kevinf80 Posted January 12, 2017 ID:1088537 Share Posted January 12, 2017 Thanks for those logs, run the following: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page) The file will be randomly named Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm Run Dr Web Tick the I agree box and select continue Click select objects for scanning Tick all boxes as shown Click the wrench and select automatically apply actions to threats Press start scan The scan will now commence Once the scan has finished click open report <<<--- Do not miss this step A notepad will open Select File > Save as.. Save it to your desktop This log will be excessive, Please attach it to your next reply… Let me see those logs in your reply, also tell me if there is any improvements... Thank you, Kevin... Fixlist.txt Link to post Share on other sites More sharing options...
Donna67 Posted January 12, 2017 Author ID:1088558 Share Posted January 12, 2017 Okay ive downloafed dr web, entered into safe mode and when i try to run dr web it does nothing Link to post Share on other sites More sharing options...
kevinf80 Posted January 12, 2017 ID:1088559 Share Posted January 12, 2017 Right click on DrWeb, are you offered "Run as Administrator" Link to post Share on other sites More sharing options...
Donna67 Posted January 12, 2017 Author ID:1088561 Share Posted January 12, 2017 Tried and it does nothing Link to post Share on other sites More sharing options...
kevinf80 Posted January 12, 2017 ID:1088563 Share Posted January 12, 2017 Delete DrWeb from your Desktop, boot your System to Normal mode. Try DrWeb as follows: Please download Dr.Web CureIt! antivirus and save it to your Desktop. The file size is in excess of 100MB (scroll to bottom of page for free version) NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal. Internet Explorer may show a warning when downloading - the file is safe to download from the provided link. Shutdown your antivirus to avoid any conflicts while scanning. Once the scans have completed please re-enable your antivirus. If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules If needed you can also temporarily disable it from starting with Windows Temporarily turn off any other security add-ons or applications you may also have. Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature. If it does not have a Digital Signature then do not run it. Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer. You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer. Click on the Yes button to start the installer. Click OK to scan your computer in the Enhanced Protection Mode Click on the check box to agree to participate in their software improvement program. Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench. Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button. Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them. Then click on the Start scanning button. If a threat is found you can click on the Action column in the program. Your options will be Cure or Ignore If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure. Then click on the Neutralize button. Once completed click on the green Open Report link. It will open the report in NOTEPAD Save the report to your desktop. The report will be called Cureit.log Close Dr.Web Cureit! Reboot your computer to allow files that were in use to be moved/deleted during reboot. After reboot, attach the log Cureit.log you saved previously in your next reply. Re-Enable your antivirus and other security programs when all done. Link to post Share on other sites More sharing options...
Donna67 Posted January 12, 2017 Author ID:1088566 Share Posted January 12, 2017 (edited) Notice it is taking a long time to reboot the main screen will come up and it will just sit there before the taskbar icons all come up. Okay and i have it running now and assume this will be another long one. I also noticed compared to the first doctor when you sent me this one had me un check temporary files and system restore which I did I hope that is correct if so if then I will get back to you when it's finished if not tonight if it's late tomorrow depending on how long it takes Edited January 12, 2017 by Donna67 Link to post Share on other sites More sharing options...
kevinf80 Posted January 12, 2017 ID:1088569 Share Posted January 12, 2017 Temp Files and System Restore Points are to be left UNChecked... Quote Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them. Link to post Share on other sites More sharing options...
Donna67 Posted January 12, 2017 Author ID:1088570 Share Posted January 12, 2017 (edited) Okay great that's what I did. it looks like it has about an hour and 12 minutes it says so I'll get it to you then and has detected 1 threat so far Edited January 12, 2017 by Donna67 Link to post Share on other sites More sharing options...
Donna67 Posted January 12, 2017 Author ID:1088571 Share Posted January 12, 2017 Actually maybe shorter than that it's down to 43 minutes now Link to post Share on other sites More sharing options...
kevinf80 Posted January 12, 2017 ID:1088574 Share Posted January 12, 2017 Post the log whenever you`re ready, i`ll be online maybe another hour or maybe a bit longer if necessary.... Link to post Share on other sites More sharing options...
Donna67 Posted January 13, 2017 Author ID:1088581 Share Posted January 13, 2017 It is rebooting right now and I will be sending it as soon as it gets back up thanks Link to post Share on other sites More sharing options...
Donna67 Posted January 13, 2017 Author ID:1088582 Share Posted January 13, 2017 It is still rebooting it says preparing windows with a turning Circle so that's all it's doing Link to post Share on other sites More sharing options...
Donna67 Posted January 13, 2017 Author ID:1088583 Share Posted January 13, 2017 It said it could not find my account made me sign out and sign in Link to post Share on other sites More sharing options...
Donna67 Posted January 13, 2017 Author ID:1088584 Share Posted January 13, 2017 okay, also, it took so long because the first time i ran Dr Webb i could not find the log button after i cured it. There was one file i think was named native that was a threat the others where turbo tax files. Sorry Fixlog.txt Addition.txt Link to post Share on other sites More sharing options...
Donna67 Posted January 13, 2017 Author ID:1088586 Share Posted January 13, 2017 it wont let me attach the other file cause it is too large Link to post Share on other sites More sharing options...
kevinf80 Posted January 13, 2017 ID:1088652 Share Posted January 13, 2017 (edited) If you have the DrWeb log zip it up and try to attach again.... Right click on the file, select > send to > Compressed (zipped) folder.. What is the current status of your system, are there any remaining issues or concerns... Thank you, Kevin.. Edited January 13, 2017 by kevinf80 Typng error Link to post Share on other sites More sharing options...
Donna67 Posted January 13, 2017 Author ID:1088734 Share Posted January 13, 2017 Attached is the compressed file. The system is still freezing up at times, even though it is better than it was a few days ago. I have noticed in task manager that the % of cpu, memory and disk are fluctuating alot. Last night i had nothing open and they where running at 8,23,54 then to 6,4,61 showing service host:localsystem retricted at the top of the list. Also under startup programs, it showed 3 services running under the name of "program" which i had never noticed before. I disabled them, rebooted and still had these percent number 6,20,53. This morning when I awoke, my silhouette program was froze and and had to end task to get out. Internet this morning is very sluggish. I have 12 gb of ram, and it used to run alot faster than it is. Thanks for your help cureit.zip Link to post Share on other sites More sharing options...
kevinf80 Posted January 13, 2017 ID:1088740 Share Posted January 13, 2017 That log is clean, continue as follows please: Select the Windows key and X Key together. From the produced list select::Command Promt (Admin) Accept UAC alert... At the Command prompt, typeCHKDSK C: /R hit the Enter key. You will get a message that the drive cannot be locked, but that the command can be scheduled to run at the next boot - hit the Y key, press Enter, and then reboot. The CHKDSK may take a few hours depending on the size of the drive, so be patient! After the CHKDSK has run use the following instructions to find the log: Check Disk report: Press the WindowsKey + R on your keyboard at the same time. Type eventvwr into the run box and click OK. In the left panel, expand Windows Logs and then click on Application. Now, on the right side, click on Filter Current Log. Under Event Sources, (expand the drop down arrow) check only Wininit and click OK. You mayl be presented with one or multiple Wininit logs. Click on an entry corresponding to the date and time of the disk check. On the top main menu, click Action > Copy > Copy Details as Text. Paste the contents into your next reply. Next, Select the Windows key and X Key together. From the produced list select::Command Promt (Admin) At the Command prompt, typeSFC /SCANNOW hit the Enter key Wait for the scan to finish - make a note of any error messages - and then reboot. Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload the zip file to your reply. Let me see those logs, also tell me if there is any improvement.. Thank you, Kevin Link to post Share on other sites More sharing options...
Donna67 Posted January 13, 2017 Author ID:1088774 Share Posted January 13, 2017 Just wantes to let you know i started the chkdsk about 2 1/2 hrs ago and it went right up to 10% and has been sitting there ever since. Wasnt sure if that was normal or not. Thanks Link to post Share on other sites More sharing options...
kevinf80 Posted January 13, 2017 ID:1088775 Share Posted January 13, 2017 Hiya Donna67, Yes CHKDSK can take several hours..... Thank you, Kevin... Link to post Share on other sites More sharing options...
Donna67 Posted January 14, 2017 Author ID:1088844 Share Posted January 14, 2017 Attached is the information from the scans. The scannow stated this: Windows Resource Protection found corrupt files but was unable to fix some of them. Details are in the log. Thanks. chkdsk.txt CBS.zip Link to post Share on other sites More sharing options...
kevinf80 Posted January 14, 2017 ID:1088889 Share Posted January 14, 2017 Download and run SFCFix Please download and run SFCFix from here: www.sysnative.com/niemiro/apps/SFCFix.exe It will take about 15 minutes to process. You will be prompted to select any key to continue several times, Please do so Once the scan has completed a notepad file called SFCFix.txt will launch with the results. Please copy or attach that file to your reply... Let me see that log, also give an update on the status of your PC, any remaining issues, concerns etc... Link to post Share on other sites More sharing options...
Donna67 Posted January 15, 2017 Author ID:1088980 Share Posted January 15, 2017 Okay, I had to work today so I finally got it done. Here it is. Thanks Kevin! SFCFix.txt Link to post Share on other sites More sharing options...
kevinf80 Posted January 15, 2017 ID:1088987 Share Posted January 15, 2017 Is there any improvement with your PC....? Link to post Share on other sites More sharing options...
Donna67 Posted January 15, 2017 Author ID:1089088 Share Posted January 15, 2017 Yes, it has improved alot. I have on program that likes to stall or freeze alot. It is silhouette design studio but that probably is being caused by something else than this virus, not sure what. I haven't acutally been on it much in the last couple of days so if i notice anything i will let you know. Is there anything else I need to do? Link to post Share on other sites More sharing options...
Recommended Posts