Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed Malware and now can't create system restore point


  • Please log in to reply
27 replies to this topic

#1 chriswatson06

chriswatson06

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 02 August 2014 - 02:37 PM

I have been working with Bloopie on removing malware and cleaning up the computer and we have reached a point in our conversation where he can no longer help me and told me to post here for additional help.

 

This is our thread http://www.bleepingcomputer.com/forums/t/540686/wireless-internet-only-works-in-safe-mode-microsoft-security-center-wont-work/

 

To save you time, basically we cleaned out the computer of malware and now we can not seem to get the computer to create new restore points.

 

Any suggestions on how to get this working without having to wipe the system clean?


I run a fitness blog because I'm an expert at getting into shape, but not computers, that's why I use BleepingComputer for all my computer issues :-)


BC AdBot (Login to Remove)

 


#2 SpywareDoc

SpywareDoc

  • Members
  • 674 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland, USA
  • Local time:07:21 AM

Posted 02 August 2014 - 03:14 PM

Might try Fred Langa's No-reformat reinstall. It's a nondestructive Windows reinstall that completely refreshes the operating system but retains your user accounts, data, passwords, and/or installed programs. Here's a link to his Win7's no-reformat, nondestructive reinstall. The process for Vista is nearly identical.



#3 chriswatson06

chriswatson06
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 02 August 2014 - 03:21 PM

@SpywareDoc Bloopie suggested this however we weren't able to proceed with this method because the Upgrade option was greyed out.


I run a fitness blog because I'm an expert at getting into shape, but not computers, that's why I use BleepingComputer for all my computer issues :-)


#4 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,986 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:12:21 PM

Posted 02 August 2014 - 04:21 PM

Hi,

 

@SpywareDoc Bloopie suggested this however we weren't able to proceed with this method because the Upgrade option was greyed out.

 

The disk you have doesn't work because you have Windows Vista Service Pack 2 installed and the Dell disk you have is Windows Vista Service Pack 1 according to the photo you post.

 

This isn't warranty of solving your problems but you could uninstall Service Pack 2 by opening Control Panel > Windows Updates > View Update History and that download and reinstall the SP2, this could help fixing some windows problems.

To avoid possible problems if you decide to do this first Uninstall your Antivirus program and reinstall the AV only after the SP2 reinstall.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#5 chriswatson06

chriswatson06
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 02 August 2014 - 07:04 PM

Thank you sleepy dude, that makes a lot of sense to me! I will work on that, but first i want to share with you my logs from my latest chkdsk /r.

 

Let me know if you still want me to perform the above operation or if you want me to do something different based on the logs.

 

Bloopie said he has never seen a log like this before and suggested I post it here so someone else could take a look so here it goes

 

finished running  chkdsk and then restarted the computer, once it restarted it loaded this before loading windows
https://www.dropbox.com/s/rf4h621ifykvlut/Photo%20Aug%2002%2C%206%2049%2047%20PM.jpg

 

then after this screen there was this screen

https://www.dropbox.com/s/h9y5oos4qh2lpou/Photo%20Aug%2002%2C%206%2049%2050%20PM.jpg

 

I've seen those blue lines in the middle and at top go across the screen before, but only at start up. Is that something to be concerned as well? I read somewhere else it could be something with the chipset drivers for the screen causing that, does that sound familiar?

 

Here is the log, which by the way when Ive ran chkdsk in the past I have seen it delete the same files and then try recovering them as it did this time. strange
 

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          8/2/2014 6:49:56 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      TINE-PC
Description:


Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         
  239680 file records processed.                                  

  731 large file records processed.                            

  0 bad file records processed.                              

  0 EA records processed.                                    

  59 reparse records processed.                               

Unable to locate the file name attribute of index entry hpojscan.inf_loc
of index $I30 with parent 0xb03 in file 0x4e43.
Deleting index entry hpojscan.inf_loc in index $I30 of file 2819.
Unable to locate the file name attribute of index entry hpojwia.dll.mui
of index $I30 with parent 0xb03 in file 0x76f6.
Deleting index entry hpojwia.dll.mui in index $I30 of file 2819.
Unable to locate the file name attribute of index entry iscsicli.exe
of index $I30 with parent 0x1206 in file 0x43b0.
Deleting index entry iscsicli.exe in index $I30 of file 4614.
Unable to locate the file name attribute of index entry iscsidsc.dll
of index $I30 with parent 0x1206 in file 0x43b4.
Deleting index entry iscsidsc.dll in index $I30 of file 4614.
Unable to locate the file name attribute of index entry iscsied.dll
of index $I30 with parent 0x1206 in file 0x43b6.
Deleting index entry iscsied.dll in index $I30 of file 4614.
Unable to locate the file name attribute of index entry iscsiexe.dll
of index $I30 with parent 0x1206 in file 0x43b8.
Deleting index entry iscsiexe.dll in index $I30 of file 4614.
Unable to locate the file name attribute of index entry iscsium.dll
of index $I30 with parent 0x1206 in file 0x43bd.
Deleting index entry iscsium.dll in index $I30 of file 4614.
Unable to locate the file name attribute of index entry iscsiwmi.dll
of index $I30 with parent 0x1206 in file 0x43bf.
Deleting index entry iscsiwmi.dll in index $I30 of file 4614.
Unable to locate the file name attribute of index entry IMTCCJ.IMD
of index $I30 with parent 0x1311 in file 0x30e4.
Deleting index entry IMTCCJ.IMD in index $I30 of file 4881.
Unable to locate the file name attribute of index entry IMTCCJCS.IMD
of index $I30 with parent 0x1311 in file 0x30e5.
Deleting index entry IMTCCJCS.IMD in index $I30 of file 4881.
Unable to locate the file name attribute of index entry IMTCEN.CHM
of index $I30 with parent 0x1311 in file 0x30ec.
Deleting index entry IMTCEN.CHM in index $I30 of file 4881.
Unable to locate the file name attribute of index entry IMTCL.IMD
of index $I30 with parent 0x1311 in file 0x30e6.
Deleting index entry IMTCL.IMD in index $I30 of file 4881.
Unable to locate the file name attribute of index entry IMTCLS.IMD
of index $I30 with parent 0x1311 in file 0x30e7.
Deleting index entry IMTCLS.IMD in index $I30 of file 4881.
Unable to locate the file name attribute of index entry IMTCPH.IMD
of index $I30 with parent 0x1311 in file 0x30e8.
Deleting index entry IMTCPH.IMD in index $I30 of file 4881.
Unable to locate the file name attribute of index entry IMTCPHCS.IMD
of index $I30 with parent 0x1311 in file 0x30e9.
Deleting index entry IMTCPHCS.IMD in index $I30 of file 4881.
Unable to locate the file name attribute of index entry IMTCTC.CHM
of index $I30 with parent 0x1311 in file 0x30ed.
Deleting index entry IMTCTC.CHM in index $I30 of file 4881.
Unable to locate the file name attribute of index entry cic.dll
of index $I30 with parent 0x145e in file 0x40be.
Deleting index entry cic.dll in index $I30 of file 5214.
Unable to locate the file name attribute of index entry mmc.mof
of index $I30 with parent 0x145e in file 0x8045.
Deleting index entry mmc.mof in index $I30 of file 5214.
Unable to locate the file name attribute of index entry mmcbase.dll
of index $I30 with parent 0x145e in file 0x4502.
Deleting index entry mmcbase.dll in index $I30 of file 5214.
Unable to locate the file name attribute of index entry mmcshext.dll
of index $I30 with parent 0x145e in file 0x4506.
Deleting index entry mmcshext.dll in index $I30 of file 5214.
Unable to locate the file name attribute of index entry newdev.mof
of index $I30 with parent 0x1676 in file 0x8065.
Deleting index entry newdev.mof in index $I30 of file 5750.
Unable to locate the file name attribute of index entry pcl.sep
of index $I30 with parent 0x173a in file 0x4701.
Deleting index entry pcl.sep in index $I30 of file 5946.
Unable to locate the file name attribute of index entry pscript.sep
of index $I30 with parent 0x173a in file 0x475a.
Deleting index entry pscript.sep in index $I30 of file 5946.
Unable to locate the file name attribute of index entry sysprint.sep
of index $I30 with parent 0x173a in file 0x48c2.
Deleting index entry sysprint.sep in index $I30 of file 5946.
Unable to locate the file name attribute of index entry sysprtj.sep
of index $I30 with parent 0x173a in file 0x48c3.
Deleting index entry sysprtj.sep in index $I30 of file 5946.
Unable to locate the file name attribute of index entry cscript.exe
of index $I30 with parent 0x1745c in file 0x18ef6.
Deleting index entry cscript.exe in index $I30 of file 95324.
Unable to locate the file name attribute of index entry scrobj.dll
of index $I30 with parent 0x1745c in file 0x18f39.
Deleting index entry scrobj.dll in index $I30 of file 95324.
Unable to locate the file name attribute of index entry scrrun.dll
of index $I30 with parent 0x1745c in file 0x18f8d.
Deleting index entry scrrun.dll in index $I30 of file 95324.
Unable to locate the file name attribute of index entry wscript.exe
of index $I30 with parent 0x1745c in file 0x18e72.
Deleting index entry wscript.exe in index $I30 of file 95324.
Unable to locate the file name attribute of index entry wshom.ocx
of index $I30 with parent 0x1745c in file 0x18dd5.
Deleting index entry wshom.ocx in index $I30 of file 95324.
  295018 index entries processed.                                 

CHKDSK is recovering lost files.
Recovering orphaned file IMTCCJ.IMD (12516) into directory file 4881.
Recovering orphaned file IMTCCJCS.IMD (12517) into directory file 4881.
Recovering orphaned file IMTCL.IMD (12518) into directory file 4881.
Recovering orphaned file IMTCLS.IMD (12519) into directory file 4881.
Recovering orphaned file IMTCPH.IMD (12520) into directory file 4881.
Recovering orphaned file IMTCPHCS.IMD (12521) into directory file 4881.
Recovering orphaned file IMTCEN.CHM (12524) into directory file 4881.
Recovering orphaned file IMTCTC.CHM (12525) into directory file 4881.
Recovering orphaned file cic.dll (16574) into directory file 5214.
Recovering orphaned file iscsicli.exe (17328) into directory file 4614.
Recovering orphaned file iscsidsc.dll (17332) into directory file 4614.
Recovering orphaned file iscsied.dll (17334) into directory file 4614.
Recovering orphaned file iscsiexe.dll (17336) into directory file 4614.
Recovering orphaned file iscsium.dll (17341) into directory file 4614.
Recovering orphaned file iscsiwmi.dll (17343) into directory file 4614.
Recovering orphaned file mmcbase.dll (17666) into directory file 5214.
Recovering orphaned file mmcshext.dll (17670) into directory file 5214.
Recovering orphaned file pcl.sep (18177) into directory file 5946.
Recovering orphaned file pscript.sep (18266) into directory file 5946.
Recovering orphaned file sysprint.sep (18626) into directory file 5946.
Recovering orphaned file sysprtj.sep (18627) into directory file 5946.
Recovering orphaned file hpojscan.inf_loc (20035) into directory file 2819.
Recovering orphaned file hpojwia.dll.mui (30454) into directory file 2819.
Recovering orphaned file mmc.mof (32837) into directory file 5214.
Recovering orphaned file newdev.mof (32869) into directory file 5750.
Recovering orphaned file wshom.ocx (101845) into directory file 95324.
Recovering orphaned file wscript.exe (102002) into directory file 95324.
Recovering orphaned file cscript.exe (102134) into directory file 95324.
Recovering orphaned file scrobj.dll (102201) into directory file 95324.
  30 unindexed files processed.                               

Recovering orphaned file scrrun.dll (102285) into directory file 95324.
  239680 security descriptors processed.                          

Cleaning up 206 unused index entries from index $SII of file 0x9.
Cleaning up 206 unused index entries from index $SDH of file 0x9.
Cleaning up 206 unused security descriptors.
  27670 data files processed.                                    

CHKDSK is verifying Usn Journal...
  36258896 USN bytes processed.                                     

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  239664 files processed.                                         

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  18159570 free clusters processed.                                 

Free space verification is complete.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Windows has made corrections to the file system.

 299365371 KB total disk space.
 226262328 KB in 167749 files.
    108688 KB in 27671 indexes.
         0 KB in bad sectors.
    356075 KB in use by the system.
     65536 KB occupied by the log file.
  72638280 KB available on disk.

      4096 bytes in each allocation unit.
  74841342 total allocation units on disk.
  18159570 allocation units available on disk.

Internal Info:
40 a8 03 00 68 fb 02 00 34 7b 05 00 00 00 00 00  @...h...4{......
32 11 00 00 3b 00 00 00 00 00 00 00 00 00 00 00  2...;...........
42 00 00 00 a2 73 67 77 e8 83 36 00 e8 7b 36 00  B....sgw..6..{6.

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-08-02T22:49:56.000Z" />
    <EventRecordID>159294</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>TINE-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         
  239680 file records processed.                                  

  731 large file records processed.                            

  0 bad file records processed.                              

  0 EA records processed.                                    

  59 reparse records processed.                               

Unable to locate the file name attribute of index entry hpojscan.inf_loc
of index $I30 with parent 0xb03 in file 0x4e43.
Deleting index entry hpojscan.inf_loc in index $I30 of file 2819.
Unable to locate the file name attribute of index entry hpojwia.dll.mui
of index $I30 with parent 0xb03 in file 0x76f6.
Deleting index entry hpojwia.dll.mui in index $I30 of file 2819.
Unable to locate the file name attribute of index entry iscsicli.exe
of index $I30 with parent 0x1206 in file 0x43b0.
Deleting index entry iscsicli.exe in index $I30 of file 4614.
Unable to locate the file name attribute of index entry iscsidsc.dll
of index $I30 with parent 0x1206 in file 0x43b4.
Deleting index entry iscsidsc.dll in index $I30 of file 4614.
Unable to locate the file name attribute of index entry iscsied.dll
of index $I30 with parent 0x1206 in file 0x43b6.
Deleting index entry iscsied.dll in index $I30 of file 4614.
Unable to locate the file name attribute of index entry iscsiexe.dll
of index $I30 with parent 0x1206 in file 0x43b8.
Deleting index entry iscsiexe.dll in index $I30 of file 4614.
Unable to locate the file name attribute of index entry iscsium.dll
of index $I30 with parent 0x1206 in file 0x43bd.
Deleting index entry iscsium.dll in index $I30 of file 4614.
Unable to locate the file name attribute of index entry iscsiwmi.dll
of index $I30 with parent 0x1206 in file 0x43bf.
Deleting index entry iscsiwmi.dll in index $I30 of file 4614.
Unable to locate the file name attribute of index entry IMTCCJ.IMD
of index $I30 with parent 0x1311 in file 0x30e4.
Deleting index entry IMTCCJ.IMD in index $I30 of file 4881.
Unable to locate the file name attribute of index entry IMTCCJCS.IMD
of index $I30 with parent 0x1311 in file 0x30e5.
Deleting index entry IMTCCJCS.IMD in index $I30 of file 4881.
Unable to locate the file name attribute of index entry IMTCEN.CHM
of index $I30 with parent 0x1311 in file 0x30ec.
Deleting index entry IMTCEN.CHM in index $I30 of file 4881.
Unable to locate the file name attribute of index entry IMTCL.IMD
of index $I30 with parent 0x1311 in file 0x30e6.
Deleting index entry IMTCL.IMD in index $I30 of file 4881.
Unable to locate the file name attribute of index entry IMTCLS.IMD
of index $I30 with parent 0x1311 in file 0x30e7.
Deleting index entry IMTCLS.IMD in index $I30 of file 4881.
Unable to locate the file name attribute of index entry IMTCPH.IMD
of index $I30 with parent 0x1311 in file 0x30e8.
Deleting index entry IMTCPH.IMD in index $I30 of file 4881.
Unable to locate the file name attribute of index entry IMTCPHCS.IMD
of index $I30 with parent 0x1311 in file 0x30e9.
Deleting index entry IMTCPHCS.IMD in index $I30 of file 4881.
Unable to locate the file name attribute of index entry IMTCTC.CHM
of index $I30 with parent 0x1311 in file 0x30ed.
Deleting index entry IMTCTC.CHM in index $I30 of file 4881.
Unable to locate the file name attribute of index entry cic.dll
of index $I30 with parent 0x145e in file 0x40be.
Deleting index entry cic.dll in index $I30 of file 5214.
Unable to locate the file name attribute of index entry mmc.mof
of index $I30 with parent 0x145e in file 0x8045.
Deleting index entry mmc.mof in index $I30 of file 5214.
Unable to locate the file name attribute of index entry mmcbase.dll
of index $I30 with parent 0x145e in file 0x4502.
Deleting index entry mmcbase.dll in index $I30 of file 5214.
Unable to locate the file name attribute of index entry mmcshext.dll
of index $I30 with parent 0x145e in file 0x4506.
Deleting index entry mmcshext.dll in index $I30 of file 5214.
Unable to locate the file name attribute of index entry newdev.mof
of index $I30 with parent 0x1676 in file 0x8065.
Deleting index entry newdev.mof in index $I30 of file 5750.
Unable to locate the file name attribute of index entry pcl.sep
of index $I30 with parent 0x173a in file 0x4701.
Deleting index entry pcl.sep in index $I30 of file 5946.
Unable to locate the file name attribute of index entry pscript.sep
of index $I30 with parent 0x173a in file 0x475a.
Deleting index entry pscript.sep in index $I30 of file 5946.
Unable to locate the file name attribute of index entry sysprint.sep
of index $I30 with parent 0x173a in file 0x48c2.
Deleting index entry sysprint.sep in index $I30 of file 5946.
Unable to locate the file name attribute of index entry sysprtj.sep
of index $I30 with parent 0x173a in file 0x48c3.
Deleting index entry sysprtj.sep in index $I30 of file 5946.
Unable to locate the file name attribute of index entry cscript.exe
of index $I30 with parent 0x1745c in file 0x18ef6.
Deleting index entry cscript.exe in index $I30 of file 95324.
Unable to locate the file name attribute of index entry scrobj.dll
of index $I30 with parent 0x1745c in file 0x18f39.
Deleting index entry scrobj.dll in index $I30 of file 95324.
Unable to locate the file name attribute of index entry scrrun.dll
of index $I30 with parent 0x1745c in file 0x18f8d.
Deleting index entry scrrun.dll in index $I30 of file 95324.
Unable to locate the file name attribute of index entry wscript.exe
of index $I30 with parent 0x1745c in file 0x18e72.
Deleting index entry wscript.exe in index $I30 of file 95324.
Unable to locate the file name attribute of index entry wshom.ocx
of index $I30 with parent 0x1745c in file 0x18dd5.
Deleting index entry wshom.ocx in index $I30 of file 95324.
  295018 index entries processed.                                 

CHKDSK is recovering lost files.
Recovering orphaned file IMTCCJ.IMD (12516) into directory file 4881.
Recovering orphaned file IMTCCJCS.IMD (12517) into directory file 4881.
Recovering orphaned file IMTCL.IMD (12518) into directory file 4881.
Recovering orphaned file IMTCLS.IMD (12519) into directory file 4881.
Recovering orphaned file IMTCPH.IMD (12520) into directory file 4881.
Recovering orphaned file IMTCPHCS.IMD (12521) into directory file 4881.
Recovering orphaned file IMTCEN.CHM (12524) into directory file 4881.
Recovering orphaned file IMTCTC.CHM (12525) into directory file 4881.
Recovering orphaned file cic.dll (16574) into directory file 5214.
Recovering orphaned file iscsicli.exe (17328) into directory file 4614.
Recovering orphaned file iscsidsc.dll (17332) into directory file 4614.
Recovering orphaned file iscsied.dll (17334) into directory file 4614.
Recovering orphaned file iscsiexe.dll (17336) into directory file 4614.
Recovering orphaned file iscsium.dll (17341) into directory file 4614.
Recovering orphaned file iscsiwmi.dll (17343) into directory file 4614.
Recovering orphaned file mmcbase.dll (17666) into directory file 5214.
Recovering orphaned file mmcshext.dll (17670) into directory file 5214.
Recovering orphaned file pcl.sep (18177) into directory file 5946.
Recovering orphaned file pscript.sep (18266) into directory file 5946.
Recovering orphaned file sysprint.sep (18626) into directory file 5946.
Recovering orphaned file sysprtj.sep (18627) into directory file 5946.
Recovering orphaned file hpojscan.inf_loc (20035) into directory file 2819.
Recovering orphaned file hpojwia.dll.mui (30454) into directory file 2819.
Recovering orphaned file mmc.mof (32837) into directory file 5214.
Recovering orphaned file newdev.mof (32869) into directory file 5750.
Recovering orphaned file wshom.ocx (101845) into directory file 95324.
Recovering orphaned file wscript.exe (102002) into directory file 95324.
Recovering orphaned file cscript.exe (102134) into directory file 95324.
Recovering orphaned file scrobj.dll (102201) into directory file 95324.
  30 unindexed files processed.                               

Recovering orphaned file scrrun.dll (102285) into directory file 95324.
  239680 security descriptors processed.                          

Cleaning up 206 unused index entries from index $SII of file 0x9.
Cleaning up 206 unused index entries from index $SDH of file 0x9.
Cleaning up 206 unused security descriptors.
  27670 data files processed.                                    

CHKDSK is verifying Usn Journal...
  36258896 USN bytes processed.                                     

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  239664 files processed.                                         

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  18159570 free clusters processed.                                 

Free space verification is complete.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Windows has made corrections to the file system.

 299365371 KB total disk space.
 226262328 KB in 167749 files.
    108688 KB in 27671 indexes.
         0 KB in bad sectors.
    356075 KB in use by the system.
     65536 KB occupied by the log file.
  72638280 KB available on disk.

      4096 bytes in each allocation unit.
  74841342 total allocation units on disk.
  18159570 allocation units available on disk.

Internal Info:
40 a8 03 00 68 fb 02 00 34 7b 05 00 00 00 00 00  @...h...4{......
32 11 00 00 3b 00 00 00 00 00 00 00 00 00 00 00  2...;...........
42 00 00 00 a2 73 67 77 e8 83 36 00 e8 7b 36 00  B....sgw..6..{6.

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>


I run a fitness blog because I'm an expert at getting into shape, but not computers, that's why I use BleepingComputer for all my computer issues :-)


#6 chriswatson06

chriswatson06
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 02 August 2014 - 07:08 PM

I just looked at my windows updates per your instructions and my oldest update only shows as of 7/17/14 and I guess upgraded to SP2 before then.


I run a fitness blog because I'm an expert at getting into shape, but not computers, that's why I use BleepingComputer for all my computer issues :-)


#7 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,986 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:12:21 PM

Posted 03 August 2014 - 06:07 AM

Hi,

 

Before trying anything else we need to make sure those errors on chkdsk stop.

 

If you press F12 as soon as the "DELL" logo appears can you access a boot menu and from there Diagnostic tools?

 

If you can please run all the tests specially for the memory and Hard Disk. Let me know if it passes all the tests.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#8 chriswatson06

chriswatson06
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 03 August 2014 - 01:40 PM

Hi SleepyDude

 

I just followed your instructions and took all the tests.  All items passed except 2 things

 

1. My touchpad mouse isn't working (it hasn't worked for years, we use a USB mouse instead, I'm not concerned about this)

2. My battery says its reaching its end of life, I keep it plugged in anyway, so again, not a concern. 

 

What should I do now?

 

Chris


I run a fitness blog because I'm an expert at getting into shape, but not computers, that's why I use BleepingComputer for all my computer issues :-)


#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:21 AM

Posted 03 August 2014 - 01:55 PM

Hello Chris,

 

The Dell diagnostics is a decent benchmark, but cannot be fully trusted. It's best to test the HD with a utility from the manufacturer. You have a Western Digital HDD, so I would suggest testing the HDD with the Western Digital Data Lifeguard Diagnostic tool.

Run the Quick Test, and the Extended Test (this may take some time to run), and let us know the outcome of each.

 

Note: The Extended Test will at first give you a bogus "estimated time remaining". Let it run for at least 5 minutes and check estimated time remaining again for a more accurate estimate.

 

bloopie



#10 chriswatson06

chriswatson06
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 03 August 2014 - 02:01 PM

Thanks Jesse, I'll do that right now!


I run a fitness blog because I'm an expert at getting into shape, but not computers, that's why I use BleepingComputer for all my computer issues :-)


#11 chriswatson06

chriswatson06
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 03 August 2014 - 04:02 PM

Test OTest Option: QUICK TEST
Model Number: WDC WD3200BEVT-75ZCT1
Unit Serial Number: WD-WXE508EF9979
Firmware Number: 11.01A11
Capacity: 320.07 GB
SMART Status: PASS
Test Result: PASS
Test Time: 15:06:59, August 03, 2014

Test Option: EXTENDED TEST
Model Number: WDC WD3200BEVT-75ZCT1
Unit Serial Number: WD-WXE508EF9979
Firmware Number: 11.01A11
Capacity: 320.07 GB
SMART Status: PASS
Test Result: PASS
Test Time: 17:00:25, August 03, 2014
 


I run a fitness blog because I'm an expert at getting into shape, but not computers, that's why I use BleepingComputer for all my computer issues :-)


#12 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,986 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:12:21 PM

Posted 04 August 2014 - 09:54 AM

Hi,

 

In that case I would try to make sure chkdsk can fix all the problems and they don't return by doing the fix from outside windows.

 

- Boot from the Windows Vista DVD

- select the keyboard an them you will see the following screen:

setup-option.jpg

- Click Repair your computer
- Click the operating system that you want to repair, and then click Next.
- In the System Recovery Options dialog box, click Command Prompt.
 
When you boot into the Windows Vista Recovery Environment the drive letter for your Windows installation may not be the same. For example, if your Windows installation is normally on the C: drive, it may not be located at the D: drive. To determine what drive letter your Windows installation is located on, you can type this command press enter:

bcdedit | find "osdevice"

This command will display output similar to : os device partition=D:. The drive letter after partition= is the drive that your Windows installation is located.

type the command:

chkdsk /f /x D:

Note: replace D: with the drive returned by the command above.

 

Execute the chkdsk command above several times until it shows no errors then restart the computer.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#13 chriswatson06

chriswatson06
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 04 August 2014 - 11:33 AM

Hi SleepyDude,

I have ran the test a total of 10 times by using command prompt on the discs while using the chkdsk /f /x C: command.

Each time I run it it appears to do exactly the same thing and work on the same files over and over.

Here is a picture after the first time
https://www.dropbox.com/s/h1x7ez5le4uq3o5/Photo%20Aug%2004%2C%2011%2039%2013%20AM.jpg

Here is a picture after the 10th time.
https://www.dropbox.com/s/chglbpasb67p7dd/Photo%20Aug%2004%2C%2011%2044%2052%20AM.jpg

I run a fitness blog because I'm an expert at getting into shape, but not computers, that's why I use BleepingComputer for all my computer issues :-)


#14 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,986 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:12:21 PM

Posted 04 August 2014 - 12:21 PM

Hi,

 

On the last scan there are no corrections on the MFT table but the problem with scrrun.dll presiste!

 

From the same prompt run chkdsk /R C:

 

This time the scan will take much longer.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#15 chriswatson06

chriswatson06
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 04 August 2014 - 12:52 PM

I am running the test now but I wanted you to know that it is more than just a problem with that one file.

It's all of the following, see pictures below

https://www.dropbox.com/s/4aq0jjy0svu2di7/Photo%20Aug%2004%2C%201%2046%2044%20PM.jpg

https://www.dropbox.com/s/xj5birpjplahxh7/Photo%20Aug%2004%2C%201%2047%2004%20PM.jpg

I run a fitness blog because I'm an expert at getting into shape, but not computers, that's why I use BleepingComputer for all my computer issues :-)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users