CSI    000001da [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:27:21, Info                  CSI    000001db [sR] Beginning Verify and Repair transaction
2014-10-20 15:27:24, Info                  CSI    000001dd [sR] Verify complete
2014-10-20 15:27:25, Info                  CSI    000001de [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:27:25, Info                  CSI    000001df [sR] Beginning Verify and Repair transaction
2014-10-20 15:27:26, Info                  CSI    000001e1 [sR] Verify complete
2014-10-20 15:27:27, Info                  CSI    000001e2 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:27:27, Info                  CSI    000001e3 [sR] Beginning Verify and Repair transaction
2014-10-20 15:27:29, Info                  CSI    000001e5 [sR] Verify complete
2014-10-20 15:27:29, Info                  CSI    000001e6 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:27:29, Info                  CSI    000001e7 [sR] Beginning Verify and Repair transaction
2014-10-20 15:27:31, Info                  CSI    000001e9 [sR] Verify complete
2014-10-20 15:27:32, Info                  CSI    000001ea [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:27:32, Info                  CSI    000001eb [sR] Beginning Verify and Repair transaction
2014-10-20 15:27:34, Info                  CSI    000001ed [sR] Verify complete
2014-10-20 15:27:34, Info                  CSI    000001ee [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:27:34, Info                  CSI    000001ef [sR] Beginning Verify and Repair transaction
2014-10-20 15:27:36, Info                  CSI    000001f1 [sR] Verify complete
2014-10-20 15:27:37, Info                  CSI    000001f2 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:27:37, Info                  CSI    000001f3 [sR] Beginning Verify and Repair transaction
2014-10-20 15:27:39, Info                  CSI    000001f5 [sR] Verify complete
2014-10-20 15:27:40, Info                  CSI    000001f6 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:27:40, Info                  CSI    000001f7 [sR] Beginning Verify and Repair transaction
2014-10-20 15:27:46, Info                  CSI    000001f9 [sR] Verify complete
2014-10-20 15:27:47, Info                  CSI    000001fa [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:27:47, Info                  CSI    000001fb [sR] Beginning Verify and Repair transaction
2014-10-20 15:27:50, Info                  CSI    000001ff [sR] Verify complete
2014-10-20 15:27:51, Info                  CSI    00000200 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:27:51, Info                  CSI    00000201 [sR] Beginning Verify and Repair transaction
2014-10-20 15:27:57, Info                  CSI    00000204 [sR] Verify complete
2014-10-20 15:27:57, Info                  CSI    00000205 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:27:57, Info                  CSI    00000206 [sR] Beginning Verify and Repair transaction
2014-10-20 15:28:01, Info                  CSI    0000020a [sR] Verify complete
2014-10-20 15:28:01, Info                  CSI    0000020b [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:28:01, Info                  CSI    0000020c [sR] Beginning Verify and Repair transaction
2014-10-20 15:28:06, Info                  CSI    0000020e [sR] Verify complete
2014-10-20 15:28:06, Info                  CSI    0000020f [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:28:06, Info                  CSI    00000210 [sR] Beginning Verify and Repair transaction
2014-10-20 15:28:13, Info                  CSI    00000232 [sR] Verify complete
2014-10-20 15:28:14, Info                  CSI    00000233 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:28:14, Info                  CSI    00000234 [sR] Beginning Verify and Repair transaction
2014-10-20 15:28:19, Info                  CSI    00000239 [sR] Verify complete
2014-10-20 15:28:20, Info                  CSI    0000023a [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:28:20, Info                  CSI    0000023b [sR] Beginning Verify and Repair transaction
2014-10-20 15:28:25, Info                  CSI    0000023d [sR] Verify complete
2014-10-20 15:28:25, Info                  CSI    0000023e [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:28:25, Info                  CSI    0000023f [sR] Beginning Verify and Repair transaction
2014-10-20 15:28:29, Info                  CSI    00000241 [sR] Verify complete
2014-10-20 15:28:30, Info                  CSI    00000242 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:28:30, Info                  CSI    00000243 [sR] Beginning Verify and Repair transaction
2014-10-20 15:28:35, Info                  CSI    00000245 [sR] Verify complete
2014-10-20 15:28:35, Info                  CSI    00000246 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:28:35, Info                  CSI    00000247 [sR] Beginning Verify and Repair transaction
2014-10-20 15:28:44, Info                  CSI    0000024b [sR] Verify complete
2014-10-20 15:28:45, Info                  CSI    0000024c [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:28:45, Info                  CSI    0000024d [sR] Beginning Verify and Repair transaction
2014-10-20 15:28:52, Info                  CSI    00000263 [sR] Verify complete
2014-10-20 15:28:52, Info                  CSI    00000264 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:28:52, Info                  CSI    00000265 [sR] Beginning Verify and Repair transaction
2014-10-20 15:29:03, Info                  CSI    00000267 [sR] Verify complete
2014-10-20 15:29:03, Info                  CSI    00000268 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:29:03, Info                  CSI    00000269 [sR] Beginning Verify and Repair transaction
2014-10-20 15:29:11, Info                  CSI    0000026b [sR] Verify complete
2014-10-20 15:29:12, Info                  CSI    0000026c [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:29:12, Info                  CSI    0000026d [sR] Beginning Verify and Repair transaction
2014-10-20 15:29:14, Info                  CSI    0000026f [sR] Verify complete
2014-10-20 15:29:14, Info                  CSI    00000270 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:29:14, Info                  CSI    00000271 [sR] Beginning Verify and Repair transaction
2014-10-20 15:29:16, Info                  CSI    00000273 [sR] Verify complete
2014-10-20 15:29:16, Info                  CSI    00000274 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:29:16, Info                  CSI    00000275 [sR] Beginning Verify and Repair transaction
2014-10-20 15:29:20, Info                  CSI    00000277 [sR] Verify complete
2014-10-20 15:29:21, Info                  CSI    00000278 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:29:21, Info                  CSI    00000279 [sR] Beginning Verify and Repair transaction
2014-10-20 15:29:27, Info                  CSI    0000028c [sR] Verify complete
2014-10-20 15:29:28, Info                  CSI    0000028d [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:29:28, Info                  CSI    0000028e [sR] Beginning Verify and Repair transaction
2014-10-20 15:29:28, Info                  CSI    00000290 [sR] Verify complete
2014-10-20 15:29:29, Info                  CSI    00000291 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:29:29, Info                  CSI    00000292 [sR] Beginning Verify and Repair transaction
2014-10-20 15:29:32, Info                  CSI    00000294 [sR] Verify complete
2014-10-20 15:29:32, Info                  CSI    00000295 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:29:32, Info                  CSI    00000296 [sR] Beginning Verify and Repair transaction
2014-10-20 15:29:36, Info                  CSI    00000298 [sR] Verify complete
2014-10-20 15:29:36, Info                  CSI    00000299 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:29:36, Info                  CSI    0000029a [sR] Beginning Verify and Repair transaction
2014-10-20 15:29:44, Info                  CSI    0000029c [sR] Verify complete
2014-10-20 15:29:45, Info                  CSI    0000029d [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:29:45, Info                  CSI    0000029e [sR] Beginning Verify and Repair transaction
2014-10-20 15:29:51, Info                  CSI    000002a1 [sR] Verify complete
2014-10-20 15:29:51, Info                  CSI    000002a2 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:29:51, Info                  CSI    000002a3 [sR] Beginning Verify and Repair transaction
2014-10-20 15:29:53, Info                  CSI    000002a5 [sR] Verify complete
2014-10-20 15:29:54, Info                  CSI    000002a6 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:29:54, Info                  CSI    000002a7 [sR] Beginning Verify and Repair transaction
2014-10-20 15:29:59, Info                  CSI    000002a9 [sR] Verify complete
2014-10-20 15:30:00, Info                  CSI    000002aa [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:30:00, Info                  CSI    000002ab [sR] Beginning Verify and Repair transaction
2014-10-20 15:30:03, Info                  CSI    000002ad [sR] Verify complete
2014-10-20 15:30:03, Info                  CSI    000002ae [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:30:03, Info                  CSI    000002af [sR] Beginning Verify and Repair transaction
2014-10-20 15:30:11, Info                  CSI    000002b1 [sR] Verify complete
2014-10-20 15:30:11, Info                  CSI    000002b2 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:30:11, Info                  CSI    000002b3 [sR] Beginning Verify and Repair transaction
2014-10-20 15:30:21, Info                  CSI    000002cb [sR] Verify complete
2014-10-20 15:30:21, Info                  CSI    000002cc [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:30:21, Info                  CSI    000002cd [sR] Beginning Verify and Repair transaction
2014-10-20 15:30:27, Info                  CSI    000002cf [sR] Verify complete
2014-10-20 15:30:27, Info                  CSI    000002d0 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:30:27, Info                  CSI    000002d1 [sR] Beginning Verify and Repair transaction
2014-10-20 15:30:43, Info                  CSI    000002d3 [sR] Verify complete
2014-10-20 15:30:44, Info                  CSI    000002d4 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:30:44, Info                  CSI    000002d5 [sR] Beginning Verify and Repair transaction
2014-10-20 15:30:51, Info                  CSI    000002d7 [sR] Verify complete
2014-10-20 15:30:51, Info                  CSI    000002d8 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:30:51, Info                  CSI    000002d9 [sR] Beginning Verify and Repair transaction
2014-10-20 15:31:02, Info                  CSI    000002db [sR] Verify complete
2014-10-20 15:31:03, Info                  CSI    000002dc [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:31:03, Info                  CSI    000002dd [sR] Beginning Verify and Repair transaction
2014-10-20 15:31:14, Info                  CSI    000002df [sR] Verify complete
2014-10-20 15:31:15, Info                  CSI    000002e0 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:31:15, Info                  CSI    000002e1 [sR] Beginning Verify and Repair transaction
2014-10-20 15:31:19, Info                  CSI    000002e3 [sR] Verify complete
2014-10-20 15:31:20, Info                  CSI    000002e4 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:31:20, Info                  CSI    000002e5 [sR] Beginning Verify and Repair transaction
2014-10-20 15:31:25, Info                  CSI    000002e9 [sR] Verify complete
2014-10-20 15:31:25, Info                  CSI    000002ea [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:31:25, Info                  CSI    000002eb [sR] Beginning Verify and Repair transaction
2014-10-20 15:31:39, Info                  CSI    000002ed [sR] Verify complete
2014-10-20 15:31:39, Info                  CSI    000002ee [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:31:39, Info                  CSI    000002ef [sR] Beginning Verify and Repair transaction
2014-10-20 15:31:44, Info                  CSI    000002f1 [sR] Verify complete
2014-10-20 15:31:44, Info                  CSI    000002f2 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:31:44, Info                  CSI    000002f3 [sR] Beginning Verify and Repair transaction
2014-10-20 15:31:52, Info                  CSI    000002f5 [sR] Verify complete
2014-10-20 15:31:53, Info                  CSI    000002f6 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:31:53, Info                  CSI    000002f7 [sR] Beginning Verify and Repair transaction
2014-10-20 15:31:57, Info                  CSI    000002f9 [sR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-10-20 15:32:01, Info                  CSI    000002fb [sR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-10-20 15:32:01, Info                  CSI    000002fc [sR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2014-10-20 15:32:02, Info                  CSI    000002fe [sR] Verify complete
2014-10-20 15:32:02, Info                  CSI    000002ff [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:32:02, Info                  CSI    00000300 [sR] Beginning Verify and Repair transaction
2014-10-20 15:32:07, Info                  CSI    00000302 [sR] Verify complete
2014-10-20 15:32:08, Info                  CSI    00000303 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:32:08, Info                  CSI    00000304 [sR] Beginning Verify and Repair transaction
2014-10-20 15:32:12, Info                  CSI    00000306 [sR] Verify complete
2014-10-20 15:32:12, Info                  CSI    00000307 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:32:12, Info                  CSI    00000308 [sR] Beginning Verify and Repair transaction
2014-10-20 15:32:19, Info                  CSI    0000030b [sR] Verify complete
2014-10-20 15:32:20, Info                  CSI    0000030c [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:32:20, Info                  CSI    0000030d [sR] Beginning Verify and Repair transaction
2014-10-20 15:32:24, Info                  CSI    0000030f [sR] Verify complete
2014-10-20 15:32:25, Info                  CSI    00000310 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:32:25, Info                  CSI    00000311 [sR] Beginning Verify and Repair transaction
2014-10-20 15:32:30, Info                  CSI    00000314 [sR] Verify complete
2014-10-20 15:32:31, Info                  CSI    00000315 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:32:31, Info                  CSI    00000316 [sR] Beginning Verify and Repair transaction
2014-10-20 15:32:37, Info                  CSI    0000031b [sR] Verify complete
2014-10-20 15:32:38, Info                  CSI    0000031c [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:32:38, Info                  CSI    0000031d [sR] Beginning Verify and Repair transaction
2014-10-20 15:32:43, Info                  CSI    0000031e [sR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2014-10-20 15:32:43, Info                  CSI    0000031f [sR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2014-10-20 15:32:44, Info                  CSI    00000322 [sR] Verify complete
2014-10-20 15:32:45, Info                  CSI    00000323 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:32:45, Info                  CSI    00000324 [sR] Beginning Verify and Repair transaction
2014-10-20 15:32:54, Info                  CSI    00000326 [sR] Verify complete
2014-10-20 15:32:54, Info                  CSI    00000327 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:32:54, Info                  CSI    00000328 [sR] Beginning Verify and Repair transaction
2014-10-20 15:33:00, Info                  CSI    0000032a [sR] Verify complete
2014-10-20 15:33:00, Info                  CSI    0000032b [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:33:00, Info                  CSI    0000032c [sR] Beginning Verify and Repair transaction
2014-10-20 15:33:02, Info                  CSI    0000032e [sR] Verify complete
2014-10-20 15:33:02, Info                  CSI    0000032f [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:33:02, Info                  CSI    00000330 [sR] Beginning Verify and Repair transaction
2014-10-20 15:33:10, Info                  CSI    00000332 [sR] Verify complete
2014-10-20 15:33:11, Info                  CSI    00000333 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:33:11, Info                  CSI    00000334 [sR] Beginning Verify and Repair transaction
2014-10-20 15:33:19, Info                  CSI    00000336 [sR] Verify complete
2014-10-20 15:33:20, Info                  CSI    00000337 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:33:20, Info                  CSI    00000338 [sR] Beginning Verify and Repair transaction
2014-10-20 15:33:27, Info                  CSI    0000033a [sR] Verify complete
2014-10-20 15:33:27, Info                  CSI    0000033b [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:33:27, Info                  CSI    0000033c [sR] Beginning Verify and Repair transaction
2014-10-20 15:33:37, Info                  CSI    0000033e [sR] Verify complete
2014-10-20 15:33:37, Info                  CSI    0000033f [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:33:37, Info                  CSI    00000340 [sR] Beginning Verify and Repair transaction
2014-10-20 15:33:40, Info                  CSI    00000342 [sR] Verify complete
2014-10-20 15:33:41, Info                  CSI    00000343 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:33:41, Info                  CSI    00000344 [sR] Beginning Verify and Repair transaction
2014-10-20 15:33:46, Info                  CSI    00000346 [sR] Verify complete
2014-10-20 15:33:47, Info                  CSI    00000347 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:33:47, Info                  CSI    00000348 [sR] Beginning Verify and Repair transaction
2014-10-20 15:33:56, Info                  CSI    00000353 [sR] Verify complete
2014-10-20 15:33:57, Info                  CSI    00000354 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:33:57, Info                  CSI    00000355 [sR] Beginning Verify and Repair transaction
2014-10-20 15:34:03, Info                  CSI    00000357 [sR] Verify complete
2014-10-20 15:34:04, Info                  CSI    00000358 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:34:04, Info                  CSI    00000359 [sR] Beginning Verify and Repair transaction
2014-10-20 15:34:10, Info                  CSI    0000035b [sR] Verify complete
2014-10-20 15:34:10, Info                  CSI    0000035c [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:34:10, Info                  CSI    0000035d [sR] Beginning Verify and Repair transaction
2014-10-20 15:34:18, Info                  CSI    0000035f [sR] Verify complete
2014-10-20 15:34:18, Info                  CSI    00000360 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:34:18, Info                  CSI    00000361 [sR] Beginning Verify and Repair transaction
2014-10-20 15:34:24, Info                  CSI    00000363 [sR] Verify complete
2014-10-20 15:34:24, Info                  CSI    00000364 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:34:24, Info                  CSI    00000365 [sR] Beginning Verify and Repair transaction
2014-10-20 15:34:25, Info                  CSI    00000367 [sR] Verify complete
2014-10-20 15:34:26, Info                  CSI    00000368 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:34:26, Info                  CSI    00000369 [sR] Beginning Verify and Repair transaction
2014-10-20 15:34:31, Info                  CSI    0000036d [sR] Verify complete
2014-10-20 15:34:32, Info                  CSI    0000036e [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:34:32, Info                  CSI    0000036f [sR] Beginning Verify and Repair transaction
2014-10-20 15:34:38, Info                  CSI    00000374 [sR] Verify complete
2014-10-20 15:34:39, Info                  CSI    00000375 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:34:39, Info                  CSI    00000376 [sR] Beginning Verify and Repair transaction
2014-10-20 15:34:47, Info                  CSI    00000380 [sR] Verify complete
2014-10-20 15:34:47, Info                  CSI    00000381 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:34:47, Info                  CSI    00000382 [sR] Beginning Verify and Repair transaction
2014-10-20 15:34:54, Info                  CSI    0000038e [sR] Verify complete
2014-10-20 15:34:55, Info                  CSI    0000038f [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:34:55, Info                  CSI    00000390 [sR] Beginning Verify and Repair transaction
2014-10-20 15:34:59, Info                  CSI    00000392 [sR] Verify complete
2014-10-20 15:34:59, Info                  CSI    00000393 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:34:59, Info                  CSI    00000394 [sR] Beginning Verify and Repair transaction
2014-10-20 15:35:03, Info                  CSI    00000399 [sR] Verify complete
2014-10-20 15:35:03, Info                  CSI    0000039a [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:35:03, Info                  CSI    0000039b [sR] Beginning Verify and Repair transaction
2014-10-20 15:35:07, Info                  CSI    0000039d [sR] Verify complete
2014-10-20 15:35:08, Info                  CSI    0000039e [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:35:08, Info                  CSI    0000039f [sR] Beginning Verify and Repair transaction
2014-10-20 15:35:14, Info                  CSI    000003c4 [sR] Verify complete
2014-10-20 15:35:14, Info                  CSI    000003c5 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:35:14, Info                  CSI    000003c6 [sR] Beginning Verify and Repair transaction
2014-10-20 15:35:17, Info                  CSI    000003c8 [sR] Verify complete
2014-10-20 15:35:17, Info                  CSI    000003c9 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:35:17, Info                  CSI    000003ca [sR] Beginning Verify and Repair transaction
2014-10-20 15:35:21, Info                  CSI    000003cc [sR] Verify complete
2014-10-20 15:35:22, Info                  CSI    000003cd [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:35:22, Info                  CSI    000003ce [sR] Beginning Verify and Repair transaction
2014-10-20 15:35:26, Info                  CSI    000003d0 [sR] Verify complete
2014-10-20 15:35:26, Info                  CSI    000003d1 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:35:26, Info                  CSI    000003d2 [sR] Beginning Verify and Repair transaction
2014-10-20 15:35:33, Info                  CSI    000003e3 [sR] Verify complete
2014-10-20 15:35:34, Info                  CSI    000003e4 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:35:34, Info                  CSI    000003e5 [sR] Beginning Verify and Repair transaction
2014-10-20 15:35:41, Info                  CSI    000003f1 [sR] Verify complete
2014-10-20 15:35:42, Info                  CSI    000003f2 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:35:42, Info                  CSI    000003f3 [sR] Beginning Verify and Repair transaction
2014-10-20 15:35:46, Info                  CSI    000003f7 [sR] Verify complete
2014-10-20 15:35:47, Info                  CSI    000003f8 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:35:47, Info                  CSI    000003f9 [sR] Beginning Verify and Repair transaction
2014-10-20 15:35:49, Info                  CSI    000003fc [sR] Verify complete
2014-10-20 15:35:50, Info                  CSI    000003fd [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:35:50, Info                  CSI    000003fe [sR] Beginning Verify and Repair transaction
2014-10-20 15:36:02, Info                  CSI    00000401 [sR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2014-10-20 15:36:03, Info                  CSI    00000404 [sR] Verify complete
2014-10-20 15:36:03, Info                  CSI    00000405 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:36:03, Info                  CSI    00000406 [sR] Beginning Verify and Repair transaction
2014-10-20 15:36:06, Info                  CSI    00000408 [sR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2014-10-20 15:36:07, Info                  CSI    0000040b [sR] Verify complete
2014-10-20 15:36:07, Info                  CSI    0000040c [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:36:07, Info                  CSI    0000040d [sR] Beginning Verify and Repair transaction
2014-10-20 15:36:12, Info                  CSI    0000040f [sR] Verify complete
2014-10-20 15:36:13, Info                  CSI    00000410 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:36:13, Info                  CSI    00000411 [sR] Beginning Verify and Repair transaction
2014-10-20 15:36:16, Info                  CSI    00000413 [sR] Verify complete
2014-10-20 15:36:17, Info                  CSI    00000414 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:36:17, Info                  CSI    00000415 [sR] Beginning Verify and Repair transaction
2014-10-20 15:36:22, Info                  CSI    00000419 [sR] Verify complete
2014-10-20 15:36:23, Info                  CSI    0000041a [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:36:23, Info                  CSI    0000041b [sR] Beginning Verify and Repair transaction
2014-10-20 15:36:30, Info                  CSI    00000435 [sR] Verify complete
2014-10-20 15:36:31, Info                  CSI    00000436 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:36:31, Info                  CSI    00000437 [sR] Beginning Verify and Repair transaction
2014-10-20 15:36:45, Info                  CSI    00000439 [sR] Verify complete
2014-10-20 15:36:46, Info                  CSI    0000043a [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:36:46, Info                  CSI    0000043b [sR] Beginning Verify and Repair transaction
2014-10-20 15:36:50, Info                  CSI    0000043d [sR] Verify complete
2014-10-20 15:36:51, Info                  CSI    0000043e [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:36:51, Info                  CSI    0000043f [sR] Beginning Verify and Repair transaction
2014-10-20 15:36:58, Info                  CSI    00000441 [sR] Verify complete
2014-10-20 15:36:58, Info                  CSI    00000442 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:36:58, Info                  CSI    00000443 [sR] Beginning Verify and Repair transaction
2014-10-20 15:37:02, Info                  CSI    00000445 [sR] Verify complete
2014-10-20 15:37:03, Info                  CSI    00000446 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:37:03, Info                  CSI    00000447 [sR] Beginning Verify and Repair transaction
2014-10-20 15:37:12, Info                  CSI    0000044a [sR] Verify complete
2014-10-20 15:37:13, Info                  CSI    0000044b [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:37:13, Info                  CSI    0000044c [sR] Beginning Verify and Repair transaction
2014-10-20 15:37:17, Info                  CSI    0000044e [sR] Verify complete
2014-10-20 15:37:17, Info                  CSI    0000044f [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:37:17, Info                  CSI    00000450 [sR] Beginning Verify and Repair transaction
2014-10-20 15:37:23, Info                  CSI    00000452 [sR] Verify complete
2014-10-20 15:37:23, Info                  CSI    00000453 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:37:23, Info                  CSI    00000454 [sR] Beginning Verify and Repair transaction
2014-10-20 15:37:27, Info                  CSI    00000456 [sR] Verify complete
2014-10-20 15:37:27, Info                  CSI    00000457 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:37:27, Info                  CSI    00000458 [sR] Beginning Verify and Repair transaction
2014-10-20 15:37:32, Info                  CSI    0000045b [sR] Verify complete
2014-10-20 15:37:32, Info                  CSI    0000045c [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:37:32, Info                  CSI    0000045d [sR] Beginning Verify and Repair transaction
2014-10-20 15:37:36, Info                  CSI    0000045f [sR] Verify complete
2014-10-20 15:37:37, Info                  CSI    00000460 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:37:37, Info                  CSI    00000461 [sR] Beginning Verify and Repair transaction
2014-10-20 15:37:43, Info                  CSI    00000466 [sR] Verify complete
2014-10-20 15:37:43, Info                  CSI    00000467 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:37:43, Info                  CSI    00000468 [sR] Beginning Verify and Repair transaction
2014-10-20 15:37:48, Info                  CSI    0000046a [sR] Verify complete
2014-10-20 15:37:48, Info                  CSI    0000046b [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:37:48, Info                  CSI    0000046c [sR] Beginning Verify and Repair transaction
2014-10-20 15:37:57, Info                  CSI    0000046f [sR] Verify complete
2014-10-20 15:37:59, Info                  CSI    00000470 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:37:59, Info                  CSI    00000471 [sR] Beginning Verify and Repair transaction
2014-10-20 15:38:09, Info                  CSI    00000473 [sR] Verify complete
2014-10-20 15:38:09, Info                  CSI    00000474 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:38:09, Info                  CSI    00000475 [sR] Beginning Verify and Repair transaction
2014-10-20 15:38:16, Info                  CSI    00000477 [sR] Verify complete
2014-10-20 15:38:17, Info                  CSI    00000478 [sR] Verifying 100 (0x0000000000000064) components
2014-10-20 15:38:17, Info                  CSI    00000479 [sR] Beginning Verify and Repair transaction
2014-10-20 15:38:24, Info                  CSI    0000047b [sR] Verify complete
2014-10-20 15:38:24, Info                  CSI    0000047c [sR] Verifying 68 (0x0000000000000044) components
2014-10-20 15:38:24, Info                  CSI    0000047d [sR] Beginning Verify and Repair transaction
2014-10-20 15:38:28, Info                  CSI    0000047f [sR] Verify complete
2014-10-20 15:38:28, Info                  CSI    00000480 [sR] Repairing 4 components
2014-10-20 15:38:28, Info                  CSI    00000481 [sR] Beginning Verify and Repair transaction
2014-10-20 15:38:28, Info                  CSI    00000483 [sR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-10-20 15:38:28, Info                  CSI    00000485 [sR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-10-20 15:38:28, Info                  CSI    00000486 [sR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2014-10-20 15:38:28, Info                  CSI    00000487 [sR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2014-10-20 15:38:28, Info                  CSI    00000488 [sR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2014-10-20 15:38:28, Info                  CSI    0000048a [sR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2014-10-20 15:38:28, Info                  CSI    0000048d [sR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2014-10-20 15:38:28, Info                  CSI    00000490 [sR] Repair complete
2014-10-20 15:38:28, Info                  CSI    00000491 [sR] Committing transaction
2014-10-20 15:38:29, Info                  CSI    00000495 [sR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired
 

 

 

 

Not sure if it's important, but this was the results in the command window:

C:\Users\Aaron\Desktop>sfc /scannow

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of them.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log

C:\Users\Aaron\Desktop>findstr /c:"[sR]" C:\Windows\Logs\CBS\CBS.log  1>"C:\User
s\Aaron\Desktop\sfcresults.txt"

C:\Users\Aaron\Desktop>notepad C:\Users\Aaron\Desktop\sfcresults.txt
 

Link to post
Share on other sites

Try running CHKDSK this way. This method may not work either, but please try and let me know.

 

MgeHyNE.png CHKDSK (Alternative Method)

  • Note: If you have a Solid State Drive (SSD), do not run CHKDSK. Skip STEP 1, and proceed with STEP 2.
  • Click Start and type CMD in the Search Bar. Right-Click CMD.exe and select AVOiBNU.jpg Run as administrator.
  • In the command window type the following and press Enter on your keyboard.
    chkdsk c: /x /r
  • If you are prompted to schedule CHKDSK to run the next time the computer restarts, type y and press Enter on your keyboard.
  • Type Exit and press Enter on your keyboard.
  • Restart your computer. CHKDSK will automatically run.
  • Note: This process can take up to an hour
  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type eventvwr.msc and click OK.
  • Click Windows Logs.
  • Right-click Application and click Find.
    • If CHKDSK ran within Windows (you didn't have to restart the computer), type Chkdsk into the text field and click Find Next. The log should appear. Highlight the text, Copy and paste in your next reply.
    • If CHKDSK ran after a restart, type Winlogon (XP) / Wininit (Vista/7) / Chkdsk (8) into the text field and click Find Next. The log should appear. Highlight the text, Copy and paste in your next reply.
  • ​For instructions accompanied by screenshots, please refer to the following article
Link to post
Share on other sites

Check Disk did run after a restart in (I guess) a DOS environment, just text on a black background. It took forever, but it did finish, all five stages. However, following your instructions, and those in the article you've linked, there doesn't seem to be a log file anywhere.

 

Not knowing what would happen next, I decided to take a picture of the finished screen before the computer restarted and booted windows. After telling me stage five was complete, it said 'Windows has checked the file system and found no errors." It then gave a complete breakdown of my memory in kilobytes (so the numbers were huge...), and finished with "windows has finished checking your disk. Please wait while your computer restarts."

Link to post
Share on other sites

OK, that's fine. As the programme did not find any errors I do not need to see the log. 

 

What is the situation regarding restarts? Is your computer still hanging whilst power is cut to your monitor? 

 

If the issue is still present, I'd like you to do the following:

 

F0hoanr.png Clean Boot

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type msconfig and click OK.
  • If prompted for an administrator password or for confirmation, type the password, or provide confirmation.
  • In the General tab, click Selective Startup.
  • Remove the checkmark next to Load startup items.
  • Click the Services tab.
  • Place a checkmark next to Hide all Microsoft services.
  • Click Disable all, followed by OK.
  • When prompted, click Exit without restart. 
  • Shut down your computer normally. 
  • Turn on your computer. 
  • Restart your computer. Does the issue still occur? 

 

---------

 

Reversing the Clean Boot so you boot normally can be done by: 

 

F0hoanr.png Normal Boot

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type msconfig and click OK.
  • If prompted for an administrator password or for confirmation, type the password, or provide confirmation.
  • In the General tab, click Normal Startup, followed by OK.
  • When prompted, click Restart and boot normally into Windows.
Link to post
Share on other sites

OK Aaron, 
 
We'll update your vulnerable software now to reduce the risk of reinfection. 
 
STEP 1
YjhLJro.png DeFogger (Enable)

  • Right-Click DeFogger.exe and select Run as administrator to run the programme.
  • Click Enable, followed by Yes.
  • Upon completion, you will see a Finished! message. Click OK to exit the programme. 
  • If CD Emulation programmes are present and have been enabled, DeFogger will now ask you to reboot your machine. Please allow it to do so by clicking OK.
     

STEP 2
CXrghb6.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 3
EtQetiM.png Remove Outdated Software

  • Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
  • Note: The programmes below may not be present. If this is the case, please skip to the next step.
    • Adobe Reader 9.5.2
    • Java™ SE Runtime Environment 6 Update 1
  • Follow the prompts, and reboot if necessary.
     

STEP 4
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

  • Click the Windows Start Button and type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the Windows User Account Control (UAC) appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 5
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • checkup.txt
  • How is your computer performing? Are there any outstanding issues?
Link to post
Share on other sites

Yes, I do - sorry I hadn't replied yet.

 

Two days ago I ran everything the way you told me, but the computer was.. slow. Where a program like Firefox used to delay only a second or two, it now took 30 seconds of nothing between clicking the launch button and the window actually opening. The processor was hardly being used at all (3-7%), and the RAM remained below 60% used as well; was kind of like a teenager with homework - You tell it to do something, and for no reason at all it waits until it fancies doing it.

 

There were also several restarts involved; four times in a row the machine only booted as far as a DOS cursor in the top left corner of a black screen; the keyboard gave no input. The only thing at that point was the power button on the machine itself, which turned it off three seconds after pushing it. The fifth time I got a "windows failed to start; would you like to run the startup utility or boot normally?" (or somesuch); after choosing to boot normally it finally restarted properly.

 

I was going to try to run it again before I posted my replies, and hadn't had the opportunity yet; I simply forgot that I was already at the four-day limit. I'm on a different machine right now, but when I get home later I will post the logs and info you last requested.

Link to post
Share on other sites

The malware may have caused damage or other issues. 

Lets see if the following makes a difference. You can hold fire with the updates for the time being. 
 
STEP 1
SvSrl2h.png Windows Repair (All-in-One)

  • Please download Windows Repair and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-Click tweaking.com_windows_riepair_aio_setup icon to run the installer.
  • Follow the prompts by clicking Next, and finally, Finish.
  • Go to Step 2 and allow it to run See if Check Disk is Needed by clicking on the Check button.
  • If your see Errors Found On The Drive! Check Disk Is Needed click Do It in the Check Disk (If Needed) box.
  • Go to Step 5 and click Create under System Restore, followed by Backup under Registry Backup.
  • Go to the Start Repairs tab and click Start.
  • Click Select All to select each item, followed by Start.
  • Note: Do NOT use your computer whilst the programme is running. 
  • Upon completion, reboot your computer. 
  • Using Windows Explorer, navigate to the following folder:
    • 64-bit Systems: C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs 
    • 32-bit Systems: C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
  • Open the log. Copy the contents and paste in your next reply.
     

STEP 2
gxJsKn9.png Farbar Service Scanner (FSS)

  • Please download FSS and save the file to your Desktop.
  • Right-Click FSS.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the following items are checked:
    • H5woOOZ.png.
    • TA6BLVm.png.
    • e1PK1mD.png.
    • mQdJltp.png.
    • 7wCHunX.png.
    • wU6iCZ5.png.
  • Click YMLYaf6.png.
  • A log (FSS.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.
Link to post
Share on other sites

Tweaking.com - Windows Repair v2.10.0
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows Vista Home Premium
OS Architecture: 64-bit
OS Version: 6.0.6002
OS Service Pack: Service Pack 2
Computer Name: AARON-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile:
Current Profile SID: S-1-5-21-2270372850-1355340376-1848647039-1000
Current Profile Classes: S-1-5-21-2270372850-1355340376-1848647039-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Aaron\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 02:13:03

Process Count: 73
Commit Total: 1.74 GB
Commit Limit: 8.19 GB
Commit Peak: 2.60 GB
Handle Count: 22846
Kernel Total: 432.02 MB
Kernel Paged: 323.36 MB
Kernel Non Paged: 108.66 MB
System Cache: 2.73 GB
Thread Count: 882
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 4.00 GB
Memory Used: 1.65 GB(41.1792%)
Memory Avail.: 2.35 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 4.00 GB
Memory Used: 1.38 GB(34.4315%)
Memory Avail.: 2.62 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (10/27/2014 5:57:25 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 30
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (10/27/2014 5:57:27 PM)
   Running Repair Under Current User Account
   Done (10/27/2014 5:58:17 PM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (10/27/2014 5:58:17 PM)
   Running Repair Under System Account
   Done (10/27/2014 6:16:30 PM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (10/27/2014 6:16:30 PM)
   Running Repair Under System Account
   Done (10/27/2014 6:22:09 PM)

02 - Reset File Permissions: C:
   C: & Sub Folders
   Start (10/27/2014 6:22:09 PM)
   Trying To Run Repair As Trusted Installer.
   This Repair Is Hidden By Windows Itself.
   You Can See The Repair Working In The Task Manager.
   Running Repair As Trusted Installer
   Done (10/27/2014 7:18:28 PM)

02 - Reset File Permissions: D:
   D: & Sub Folders
   Start (10/27/2014 7:18:28 PM)
   Trying To Run Repair As Trusted Installer.
   This Repair Is Hidden By Windows Itself.
   You Can See The Repair Working In The Task Manager.
   Running Repair As Trusted Installer
   Done (10/27/2014 7:19:01 PM)

02 - Reset File Permissions: All Profiles
   C:\Users & Sub Folders
   Start (10/27/2014 7:19:02 PM)
   Running Repair Under System Account
   Done (10/27/2014 7:31:11 PM)

02 - Reset File Permissions: Current Profile
    & Sub Folders
   Start (10/27/2014 7:31:11 PM)
   Running Repair Under System Account
   Done (10/27/2014 7:31:12 PM)

02 - Reset File Permissions: Cleanup
   Repairing Restricted Folders Permissions To Avoid Infinite Loops
   Start (10/27/2014 7:31:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:31:15 PM)

03 - Reset Service Permissions
   Start (10/27/2014 7:31:15 PM)
   Running Repair Under System Account
   Done (10/27/2014 7:31:22 PM)

04 - Register System Files
   Start (10/27/2014 7:31:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:32:51 PM)

05 - Repair WMI
   Start (10/27/2014 7:32:51 PM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Norton Internet Security Exported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.
   Norton Internet Security Exported.

   Exporting 3rd Party Firewall Info...
   Norton Internet Security Exported.

   Running Repair Under Current User Account
   Done (10/27/2014 7:35:47 PM)

06 - Repair Windows Firewall
   Start (10/27/2014 7:35:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:36:20 PM)

07 - Repair Internet Explorer
   Start (10/27/2014 7:36:20 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:37:28 PM)

08 - Repair MDAC/MS Jet
   Start (10/27/2014 7:37:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:37:59 PM)

09 - Repair Hosts File
   Start (10/27/2014 7:37:59 PM)
   Running Repair Under System Account
   Done (10/27/2014 7:38:00 PM)

10 - Remove Policies Set By Infections
   Start (10/27/2014 7:38:00 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:38:02 PM)

11 - Repair Start Menu Icons Removed By Infections
   Start (10/27/2014 7:38:02 PM)
   Running Repair Under System Account
   Done (10/27/2014 7:38:03 PM)

12 - Repair Icons
   Start (10/27/2014 7:38:03 PM)
   Running Repair Under Current User Account
   Done (10/27/2014 7:38:05 PM)

13 - Repair Winsock & DNS Cache
   Start (10/27/2014 7:38:05 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:38:20 PM)

14 - Remove Temp Files
   Start (10/27/2014 7:38:20 PM)
   Running Repair Under System Account
   Done (10/27/2014 7:38:42 PM)

15 - Repair Proxy Settings
   Start (10/27/2014 7:38:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:38:44 PM)

16 - Unhide Non System Files
   Start (10/27/2014 7:38:44 PM)
   C:\ - Total Files Unhidden: 217 - Check Unhidden_Files.txt for list of files unhidden
   D:\ - Total Files Unhidden: 3 - Check Unhidden_Files.txt for list of files unhidden
   Done (10/27/2014 7:47:45 PM)

17 - Repair Windows Updates
   Start (10/27/2014 7:47:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (10/27/2014 7:48:25 PM)

18 - Repair CD/DVD Missing/Not Working
   Start (10/27/2014 7:48:25 PM)
   iTunes was found, adding UpperFilters for iTunes Reg Key
   UpperFilters added?: True
   Done (10/27/2014 7:48:25 PM)

19 - Repair Volume Shadow Copy Service
   Start (10/27/2014 7:48:25 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:48:56 PM)

20 - Repair Windows Sidebar/Gadgets
   Start (10/27/2014 7:48:56 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:49:10 PM)

21 - Repair MSI (Windows Installer)
   Start (10/27/2014 7:49:10 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:49:26 PM)

22 - Repair Windows Snipping Tool
   Start (10/27/2014 7:49:26 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:49:28 PM)

23.01 - Repair bat Association
   Start (10/27/2014 7:49:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:49:30 PM)

23.02 - Repair cmd Association
   Start (10/27/2014 7:49:30 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:49:32 PM)

23.03 - Repair com Association
   Start (10/27/2014 7:49:32 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:49:34 PM)

23.04 - Repair Directory Association
   Start (10/27/2014 7:49:35 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:49:37 PM)

23.05 - Repair Drive Association
   Start (10/27/2014 7:49:37 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:49:39 PM)

23.06 - Repair exe Association
   Start (10/27/2014 7:49:39 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:49:41 PM)

23.07 - Repair Folder Association
   Start (10/27/2014 7:49:41 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:49:43 PM)

23.08 - Repair inf Association
   Start (10/27/2014 7:49:43 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:49:46 PM)

23.09 - Repair lnk (Shortcuts) Association
   Start (10/27/2014 7:49:46 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:49:48 PM)

23.10 - Repair msc Association
   Start (10/27/2014 7:49:48 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:49:50 PM)

23.11 - Repair reg Association
   Start (10/27/2014 7:49:50 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:49:52 PM)

23.12 - Repair scr Association
   Start (10/27/2014 7:49:52 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:49:54 PM)

24 - Repair Windows Safe Mode
   Start (10/27/2014 7:49:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:49:57 PM)

25 - Repair Print Spooler
   Start (10/27/2014 7:49:57 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:50:14 PM)

26 - Restore Important Windows Services
   Start (10/27/2014 7:50:14 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:50:24 PM)

27 - Set Windows Services To Default Startup
   Start (10/27/2014 7:50:24 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:50:30 PM)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0

31 - Repair Windows 'New' Submenu
   Start (10/27/2014 7:50:31 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2014 7:50:33 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (10/27/2014 7:50:33 PM)
   Total Repair Time: 01:53:10


...YOU MUST RESTART YOUR SYSTEM...
 

 

 

 

 

 

Farbar Service Scanner Version: 21-07-2014
Ran by Aaron (administrator) on 29-10-2014 at 20:01:12
Running from "C:\Users\Aaron\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Link to post
Share on other sites

There are obviously a lot of issues here. As I said in my backdoor warning, modifications, changes, damage, etc can all be made. It's evident your Operating System has sustained significant damage. We've done all we can concerning malware. As far as I'm concerned, your machine is free of malware. What's left is the damage caused by the malware. 
 
You have two choices. We can continue this piecemeal approach, which may or may not yield a successful result. On the otherhand, you can use your recovery partition to restore to a factory image. This will resolve all software issues. 
 
I'm happy to continue trying the piecemeal approach, but you should be aware that a) I specialise in malware removal, not non-malware issues and b) restoring to a factory image will be the quickest and simplest method of resolving the issues you're experiencing.

 

Have a think, and let me know what you think. 

Link to post
Share on other sites

Then I have only a few questions to make my decision.

- My computer seems to be functional, apart from the boot up issues which have always followed an action we performed in this process. Assuming the boot issues stop (a big assumption, I know), is there any other reason I can't simply continue to use it as-is?

- If I do decide to restore to factory defaults, that would eliminate all my personal data from the machine, including years' worth of pictures, videos, and documents from work and school for both my wife and I. What would you recommend as the best way to preserve them (over 400 gigs worth, I believe) and possibly return them to the machine afterwards? Would it be safe to do so now that we've cleared the malware? *I say "cleared" fully aware of the disclaimer you made to me at the beginning about the debatable post-infection security.

Link to post
Share on other sites

Hello,
 

- My computer seems to be functional, apart from the boot up issues which have always followed an action we performed in this process. Assuming the boot issues stop (a big assumption, I know), is there any other reason I can't simply continue to use it as-is?

If this is indeed the only issue currently, then no, there is no reason. 
 

- If I do decide to restore to factory defaults, that would eliminate all my personal data from the machine, including years' worth of pictures, videos, and documents from work and school for both my wife and I. What would you recommend as the best way to preserve them (over 400 gigs worth, I believe) and possibly return them to the machine afterwards? Would it be safe to do so now that we've cleared the malware? *I say "cleared" fully aware of the disclaimer you made to me at the beginning about the debatable post-infection security.

Backing up personal documents, images, etc is fine. 
 
Based on what you've said in your last post, I think I overestimated the exact issues you're currently experiencing. 
I would suggest creating an account here: http://www.vistax64.com/
The techs there may be able to assist with your non-malware issues. 
 
Let me know if this is the route you'd be interested in taking, and I'll provide instructions on how to remove the tools we've used.

Link to post
Share on other sites

OK. 
I'm sorry we couldn't get to the bottom of the boot issue, but I'm pleased all malware-related issues were resolved. 
 
The steps below will remove the tools we've used. I've also provided a list of useful resources on how you can reduce the risk of reinfection, and list of recommended security programmes. 
 
STEP 1
9SN2ePL.png ComboFix Uninstall

  • Press the Windows Key + r on your keyboard at the same time. Type the following text into the Run box:
    ComboFix /Uninstall
  • Click OK.
  • Note: It may appear as if Combofix is installing. This is not the case; the programme is uninstalling. Please do not interrupt the process.
     

STEP 2
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.

Link to post
Share on other sites

Hello Adam! Sorry again for the delay - another long weekend.

 

It looks like we are all good; I haven't had any more trouble, and I have some further direction if I run into any. Removing the tools today went well, except that partway through this process, some part of Norton flagged a false positive on Combofix and arbitrarily deleted the file; I'm not sure if there are any parts left on my system, but Run command "cannot find combofix."

 

The other tools are gone, as is all the malware issues I ever had (it seems).

 

 

I cannot thank you enough for saving my machine. Hard to believe this process has been a little over a month, but you have been a tremendous help with your patience and expertise. As I understand it, this has all been out of the kindness of your heart as a volunteer, helping security-unconscious people like me from half a world away (judging by certain things in your English. Incidentally, I'd be curious to know what part of the world that is).

 

You have my gratitude; is there anything I can do, to repay you for the help?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.