Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware on my new desktop


  • This topic is locked This topic is locked
41 replies to this topic

#1 SunuvaGoose

SunuvaGoose

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 15 April 2016 - 07:49 PM

I have recently completed my first pc build. I do not know too much about computers outside of the basics that I have needed to use computers effectively at school and on the job. Things seemed to be fine until I realized that I had mistakenly bought the 32-bit version of windows 10 instead of the 64-bit version. After a little bit of research I found out that it is possible to use the media creation tool from the Microsoft website to update a 32-bit version to 64-bit, so I did just that. The only apps I have downloaded since I updated my version of Windows 10 are the Steam app as well as Google chrome. Ever since I have downloaded the Steam app and Google chrome, I have been having malware problems such as the ones listed below:

 

Every time I start up windows 10, I get this screen. (It goes away when I hit alt+f4)

 A problem has been detected and windows has been shutdown to prevent damage to your computer.

DRIVER_IRQL_NOT_LES_OR_EQUAL

If this is the first time you’ve seen this stop error screen, restart your computer, if this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.

If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to start Windows normally to remove or disable components, restart your computer, press f8 to select Advanced Startup Options, and then select Start Windows normally.

Technical information:

*** STOP:  0x00D1  (0x00C,0x002,0x00,0xF86B5A89)

*** gv3.sys – Address F86B5A89 base at F86B5000, DateStamp 3dd9919eb

Beginning dump complete.

Contact your system administrator or technical support group for further assistance. CONTACT US +1 844-425-1979

 

Internet windows pop up every few minutes: the URL is always http://mynightqueen.com/b/adds.html

 

When I open the steam app, It is riddled with adds that makes It impossible to do anything.

 

I am unable to post this discussion topic from my recently built rig because browsers are too riddled with adds so that I cannot sign into my bleeping computer account. I am posting this from a school computer and have used a flash drive to get my FRST.txt and Addition.txt files from my new rig.

 

After trying many times just to post this topic, I am excluding the contents of FRST.txt from the body of this text because every time I copy and paste it in the browser times out when I hit Post New Topic. I will try to include the contents of FRST.txt in a comment or reply or something  if that's okay



BC AdBot (Login to Remove)

 


#2 SunuvaGoose

SunuvaGoose
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 15 April 2016 - 08:31 PM

I added frst.txt as an attachment in this reply. I still cant copy and paste the contents of frst.txt into a text box without the browser timing out on me when its time to post :(



#3 SunuvaGoose

SunuvaGoose
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 16 April 2016 - 08:04 AM

oops! I thought I attached frst.txt and addition.txt but I hadn't. Here they are.

Attached Files



#4 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:02:53 PM

Posted 16 April 2016 - 06:21 PM

I will be looking into this for you. There is a lot here to go through, please give me 24 to 48 hours to get back to you.

In the meantime:
  • Please do not run any tools on your own while we solve this. Some are rather powerful, and using one at the wrong moment can have catastrophic effects. Also please refrain from seeking help for this problem elsewhere. Too many cooks spoils the broth.
  • Next, it is important that the instructions given be performed in the order given. We may need one tool to finish its job before another one starts.
  • If at any time my instructions are not clear stop and ask for clarification.
  • Rather than attach any logs to your post it is better that you copy and paste them instead, except if instructed otherwise.
  • Any program that I ask you run should only be run once.
  • As soon as your computer is clean I will let you know.
  • Please try to complete any tasks and reply in 24 hours. I will try to do likewise.
  • If you have any pirated software on your system I must ask that you remove them. No need for you to tell me if you do. Many times such programs are the source of many an infection, which makes cleaning a sick computer just that more difficult. And it's also against BleepingComputer's rules.
  • Lastly, do not make any changes to your computer from here on out until you get an "All Clear" from me.

Edited by Bezukhov, 16 April 2016 - 06:35 PM.

To err is Human. To blame it on someone else is even more Human.

#5 SunuvaGoose

SunuvaGoose
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 17 April 2016 - 04:44 PM

Okey dokey. I'll make sure to follow the instructions.

 

Thanks :grinner:



#6 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:02:53 PM

Posted 19 April 2016 - 09:08 AM

Still at it. Something by tomorrow for sure.
To err is Human. To blame it on someone else is even more Human.

#7 SunuvaGoose

SunuvaGoose
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 20 April 2016 - 08:51 AM

Take all the time that you need. I'm just happy that you are here to help. :) 



#8 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:02:53 PM

Posted 22 April 2016 - 05:42 AM

Finally. One thing delaying my response was that there were a few consultations over this. More than one person is looking at this problem.

Now we can get started. I want to tell you that this is one sick computer. Cleaning it is not going to be fast. There are a lot of bad files that need to be uploaded and scanned. These files, as far as I can tell, have never been cataloged, and when they are, the developers of different anti virus software programs can add them to their databases. It's nice that you have another computer to do your posting and downloading. By the way, I think the reason you couldn't post that FRST log was that it was so big.

:step1:
From your clean computer:

To protect that clean computer:
We need to vaccinate the USB drive to prevent infection:

Please download USBVaccineSetup.exe from Panda Software to the desktop of your clean / working computer.
note: the download mirror is called MajorGeeks and the download should start automatically. please do not click any advertisements.
  • Insert your USB flash drive into the clean / working computer
  • Double-click on USBVaccineSetup.exe to install the program
  • Select your language, read and accept the agreement to continue
  • Choose if you would like the program to run at all times, and for all newly inserted USB drives
  • Click Next then Finish to complete the installation, the program will launch
  • Select your USB drive from the list, then click Vaccinate USB
    note: optionally you can click Vaccinate computer as well, this disables removable items from automatically running on the system entirely
  • A message should appear that your USB drive was vaccinated. If not please report the error in your next post
Please download Rkill by Grinler and save it to your flash drive. :step2:

Walk that flash drive to the computer we're dealing with. We first have to get this computer into Safe Mode. Next is a link to show you how to access Safe Mode in Windows 10.

http://www.tenforums.com/tutorials/2304-safe-mode-start-windows-10-a.html

If you are still unable to use this computer even in safe mode, stop and let me know.

If you can use Safe Mode insert that flash drive.
:step3:
  • Open up that flash drive
  • Double-click on the Rkill desktop icon to run the tool.
  • Right Click and choose Run As Administrator.
  • black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If the tool does not run, please let me know.
  • Do not reboot the computer, you will need to run the application again.
  • Run FRST64.exe from the flash drive also, and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, namely that flash drive. You will also have an Upload.zip file on your desktop.
:step4:

Reboot your computer back into Normal Mode.

What to do with the files in Upload.zip to be scanned (if your internet situation allows it. If not, tell me):

1. Please go to here.
2. Where it asks for the "Link to topic where this file was requested" copy and paste in



http://www.bleepingcomputer.com/forums/t/611308/malware-on-my-new-desktop/#entry3982722
Where it says "Browse to the file you want to submit", browse to Suspect path:
 
C:\Users\darry\Desktop\Upload.zip
Press the Send File button.
Another Farbar scan, if you will.
  • Right-click FRST then click "Run as administrator".
  • When the tool opens, click Yes to disclaimer.
  • Make sure that the box Addition.txt is checked.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
So for your next reply please post the fixlog.txt and the new FRST.txt. Also let me know if that initial fix made any difference to your computer's performance. I'm especially interested in how your internet is doing, and how things are running on your computer in general.
[/quote]
 

Finally. One thing delaying my response was that there were a few consultations over this. More than one person is looking at this problem.

Now we can get started. I want to tell you that this is one sick computer. Cleaning it is not going to be fast. There are a lot of bad files that need to be uploaded and scanned. These files, as far as I can tell, have never been cataloged, and when they are, the developers of different anti virus software programs can add them to their databases. It's nice that you have another computer to do your posting and downloading. By the way, I think the reason you couldn't post that FRST log was that it was so big.

:step1:
From your clean computer:

To protect that clean computer:
We need to vaccinate the USB drive to prevent infection:

Please download USBVaccineSetup.exe from Panda Software to the desktop of your clean / working computer.
note: the download mirror is called MajorGeeks and the download should start automatically. please do not click any advertisements.
  • Insert your USB flash drive into the clean / working computer
  • Double-click on USBVaccineSetup.exe to install the program
  • Select your language, read and accept the agreement to continue
  • Choose if you would like the program to run at all times, and for all newly inserted USB drives
  • Click Next then Finish to complete the installation, the program will launch
  • Select your USB drive from the list, then click Vaccinate USB
    note: optionally you can click Vaccinate computer as well, this disables removable items from automatically running on the system entirely
  • A message should appear that your USB drive was vaccinated. If not please report the error in your next post
Please download Rkill by Grinler and save it to your flash drive.
  • Link
  • Please download Farbar Recovery Scan Tool and save it to your flash drive.
  • Please download the attached fixlist.txt file and save it to the flash drive.
:step2:

Walk that flash drive to the computer we're dealing with. We first have to get this computer into Safe Mode. Next is a link to show you how to access Safe Mode in Windows 10.

http://www.tenforums.com/tutorials/2304-safe-mode-start-windows-10-a.html

If you are still unable to use this computer even in safe mode, stop and let me know.

If you can use Safe Mode insert that flash drive.
:step3:
  • Open up that flash drive
  • Double-click on the Rkill desktop icon to run the tool.
  • Right Click and choose Run As Administrator.
  • black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If the tool does not run, please let me know.
  • Do not reboot the computer, you will need to run the application again.
  • Run FRST64.exe from the flash drive also, and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, namely that flash drive. You will also have an Upload.zip file on your desktop.
:step4:

Reboot your computer back into Normal Mode.

What to do with the files in Upload.zip to be scanned (if your internet situation allows it. If not, tell me):

1. Please go to here.
2. Where it asks for the "Link to topic where this file was requested" copy and paste in




http://www.bleepingcomputer.com/forums/t/611308/malware-on-my-new-desktop/#entry3982722
Where it says "Browse to the file you want to submit", browse to Suspect path:
 
C:\Users\darry\Desktop\Upload.zip
Press the Send File button.
Another Farbar scan, if you will.
  • Right-click FRST then click "Run as administrator".
  • When the tool opens, click Yes to disclaimer.
  • Make sure that the box Addition.txt is checked.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
So for your next reply please post the fixlog.txt and the new FRST.txt. Also let me know if that initial fix made any difference to your computer's performance. I'm especially interested in how your internet is doing, and how things are running on your computer in general.

Edited by Bezukhov, 22 April 2016 - 05:45 AM.

To err is Human. To blame it on someone else is even more Human.

#9 SunuvaGoose

SunuvaGoose
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 22 April 2016 - 07:10 AM

Alrighty, I have downloaded  USBVaccineSetup.exe and have used it to vaccinate my USB. I have also downloaded Rkill and the Farbar Recovery Scan Tool to my USB successfully. When I hit the download link for fixlist.txt however, I am redirected to  bleepingcomputer page that says "Sorry , you don't have permission for that!"


Edited by SunuvaGoose, 22 April 2016 - 07:22 AM.


#10 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:02:53 PM

Posted 22 April 2016 - 07:40 AM

Try this:
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
RemoveProxy:
Zip: C:\Windows\hochberg.exe;C:\Windows\rst30.bat;C:\Windows\Disable task manager .bat;C:\Windows\call.vbs;C:\Windows\rst.bat;C:\Windows\bsod.hta;C:\Users\darry\AppData\Roaming\Khleffh\Khleffh.exe;C:\Users\darry\AppData\Roaming\Atiygfuesx\Atiygfuesx.exe;C:\Users\darry\AppData\Roaming\Sibsaj\Sibsaj.exe;C:\Program Files (x86)\binging\ductwork.exe;C:\Program Files (x86)\incitements\massa.exe;C:\Windows\System32\drivers\cherimoya.sys;C:\Windows\ufv.exe;C:\Users\darry\AppData\Local\Temp\A395.tmp.exe
HKLM\...\Run: [SystemFix] => C:\windows\winLoad32.exe [44544 2016-03-05] ()
HKLM\...\Run: [cpuminer] => C:\Users\darry\AppData\Roaming\cpuminer\cpm.exe [1416704 2016-02-26] ()
HKLM-x32\...\Run: [sun17] => "C:\Program Files (x86)\SunnyDay17\SunnyDay.exe"
HKLM-x32\...\Run: [msrtn32] => C:\Program Files (x86)\msrtn32\msrtn32.exe [1221120 2015-08-06] ()
HKLM-x32\...\RunOnce: [usun.exe] => C:\Users\darry\AppData\Local\SunnyDay17\usun.exe [3246768 2016-03-22] ()
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\...\Run: [zcdbaa] => rundll32.exe "C:\Users\darry\AppData\Local\zcdbaa.dll",zcdbaa <===== ATTENTION
IFEO\sethc.exe: [Debugger] C:\Windows\System32\cmd.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\bsod.hta [2016-03-12] ()
Startup: C:\Users\darry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\intr.lnk [2016-03-17]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am/?geo=us
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am/?geo=us
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am/?geo=us
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am/?geo=us
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK6GX7xbIX0PZXNZi8pC_9oy0PGC7iEhBWv8si2_NXjnDDQBsQXFuPXtKAbOGllt01zknNXXpmNPWqFwzmtv5gqDphwOTPsRhNCAN4RQJQgjcsKYHwySICyEiOmMhZtj2M8CHb4Oph07tvklWkE_IVe44tMrnb&q={searchTerms}
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK6GX7xbIX0PZXNZi8pC_9oy0PGC7iEhBWv8si2_NXjnDDQBsQXFuPXtKAbOGllt01zknNXXpmNPWqFwzmtv5gqDphwOTPsRhNCAN4RQJQgjcsKYHwySICyEiOmMhZtj2M8CHb4Oph07tvklWkE_IVe44tMrnb&q={searchTerms}
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK6GX7xbIX0PZXNZi8pC_9oy0PGC7iEhBWv8si2_NXjnDDQBsQXFuPXtKAbOGllt01zknNXXpmNPWqFwzmtv5gqDphwOTPsRhNCAN4RQJQgjcsKYHwySICyEiOmMhZtj2M8CHb4Oph07tvklWkE_IVe44tMrnb&q={searchTerms}
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={BE6D222A-5DD6-40D7-8ECC-239C5DA43DCD}&mid=d01ce5be26ae47cc9d6fd1c5bc8f64d2-bf3b751ef23e5ec2baaf4544f99699de50e8f153&lang=en&ds=AVG&coid=avgtbavg&cmpid=0216piz&pr=fr&d=2016-03-30 23:48:37&v=4.2.8.608&pid=wtu&sg=&sap=hp
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK6GX7xbIX0PZXNZi8pC_9oy0PGC7iEhBWv8si2_NXjnDDQBsQXFuPXtKAbOGllt01zknNXXpmNPWqFwzmtv5gqDphwOTPsRhNCAN4RQJQgjcsKYHwySICyEiOmMhZtj2M8CHb4Oph07tvklWkE_IVe44tMrnb&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2618354943-2450507839-1657885657-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK6GX7xbIX0PZXNZi8pC_9oy0PGC7iEhBWv8si2_NXjnDDQBsQXFuPXtKAbOGllt01zknNXXpmNPWqFwzmtv5gqDphwOTPsRhNCAN4RQJQgjcsKYHwySICyEiOmMhZtj2M8CHb4Oph07tvklWkE_IVe44tMrnb&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2618354943-2450507839-1657885657-1001 -> {0644EE93-D778-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.mpc.am/index/search?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968&ie=UTF-8
SearchScopes: HKU\S-1-5-21-2618354943-2450507839-1657885657-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK6GX7xbIX0PZXNZi8pC_9oy0PGC7iEhBWv8si2_NXjnDDQBsQXFuPXtKAbOGllt01zknNXXpmNPWqFwzmtv5gqDphwOTPsRhNCAN4RQJQgjcsKYHwySICyEiOmMhZtj2M8CHb4Oph07tvklWkE_IVe44tMrnb&q={searchTerms}
CHR HomePage: Default -> search.mpc.am/?geo=us
CHR StartupUrls: Default -> "search.mpc.am/?geo=us"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?s=G3Izgutbl338BA,48faae01-3c12-4e84-a669-fb92064aeb92,&prd=smw&q={searchTerms}
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [56728 2016-03-17] (Windows ® Win 7 DDK provider)
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Task: {2C6EF5AA-C86B-4132-9CEE-E2A6615DD160} - \{0A7F0C47-7E0F-0B78-7D11-790D780B110C} -> No File <==== ATTENTION
C:\Program Files\nplus
C:\windows\winLoad32.exe
C:\Users\darry\AppData\Roaming\cpuminer\
C:\Program Files (x86)\SunnyDay17\
C:\Program Files (x86)\msrtn32\
C:\Users\darry\AppData\Local\zcdbaa.dll
C:\Program Files (x86)\dataup\
C:\Program Files (x86)\cpx\
Cmd: netsh winsock reset
CMD: sfc /scannow
CMD: findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"

To err is Human. To blame it on someone else is even more Human.

#11 SunuvaGoose

SunuvaGoose
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 22 April 2016 - 08:29 PM

I have completed steps 1-3 so far, but the internet on my desktop is not allowing me to complete step four. When I booted up my computer in normal mode and tried to access http://www.bleepingcomputer.com/submit-malware.php?channel=89 it worked initially but, when I tried to choose the upload.zip to submit my malware sample I experienced  a few problems:

 

new tabs keep opening up randomly

 

I have started experiencing a few problems with ads here and there while retrying

 

I can no longer  access the page and I get the error message: The page cannot be displayed because an internal server error has occurred when I try to access the page.



#12 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:02:53 PM

Posted 23 April 2016 - 08:49 PM

Don't worry about uploading those for now. You could use another computer for that. Post whatever logs that you have, also from that other computer.
To err is Human. To blame it on someone else is even more Human.

#13 SunuvaGoose

SunuvaGoose
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 25 April 2016 - 12:47 AM

Alright, here is the fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by darry (2016-04-22 17:34:36) Run:1
Running from E:\
Loaded Profiles: darry (Available Profiles: darry)
Boot Mode: Safe Mode (minimal)
==============================================
 
fixlist content:
*****************
RemoveProxy:
Zip: C:\Windows\hochberg.exe;C:\Windows\rst30.bat;C:\Windows\Disable task manager .bat;C:\Windows\call.vbs;C:\Windows\rst.bat;C:\Windows\bsod.hta;C:\Users\darry\AppData\Roaming\Khleffh\Khleffh.exe;C:\Users\darry\AppData\Roaming\Atiygfuesx\Atiygfuesx.exe;C:\Users\darry\AppData\Roaming\Sibsaj\Sibsaj.exe;C:\Program Files (x86)\binging\ductwork.exe;C:\Program Files (x86)\incitements\massa.exe;C:\Windows\System32\drivers\cherimoya.sys;C:\Windows\ufv.exe;C:\Users\darry\AppData\Local\Temp\A395.tmp.exe
HKLM\...\Run: [SystemFix] => C:\windows\winLoad32.exe [44544 2016-03-05] ()
HKLM\...\Run: [cpuminer] => C:\Users\darry\AppData\Roaming\cpuminer\cpm.exe [1416704 2016-02-26] ()
HKLM-x32\...\Run: [sun17] => "C:\Program Files (x86)\SunnyDay17\SunnyDay.exe"
HKLM-x32\...\Run: [msrtn32] => C:\Program Files (x86)\msrtn32\msrtn32.exe [1221120 2015-08-06] ()
HKLM-x32\...\RunOnce: [usun.exe] => C:\Users\darry\AppData\Local\SunnyDay17\usun.exe [3246768 2016-03-22] ()
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\...\Run: [zcdbaa] => rundll32.exe "C:\Users\darry\AppData\Local\zcdbaa.dll",zcdbaa <===== ATTENTION
IFEO\sethc.exe: [Debugger] C:\Windows\System32\cmd.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\bsod.hta [2016-03-12] ()
Startup: C:\Users\darry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\intr.lnk [2016-03-17]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am/?geo=us
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am/?geo=us
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am/?geo=us
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am/?geo=us
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK6GX7xbIX0PZXNZi8pC_9oy0PGC7iEhBWv8si2_NXjnDDQBsQXFuPXtKAbOGllt01zknNXXpmNPWqFwzmtv5gqDphwOTPsRhNCAN4RQJQgjcsKYHwySICyEiOmMhZtj2M8CHb4Oph07tvklWkE_IVe44tMrnb&q={searchTerms}
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK6GX7xbIX0PZXNZi8pC_9oy0PGC7iEhBWv8si2_NXjnDDQBsQXFuPXtKAbOGllt01zknNXXpmNPWqFwzmtv5gqDphwOTPsRhNCAN4RQJQgjcsKYHwySICyEiOmMhZtj2M8CHb4Oph07tvklWkE_IVe44tMrnb&q={searchTerms}
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK6GX7xbIX0PZXNZi8pC_9oy0PGC7iEhBWv8si2_NXjnDDQBsQXFuPXtKAbOGllt01zknNXXpmNPWqFwzmtv5gqDphwOTPsRhNCAN4RQJQgjcsKYHwySICyEiOmMhZtj2M8CHb4Oph07tvklWkE_IVe44tMrnb&q={searchTerms}
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={BE6D222A-5DD6-40D7-8ECC-239C5DA43DCD}&mid=d01ce5be26ae47cc9d6fd1c5bc8f64d2-bf3b751ef23e5ec2baaf4544f99699de50e8f153&lang=en&ds=AVG&coid=avgtbavg&cmpid=0216piz&pr=fr&d=2016-03-30 23:48:37&v=4.2.8.608&pid=wtu&sg=&sap=hp
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK6GX7xbIX0PZXNZi8pC_9oy0PGC7iEhBWv8si2_NXjnDDQBsQXFuPXtKAbOGllt01zknNXXpmNPWqFwzmtv5gqDphwOTPsRhNCAN4RQJQgjcsKYHwySICyEiOmMhZtj2M8CHb4Oph07tvklWkE_IVe44tMrnb&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2618354943-2450507839-1657885657-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK6GX7xbIX0PZXNZi8pC_9oy0PGC7iEhBWv8si2_NXjnDDQBsQXFuPXtKAbOGllt01zknNXXpmNPWqFwzmtv5gqDphwOTPsRhNCAN4RQJQgjcsKYHwySICyEiOmMhZtj2M8CHb4Oph07tvklWkE_IVe44tMrnb&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2618354943-2450507839-1657885657-1001 -> {0644EE93-D778-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.mpc.am/index/search?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968&ie=UTF-8
SearchScopes: HKU\S-1-5-21-2618354943-2450507839-1657885657-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK6GX7xbIX0PZXNZi8pC_9oy0PGC7iEhBWv8si2_NXjnDDQBsQXFuPXtKAbOGllt01zknNXXpmNPWqFwzmtv5gqDphwOTPsRhNCAN4RQJQgjcsKYHwySICyEiOmMhZtj2M8CHb4Oph07tvklWkE_IVe44tMrnb&q={searchTerms}
CHR HomePage: Default -> search.mpc.am/?geo=us
CHR StartupUrls: Default -> "search.mpc.am/?geo=us"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?s=G3Izgutbl338BA,48faae01-3c12-4e84-a669-fb92064aeb92,&prd=smw&q={searchTerms}
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [56728 2016-03-17] (Windows ® Win 7 DDK provider)
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Task: {2C6EF5AA-C86B-4132-9CEE-E2A6615DD160} - \{0A7F0C47-7E0F-0B78-7D11-790D780B110C} -> No File <==== ATTENTION
C:\Program Files\nplus
C:\windows\winLoad32.exe
C:\Users\darry\AppData\Roaming\cpuminer\
C:\Program Files (x86)\SunnyDay17\
C:\Program Files (x86)\msrtn32\
C:\Users\darry\AppData\Local\zcdbaa.dll
C:\Program Files (x86)\dataup\
C:\Program Files (x86)\cpx\
Cmd: netsh winsock reset
CMD: sfc /scannow
CMD: findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"
*****************
 
 
========= RemoveProxy: =========
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
================== Zip: ===================
C:\Windows\hochberg.exe -> copied successfully to C:\Users\darry\Desktop\Upload.zip
C:\Windows\rst30.bat -> copied successfully to C:\Users\darry\Desktop\Upload.zip
"C:\Windows\Disable task manager .bat" -> not found
C:\Windows\call.vbs -> copied successfully to C:\Users\darry\Desktop\Upload.zip
C:\Windows\rst.bat -> copied successfully to C:\Users\darry\Desktop\Upload.zip
C:\Windows\bsod.hta -> copied successfully to C:\Users\darry\Desktop\Upload.zip
C:\Users\darry\AppData\Roaming\Khleffh\Khleffh.exe -> copied successfully to C:\Users\darry\Desktop\Upload.zip
C:\Users\darry\AppData\Roaming\Atiygfuesx\Atiygfuesx.exe -> copied successfully to C:\Users\darry\Desktop\Upload.zip
C:\Users\darry\AppData\Roaming\Sibsaj\Sibsaj.exe -> copied successfully to C:\Users\darry\Desktop\Upload.zip
C:\Program Files (x86)\binging\ductwork.exe -> copied successfully to C:\Users\darry\Desktop\Upload.zip
C:\Program Files (x86)\incitements\massa.exe -> copied successfully to C:\Users\darry\Desktop\Upload.zip
C:\Windows\System32\drivers\cherimoya.sys -> copied successfully to C:\Users\darry\Desktop\Upload.zip
C:\Windows\ufv.exe -> copied successfully to C:\Users\darry\Desktop\Upload.zip
C:\Users\darry\AppData\Local\Temp\A395.tmp.exe -> copied successfully to C:\Users\darry\Desktop\Upload.zip
=========== Zip: End ===========
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SystemFix => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\cpuminer => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\sun17 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\msrtn32 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\usun.exe => value removed successfully
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\Software\Microsoft\Windows\CurrentVersion\Run\\zcdbaa => value removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sethc.exe" => key removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\bsod.hta => moved successfully
C:\Users\darry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\intr.lnk => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully
HKCR\Wow6432Node\CLSID\ielnksrch => key not found. 
HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0644EE93-D778-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0644EE93-D778-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-2618354943-2450507839-1657885657-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully
HKCR\CLSID\{ielnksrch} => key not found. 
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
cherimoya => service removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C6EF5AA-C86B-4132-9CEE-E2A6615DD160}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C6EF5AA-C86B-4132-9CEE-E2A6615DD160}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0A7F0C47-7E0F-0B78-7D11-790D780B110C}" => key removed successfully
C:\Program Files\nplus => moved successfully
C:\windows\winLoad32.exe => moved successfully
C:\Users\darry\AppData\Roaming\cpuminer => moved successfully
C:\Program Files (x86)\SunnyDay17 => moved successfully
C:\Program Files (x86)\msrtn32 => moved successfully
C:\Users\darry\AppData\Local\zcdbaa.dll => moved successfully
C:\Program Files (x86)\dataup => moved successfully
C:\Program Files (x86)\cpx => moved successfully
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  sfc /scannow =========
 
 
 
 
 B e g i n n i n g   s y s t e m   s c a n .     T h i s   p r o c e s s   w i l l   t a k e   s o m e   t i m e . 
 
 
 
 
 
 B e g i n n i n g   v e r i f i c a t i o n   p h a s e   o f   s y s t e m   s c a n . 
 
 
 V e r i f i c a t i o n   0 %   c o m p l e t e . V e r i f i c a t i o n   1 %   c o m p l e t e . V e r i f i c a t i o n   1 %   c o m p l e t e . V e r i f i c a t i o n   2 %   c o m p l e t e . V e r i f i c a t i o n   2 %   c o m p l e t e . V e r i f i c a t i o n   3 %   c o m p l e t e . V e r i f i c a t i o n   4 %   c o m p l e t e . V e r i f i c a t i o n   4 %   c o m p l e t e . V e r i f i c a t i o n   5 %   c o m p l e t e . V e r i f i c a t i o n   5 %   c o m p l e t e . V e r i f i c a t i o n   6 %   c o m p l e t e . V e r i f i c a t i o n   7 %   c o m p l e t e . V e r i f i c a t i o n   7 %   c o m p l e t e . V e r i f i c a t i o n   8 %   c o m p l e t e . V e r i f i c a t i o n   8 %   c o m p l e t e . V e r i f i c a t i o n   9 %   c o m p l e t e . V e r i f i c a t i o n   9 %   c o m p l e t e . V e r i f i c a t i o n   1 0 %   c o m p l e t e . V e r i f i c a t i o n   1 1 %   c o m p l e t e . V e r i f i c a t i o n   1 1 %   c o m p l e t e . V e r i f i c a t i o n   1 2 %   c o m p l e t e . V e r i f i c a t i o n   1 2 %   c o m p l e t e . V e r i f i c a t i o n   1 3 %   c o m p l e t e . V e r i f i c a t i o n   1 4 %   c o m p l e t e . V e r i f i c a t i o n   1 4 %   c o m p l e t e . V e r i f i c a t i o n   1 5 %   c o m p l e t e . V e r i f i c a t i o n   1 5 %   c o m p l e t e . V e r i f i c a t i o n   1 6 %   c o m p l e t e . V e r i f i c a t i o n   1 7 %   c o m p l e t e . V e r i f i c a t i o n   1 7 %   c o m p l e t e . V e r i f i c a t i o n   1 8 %   c o m p l e t e . V e r i f i c a t i o n   1 8 %   c o m p l e t e . V e r i f i c a t i o n   1 9 %   c o m p l e t e . V e r i f i c a t i o n   1 9 %   c o m p l e t e . V e r i f i c a t i o n   2 0 %   c o m p l e t e . V e r i f i c a t i o n   2 1 %   c o m p l e t e . V e r i f i c a t i o n   2 1 %   c o m p l e t e . V e r i f i c a t i o n   2 2 %   c o m p l e t e . V e r i f i c a t i o n   2 2 %   c o m p l e t e . V e r i f i c a t i o n   2 3 %   c o m p l e t e . V e r i f i c a t i o n   2 4 %   c o m p l e t e . V e r i f i c a t i o n   2 4 %   c o m p l e t e . V e r i f i c a t i o n   2 5 %   c o m p l e t e . V e r i f i c a t i o n   2 5 %   c o m p l e t e . V e r i f i c a t i o n   2 6 %   c o m p l e t e . V e r i f i c a t i o n   2 7 %   c o m p l e t e . V e r i f i c a t i o n   2 7 %   c o m p l e t e . V e r i f i c a t i o n   2 8 %   c o m p l e t e . V e r i f i c a t i o n   2 8 %   c o m p l e t e . V e r i f i c a t i o n   2 9 %   c o m p l e t e . V e r i f i c a t i o n   2 9 %   c o m p l e t e . V e r i f i c a t i o n   3 0 %   c o m p l e t e . V e r i f i c a t i o n   3 1 %   c o m p l e t e . V e r i f i c a t i o n   3 1 %   c o m p l e t e . V e r i f i c a t i o n   3 2 %   c o m p l e t e . V e r i f i c a t i o n   3 2 %   c o m p l e t e . V e r i f i c a t i o n   3 3 %   c o m p l e t e . V e r i f i c a t i o n   3 4 %   c o m p l e t e . V e r i f i c a t i o n   3 4 %   c o m p l e t e . V e r i f i c a t i o n   3 5 %   c o m p l e t e . V e r i f i c a t i o n   3 5 %   c o m p l e t e . V e r i f i c a t i o n   3 6 %   c o m p l e t e . V e r i f i c a t i o n   3 6 %   c o m p l e t e . V e r i f i c a t i o n   3 7 %   c o m p l e t e . V e r i f i c a t i o n   3 8 %   c o m p l e t e . V e r i f i c a t i o n   3 8 %   c o m p l e t e . V e r i f i c a t i o n   3 9 %   c o m p l e t e . V e r i f i c a t i o n   3 9 %   c o m p l e t e . V e r i f i c a t i o n   4 0 %   c o m p l e t e . V e r i f i c a t i o n   4 1 %   c o m p l e t e . V e r i f i c a t i o n   4 1 %   c o m p l e t e . V e r i f i c a t i o n   4 2 %   c o m p l e t e . V e r i f i c a t i o n   4 2 %   c o m p l e t e . V e r i f i c a t i o n   4 3 %   c o m p l e t e . V e r i f i c a t i o n   4 4 %   c o m p l e t e . V e r i f i c a t i o n   4 4 %   c o m p l e t e . V e r i f i c a t i o n   4 5 %   c o m p l e t e . V e r i f i c a t i o n   4 5 %   c o m p l e t e . V e r i f i c a t i o n   4 6 %   c o m p l e t e . V e r i f i c a t i o n   4 6 %   c o m p l e t e . V e r i f i c a t i o n   4 7 %   c o m p l e t e . V e r i f i c a t i o n   4 8 %   c o m p l e t e . V e r i f i c a t i o n   4 8 %   c o m p l e t e . V e r i f i c a t i o n   4 9 %   c o m p l e t e . V e r i f i c a t i o n   4 9 %   c o m p l e t e . V e r i f i c a t i o n   5 0 %   c o m p l e t e . V e r i f i c a t i o n   5 1 %   c o m p l e t e . V e r i f i c a t i o n   5 1 %   c o m p l e t e . V e r i f i c a t i o n   5 2 %   c o m p l e t e . V e r i f i c a t i o n   5 2 %   c o m p l e t e . V e r i f i c a t i o n   5 3 %   c o m p l e t e . V e r i f i c a t i o n   5 4 %   c o m p l e t e . V e r i f i c a t i o n   5 4 %   c o m p l e t e . V e r i f i c a t i o n   5 5 %   c o m p l e t e . V e r i f i c a t i o n   5 5 %   c o m p l e t e . V e r i f i c a t i o n   5 6 %   c o m p l e t e . V e r i f i c a t i o n   5 6 %   c o m p l e t e . V e r i f i c a t i o n   5 7 %   c o m p l e t e . V e r i f i c a t i o n   5 8 %   c o m p l e t e . V e r i f i c a t i o n   5 8 %   c o m p l e t e . V e r i f i c a t i o n   5 9 %   c o m p l e t e . V e r i f i c a t i o n   5 9 %   c o m p l e t e . V e r i f i c a t i o n   6 0 %   c o m p l e t e . V e r i f i c a t i o n   6 1 %   c o m p l e t e . V e r i f i c a t i o n   6 1 %   c o m p l e t e . V e r i f i c a t i o n   6 2 %   c o m p l e t e . V e r i f i c a t i o n   6 2 %   c o m p l e t e . V e r i f i c a t i o n   6 3 %   c o m p l e t e . V e r i f i c a t i o n   6 4 %   c o m p l e t e . V e r i f i c a t i o n   6 4 %   c o m p l e t e . V e r i f i c a t i o n   6 5 %   c o m p l e t e . V e r i f i c a t i o n   6 5 %   c o m p l e t e . V e r i f i c a t i o n   6 6 %   c o m p l e t e . V e r i f i c a t i o n   6 6 %   c o m p l e t e . V e r i f i c a t i o n   6 7 %   c o m p l e t e . V e r i f i c a t i o n   6 8 %   c o m p l e t e . V e r i f i c a t i o n   6 8 %   c o m p l e t e . V e r i f i c a t i o n   6 9 %   c o m p l e t e . V e r i f i c a t i o n   6 9 %   c o m p l e t e . V e r i f i c a t i o n   7 0 %   c o m p l e t e . V e r i f i c a t i o n   7 1 %   c o m p l e t e . V e r i f i c a t i o n   7 1 %   c o m p l e t e . V e r i f i c a t i o n   7 2 %   c o m p l e t e . V e r i f i c a t i o n   7 2 %   c o m p l e t e . V e r i f i c a t i o n   7 3 %   c o m p l e t e . V e r i f i c a t i o n   7 3 %   c o m p l e t e . V e r i f i c a t i o n   7 4 %   c o m p l e t e . V e r i f i c a t i o n   7 5 %   c o m p l e t e . V e r i f i c a t i o n   7 5 %   c o m p l e t e . V e r i f i c a t i o n   7 6 %   c o m p l e t e . V e r i f i c a t i o n   7 6 %   c o m p l e t e . V e r i f i c a t i o n   7 7 %   c o m p l e t e . V e r i f i c a t i o n   7 8 %   c o m p l e t e . V e r i f i c a t i o n   7 8 %   c o m p l e t e . V e r i f i c a t i o n   7 9 %   c o m p l e t e . V e r i f i c a t i o n   7 9 %   c o m p l e t e . V e r i f i c a t i o n   8 0 %   c o m p l e t e . V e r i f i c a t i o n   8 1 %   c o m p l e t e . V e r i f i c a t i o n   8 1 %   c o m p l e t e . V e r i f i c a t i o n   8 2 %   c o m p l e t e . V e r i f i c a t i o n   8 2 %   c o m p l e t e . V e r i f i c a t i o n   8 3 %   c o m p l e t e . V e r i f i c a t i o n   8 3 %   c o m p l e t e . V e r i f i c a t i o n   8 4 %   c o m p l e t e . V e r i f i c a t i o n   8 5 %   c o m p l e t e . V e r i f i c a t i o n   8 5 %   c o m p l e t e . V e r i f i c a t i o n   8 6 %   c o m p l e t e . V e r i f i c a t i o n   8 6 %   c o m p l e t e . V e r i f i c a t i o n   8 7 %   c o m p l e t e . V e r i f i c a t i o n   8 8 %   c o m p l e t e . V e r i f i c a t i o n   8 8 %   c o m p l e t e . V e r i f i c a t i o n   8 9 %   c o m p l e t e . V e r i f i c a t i o n   8 9 %   c o m p l e t e . V e r i f i c a t i o n   9 0 %   c o m p l e t e . V e r i f i c a t i o n   9 1 %   c o m p l e t e . V e r i f i c a t i o n   9 1 %   c o m p l e t e . V e r i f i c a t i o n   9 2 %   c o m p l e t e . V e r i f i c a t i o n   9 2 %   c o m p l e t e . V e r i f i c a t i o n   9 3 %   c o m p l e t e . V e r i f i c a t i o n   9 3 %   c o m p l e t e . V e r i f i c a t i o n   9 4 %   c o m p l e t e . V e r i f i c a t i o n   9 5 %   c o m p l e t e . V e r i f i c a t i o n   9 5 %   c o m p l e t e . V e r i f i c a t i o n   9 6 %   c o m p l e t e . V e r i f i c a t i o n   9 6 %   c o m p l e t e . V e r i f i c a t i o n   9 7 %   c o m p l e t e . V e r i f i c a t i o n   9 8 %   c o m p l e t e . V e r i f i c a t i o n   9 8 %   c o m p l e t e . V e r i f i c a t i o n   9 9 %   c o m p l e t e . V e r i f i c a t i o n   9 9 %   c o m p l e t e . V e r i f i c a t i o n   1 0 0 %   c o m p l e t e . 
 
 
 
 
 W i n d o w s   R e s o u r c e   P r o t e c t i o n   f o u n d   c o r r u p t   f i l e s   a n d   s u c c e s s f u l l y   r e p a i r e d   
 
 
 t h e m .   D e t a i l s   a r e   i n c l u d e d   i n   t h e   C B S . L o g   w i n d i r \ L o g s \ C B S \ C B S . l o g .   F o r   
 
 
 e x a m p l e   C : \ W i n d o w s \ L o g s \ C B S \ C B S . l o g .   N o t e   t h a t   l o g g i n g   i s   c u r r e n t l y   n o t   
 
 
 s u p p o r t e d   i n   o f f l i n e   s e r v i c i n g   s c e n a r i o s . 
 
 
 
 
 
 T h e   s y s t e m   f i l e   r e p a i r   c h a n g e s   w i l l   t a k e   e f f e c t   a f t e r   t h e   n e x t   r e b o o t . 
 
 
 
========= End of CMD: =========
 
 
=========  findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt" =========
 
2016-04-22 17:34:46, Info                  CSI    00000004 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:34:46, Info                  CSI    00000005 [SR] Beginning Verify and Repair transaction
2016-04-22 17:34:48, Info                  CSI    0000006a [SR] Verify complete
2016-04-22 17:34:48, Info                  CSI    0000006b [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:34:48, Info                  CSI    0000006c [SR] Beginning Verify and Repair transaction
2016-04-22 17:34:50, Info                  CSI    000000d1 [SR] Verify complete
2016-04-22 17:34:50, Info                  CSI    000000d2 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:34:50, Info                  CSI    000000d3 [SR] Beginning Verify and Repair transaction
2016-04-22 17:34:51, Info                  CSI    00000138 [SR] Verify complete
2016-04-22 17:34:51, Info                  CSI    00000139 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:34:51, Info                  CSI    0000013a [SR] Beginning Verify and Repair transaction
2016-04-22 17:34:53, Info                  CSI    0000019f [SR] Verify complete
2016-04-22 17:34:53, Info                  CSI    000001a0 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:34:53, Info                  CSI    000001a1 [SR] Beginning Verify and Repair transaction
2016-04-22 17:34:54, Info                  CSI    00000206 [SR] Verify complete
2016-04-22 17:34:55, Info                  CSI    00000207 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:34:55, Info                  CSI    00000208 [SR] Beginning Verify and Repair transaction
2016-04-22 17:34:56, Info                  CSI    0000026d [SR] Verify complete
2016-04-22 17:34:56, Info                  CSI    0000026e [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:34:56, Info                  CSI    0000026f [SR] Beginning Verify and Repair transaction
2016-04-22 17:34:58, Info                  CSI    000002d6 [SR] Verify complete
2016-04-22 17:34:58, Info                  CSI    000002d7 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:34:58, Info                  CSI    000002d8 [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:00, Info                  CSI    0000033d [SR] Verify complete
2016-04-22 17:35:00, Info                  CSI    0000033e [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:00, Info                  CSI    0000033f [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:02, Info                  CSI    000003a4 [SR] Verify complete
2016-04-22 17:35:02, Info                  CSI    000003a5 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:02, Info                  CSI    000003a6 [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:03, Info                  CSI    0000040b [SR] Verify complete
2016-04-22 17:35:03, Info                  CSI    0000040c [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:03, Info                  CSI    0000040d [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:05, Info                  CSI    00000472 [SR] Verify complete
2016-04-22 17:35:06, Info                  CSI    00000473 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:06, Info                  CSI    00000474 [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:08, Info                  CSI    000004d9 [SR] Verify complete
2016-04-22 17:35:08, Info                  CSI    000004da [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:08, Info                  CSI    000004db [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:10, Info                  CSI    00000540 [SR] Verify complete
2016-04-22 17:35:10, Info                  CSI    00000541 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:10, Info                  CSI    00000542 [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:12, Info                  CSI    000005a7 [SR] Verify complete
2016-04-22 17:35:12, Info                  CSI    000005a8 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:12, Info                  CSI    000005a9 [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:14, Info                  CSI    0000060e [SR] Verify complete
2016-04-22 17:35:14, Info                  CSI    0000060f [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:14, Info                  CSI    00000610 [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:15, Info                  CSI    00000675 [SR] Verify complete
2016-04-22 17:35:15, Info                  CSI    00000676 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:15, Info                  CSI    00000677 [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:17, Info                  CSI    000006dc [SR] Verify complete
2016-04-22 17:35:17, Info                  CSI    000006dd [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:17, Info                  CSI    000006de [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:19, Info                  CSI    00000743 [SR] Verify complete
2016-04-22 17:35:19, Info                  CSI    00000744 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:19, Info                  CSI    00000745 [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:21, Info                  CSI    000007b2 [SR] Verify complete
2016-04-22 17:35:22, Info                  CSI    000007b3 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:22, Info                  CSI    000007b4 [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:23, Info                  CSI    00000819 [SR] Verify complete
2016-04-22 17:35:23, Info                  CSI    0000081a [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:23, Info                  CSI    0000081b [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:25, Info                  CSI    00000880 [SR] Verify complete
2016-04-22 17:35:25, Info                  CSI    00000881 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:25, Info                  CSI    00000882 [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:26, Info                  CSI    000008ee [SR] Verify complete
2016-04-22 17:35:26, Info                  CSI    000008ef [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:26, Info                  CSI    000008f0 [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:28, Info                  CSI    00000958 [SR] Verify complete
2016-04-22 17:35:28, Info                  CSI    00000959 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:28, Info                  CSI    0000095a [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:30, Info                  CSI    000009c0 [SR] Verify complete
2016-04-22 17:35:31, Info                  CSI    000009c1 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:31, Info                  CSI    000009c2 [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:35, Info                  CSI    00000a41 [SR] Verify complete
2016-04-22 17:35:35, Info                  CSI    00000a42 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:35, Info                  CSI    00000a43 [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:41, Info                  CSI    00000ab5 [SR] Verify complete
2016-04-22 17:35:41, Info                  CSI    00000ab6 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:41, Info                  CSI    00000ab7 [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:45, Info                  CSI    00000b24 [SR] Verify complete
2016-04-22 17:35:45, Info                  CSI    00000b25 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:45, Info                  CSI    00000b26 [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:48, Info                  CSI    00000b99 [SR] Verify complete
2016-04-22 17:35:48, Info                  CSI    00000b9a [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:48, Info                  CSI    00000b9b [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:52, Info                  CSI    00000c02 [SR] Verify complete
2016-04-22 17:35:52, Info                  CSI    00000c03 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:52, Info                  CSI    00000c04 [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:56, Info                  CSI    00000c69 [SR] Verify complete
2016-04-22 17:35:56, Info                  CSI    00000c6a [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:35:56, Info                  CSI    00000c6b [SR] Beginning Verify and Repair transaction
2016-04-22 17:35:59, Info                  CSI    00000cd0 [SR] Verify complete
2016-04-22 17:36:00, Info                  CSI    00000cd1 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:36:00, Info                  CSI    00000cd2 [SR] Beginning Verify and Repair transaction
2016-04-22 17:36:02, Info                  CSI    00000d37 [SR] Verify complete
2016-04-22 17:36:02, Info                  CSI    00000d38 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:36:02, Info                  CSI    00000d39 [SR] Beginning Verify and Repair transaction
2016-04-22 17:36:08, Info                  CSI    00000da0 [SR] Verify complete
2016-04-22 17:36:08, Info                  CSI    00000da1 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:36:08, Info                  CSI    00000da2 [SR] Beginning Verify and Repair transaction
2016-04-22 17:36:14, Info                  CSI    00000e56 [SR] Verify complete
2016-04-22 17:36:14, Info                  CSI    00000e57 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:36:14, Info                  CSI    00000e58 [SR] Beginning Verify and Repair transaction
2016-04-22 17:36:21, Info                  CSI    00000f1e [SR] Verify complete
2016-04-22 17:36:21, Info                  CSI    00000f1f [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:36:21, Info                  CSI    00000f20 [SR] Beginning Verify and Repair transaction
2016-04-22 17:36:25, Info                  CSI    00000fb3 [SR] Verify complete
2016-04-22 17:36:26, Info                  CSI    00000fb4 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:36:26, Info                  CSI    00000fb5 [SR] Beginning Verify and Repair transaction
2016-04-22 17:36:30, Info                  CSI    00001029 [SR] Verify complete
2016-04-22 17:36:30, Info                  CSI    0000102a [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:36:30, Info                  CSI    0000102b [SR] Beginning Verify and Repair transaction
2016-04-22 17:36:34, Info                  CSI    000010a6 [SR] Verify complete
2016-04-22 17:36:34, Info                  CSI    000010a7 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:36:34, Info                  CSI    000010a8 [SR] Beginning Verify and Repair transaction
2016-04-22 17:36:38, Info                  CSI    0000112e [SR] Verify complete
2016-04-22 17:36:38, Info                  CSI    0000112f [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:36:38, Info                  CSI    00001130 [SR] Beginning Verify and Repair transaction
2016-04-22 17:36:42, Info                  CSI    0000119f [SR] Verify complete
2016-04-22 17:36:42, Info                  CSI    000011a0 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:36:42, Info                  CSI    000011a1 [SR] Beginning Verify and Repair transaction
2016-04-22 17:36:45, Info                  CSI    0000120d [SR] Verify complete
2016-04-22 17:36:45, Info                  CSI    0000120e [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:36:45, Info                  CSI    0000120f [SR] Beginning Verify and Repair transaction
2016-04-22 17:36:47, Info                  CSI    0000121f [SR] Repairing corrupted file [l:23 ml:24]"\??\C:\Windows\System32"\[l:10]"dnsapi.dll" from store
2016-04-22 17:36:49, Info                  CSI    00001279 [SR] Verify complete
2016-04-22 17:36:49, Info                  CSI    0000127a [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:36:49, Info                  CSI    0000127b [SR] Beginning Verify and Repair transaction
2016-04-22 17:36:52, Info                  CSI    000012ee [SR] Verify complete
2016-04-22 17:36:52, Info                  CSI    000012ef [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:36:52, Info                  CSI    000012f0 [SR] Beginning Verify and Repair transaction
2016-04-22 17:36:57, Info                  CSI    0000137f [SR] Verify complete
2016-04-22 17:36:57, Info                  CSI    00001380 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:36:57, Info                  CSI    00001381 [SR] Beginning Verify and Repair transaction
2016-04-22 17:37:02, Info                  CSI    00001406 [SR] Verify complete
2016-04-22 17:37:02, Info                  CSI    00001407 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:37:02, Info                  CSI    00001408 [SR] Beginning Verify and Repair transaction
2016-04-22 17:37:10, Info                  CSI    000014fb [SR] Verify complete
2016-04-22 17:37:10, Info                  CSI    000014fc [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:37:10, Info                  CSI    000014fd [SR] Beginning Verify and Repair transaction
2016-04-22 17:37:15, Info                  CSI    00001571 [SR] Verify complete
2016-04-22 17:37:15, Info                  CSI    00001572 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:37:15, Info                  CSI    00001573 [SR] Beginning Verify and Repair transaction
2016-04-22 17:37:18, Info                  CSI    000015e0 [SR] Verify complete
2016-04-22 17:37:18, Info                  CSI    000015e1 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:37:18, Info                  CSI    000015e2 [SR] Beginning Verify and Repair transaction
2016-04-22 17:37:21, Info                  CSI    00001652 [SR] Verify complete
2016-04-22 17:37:21, Info                  CSI    00001653 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:37:21, Info                  CSI    00001654 [SR] Beginning Verify and Repair transaction
2016-04-22 17:37:28, Info                  CSI    00001718 [SR] Verify complete
2016-04-22 17:37:28, Info                  CSI    00001719 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:37:28, Info                  CSI    0000171a [SR] Beginning Verify and Repair transaction
2016-04-22 17:37:30, Info                  CSI    0000177f [SR] Verify complete
2016-04-22 17:37:30, Info                  CSI    00001780 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:37:30, Info                  CSI    00001781 [SR] Beginning Verify and Repair transaction
2016-04-22 17:37:32, Info                  CSI    000017e6 [SR] Verify complete
2016-04-22 17:37:32, Info                  CSI    000017e7 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:37:32, Info                  CSI    000017e8 [SR] Beginning Verify and Repair transaction
2016-04-22 17:37:35, Info                  CSI    0000185a [SR] Verify complete
2016-04-22 17:37:35, Info                  CSI    0000185b [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:37:35, Info                  CSI    0000185c [SR] Beginning Verify and Repair transaction
2016-04-22 17:37:38, Info                  CSI    000018c2 [SR] Verify complete
2016-04-22 17:37:38, Info                  CSI    000018c3 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:37:38, Info                  CSI    000018c4 [SR] Beginning Verify and Repair transaction
2016-04-22 17:37:42, Info                  CSI    0000193d [SR] Verify complete
2016-04-22 17:37:42, Info                  CSI    0000193e [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:37:42, Info                  CSI    0000193f [SR] Beginning Verify and Repair transaction
2016-04-22 17:37:49, Info                  CSI    000019bd [SR] Verify complete
2016-04-22 17:37:49, Info                  CSI    000019be [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:37:49, Info                  CSI    000019bf [SR] Beginning Verify and Repair transaction
2016-04-22 17:37:52, Info                  CSI    00001a2f [SR] Verify complete
2016-04-22 17:37:52, Info                  CSI    00001a30 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:37:52, Info                  CSI    00001a31 [SR] Beginning Verify and Repair transaction
2016-04-22 17:37:58, Info                  CSI    00001aea [SR] Verify complete
2016-04-22 17:37:59, Info                  CSI    00001aeb [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:37:59, Info                  CSI    00001aec [SR] Beginning Verify and Repair transaction
2016-04-22 17:38:04, Info                  CSI    00001b63 [SR] Verify complete
2016-04-22 17:38:04, Info                  CSI    00001b64 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:38:04, Info                  CSI    00001b65 [SR] Beginning Verify and Repair transaction
2016-04-22 17:38:10, Info                  CSI    00001be9 [SR] Verify complete
2016-04-22 17:38:10, Info                  CSI    00001bea [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:38:10, Info                  CSI    00001beb [SR] Beginning Verify and Repair transaction
2016-04-22 17:38:14, Info                  CSI    00001c54 [SR] Verify complete
2016-04-22 17:38:14, Info                  CSI    00001c55 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:38:14, Info                  CSI    00001c56 [SR] Beginning Verify and Repair transaction
2016-04-22 17:38:19, Info                  CSI    00001cc8 [SR] Verify complete
2016-04-22 17:38:19, Info                  CSI    00001cc9 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:38:19, Info                  CSI    00001cca [SR] Beginning Verify and Repair transaction
2016-04-22 17:38:30, Info                  CSI    00001da9 [SR] Verify complete
2016-04-22 17:38:30, Info                  CSI    00001daa [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:38:30, Info                  CSI    00001dab [SR] Beginning Verify and Repair transaction
2016-04-22 17:38:33, Info                  CSI    00001e14 [SR] Verify complete
2016-04-22 17:38:33, Info                  CSI    00001e15 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:38:33, Info                  CSI    00001e16 [SR] Beginning Verify and Repair transaction
2016-04-22 17:38:36, Info                  CSI    00001e82 [SR] Verify complete
2016-04-22 17:38:36, Info                  CSI    00001e83 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:38:36, Info                  CSI    00001e84 [SR] Beginning Verify and Repair transaction
2016-04-22 17:38:39, Info                  CSI    00001ef5 [SR] Verify complete
2016-04-22 17:38:39, Info                  CSI    00001ef6 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:38:39, Info                  CSI    00001ef7 [SR] Beginning Verify and Repair transaction
2016-04-22 17:38:43, Info                  CSI    00001f68 [SR] Verify complete
2016-04-22 17:38:43, Info                  CSI    00001f69 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:38:43, Info                  CSI    00001f6a [SR] Beginning Verify and Repair transaction
2016-04-22 17:38:46, Info                  CSI    00001fd2 [SR] Verify complete
2016-04-22 17:38:46, Info                  CSI    00001fd3 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:38:46, Info                  CSI    00001fd4 [SR] Beginning Verify and Repair transaction
2016-04-22 17:38:50, Info                  CSI    00002052 [SR] Verify complete
2016-04-22 17:38:50, Info                  CSI    00002053 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:38:50, Info                  CSI    00002054 [SR] Beginning Verify and Repair transaction
2016-04-22 17:38:53, Info                  CSI    000020ca [SR] Verify complete
2016-04-22 17:38:53, Info                  CSI    000020cb [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:38:53, Info                  CSI    000020cc [SR] Beginning Verify and Repair transaction
2016-04-22 17:38:56, Info                  CSI    00002139 [SR] Verify complete
2016-04-22 17:38:56, Info                  CSI    0000213a [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:38:56, Info                  CSI    0000213b [SR] Beginning Verify and Repair transaction
2016-04-22 17:39:01, Info                  CSI    000021cf [SR] Verify complete
2016-04-22 17:39:01, Info                  CSI    000021d0 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:39:01, Info                  CSI    000021d1 [SR] Beginning Verify and Repair transaction
2016-04-22 17:39:05, Info                  CSI    00002250 [SR] Verify complete
2016-04-22 17:39:05, Info                  CSI    00002251 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:39:05, Info                  CSI    00002252 [SR] Beginning Verify and Repair transaction
2016-04-22 17:39:08, Info                  CSI    000022bb [SR] Verify complete
2016-04-22 17:39:08, Info                  CSI    000022bc [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:39:08, Info                  CSI    000022bd [SR] Beginning Verify and Repair transaction
2016-04-22 17:39:11, Info                  CSI    0000232d [SR] Verify complete
2016-04-22 17:39:11, Info                  CSI    0000232e [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:39:11, Info                  CSI    0000232f [SR] Beginning Verify and Repair transaction
2016-04-22 17:39:15, Info                  CSI    000023a7 [SR] Verify complete
2016-04-22 17:39:15, Info                  CSI    000023a8 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:39:15, Info                  CSI    000023a9 [SR] Beginning Verify and Repair transaction
2016-04-22 17:39:18, Info                  CSI    00002416 [SR] Verify complete
2016-04-22 17:39:18, Info                  CSI    00002417 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:39:18, Info                  CSI    00002418 [SR] Beginning Verify and Repair transaction
2016-04-22 17:39:21, Info                  CSI    00002485 [SR] Verify complete
2016-04-22 17:39:21, Info                  CSI    00002486 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:39:21, Info                  CSI    00002487 [SR] Beginning Verify and Repair transaction
2016-04-22 17:39:26, Info                  CSI    00002501 [SR] Verify complete
2016-04-22 17:39:26, Info                  CSI    00002502 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:39:26, Info                  CSI    00002503 [SR] Beginning Verify and Repair transaction
2016-04-22 17:39:30, Info                  CSI    0000257f [SR] Verify complete
2016-04-22 17:39:30, Info                  CSI    00002580 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:39:30, Info                  CSI    00002581 [SR] Beginning Verify and Repair transaction
2016-04-22 17:39:34, Info                  CSI    000025ee [SR] Verify complete
2016-04-22 17:39:34, Info                  CSI    000025ef [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:39:34, Info                  CSI    000025f0 [SR] Beginning Verify and Repair transaction
2016-04-22 17:39:40, Info                  CSI    0000269a [SR] Verify complete
2016-04-22 17:39:40, Info                  CSI    0000269b [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:39:40, Info                  CSI    0000269c [SR] Beginning Verify and Repair transaction
2016-04-22 17:39:46, Info                  CSI    0000271c [SR] Verify complete
2016-04-22 17:39:46, Info                  CSI    0000271d [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:39:46, Info                  CSI    0000271e [SR] Beginning Verify and Repair transaction
2016-04-22 17:39:50, Info                  CSI    00002789 [SR] Verify complete
2016-04-22 17:39:50, Info                  CSI    0000278a [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:39:50, Info                  CSI    0000278b [SR] Beginning Verify and Repair transaction
2016-04-22 17:39:53, Info                  CSI    000027f8 [SR] Verify complete
2016-04-22 17:39:53, Info                  CSI    000027f9 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:39:53, Info                  CSI    000027fa [SR] Beginning Verify and Repair transaction
2016-04-22 17:39:57, Info                  CSI    0000286d [SR] Verify complete
2016-04-22 17:39:57, Info                  CSI    0000286e [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:39:57, Info                  CSI    0000286f [SR] Beginning Verify and Repair transaction
2016-04-22 17:40:02, Info                  CSI    000028dc [SR] Verify complete
2016-04-22 17:40:02, Info                  CSI    000028dd [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:40:02, Info                  CSI    000028de [SR] Beginning Verify and Repair transaction
2016-04-22 17:40:05, Info                  CSI    0000294c [SR] Verify complete
2016-04-22 17:40:05, Info                  CSI    0000294d [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:40:05, Info                  CSI    0000294e [SR] Beginning Verify and Repair transaction
2016-04-22 17:40:09, Info                  CSI    000029b9 [SR] Verify complete
2016-04-22 17:40:09, Info                  CSI    000029ba [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:40:09, Info                  CSI    000029bb [SR] Beginning Verify and Repair transaction
2016-04-22 17:40:13, Info                  CSI    00002a30 [SR] Verify complete
2016-04-22 17:40:13, Info                  CSI    00002a31 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:40:13, Info                  CSI    00002a32 [SR] Beginning Verify and Repair transaction
2016-04-22 17:40:16, Info                  CSI    00002aaa [SR] Verify complete
2016-04-22 17:40:16, Info                  CSI    00002aab [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:40:16, Info                  CSI    00002aac [SR] Beginning Verify and Repair transaction
2016-04-22 17:40:20, Info                  CSI    00002b23 [SR] Verify complete
2016-04-22 17:40:20, Info                  CSI    00002b24 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:40:20, Info                  CSI    00002b25 [SR] Beginning Verify and Repair transaction
2016-04-22 17:40:22, Info                  CSI    00002b96 [SR] Verify complete
2016-04-22 17:40:22, Info                  CSI    00002b97 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:40:22, Info                  CSI    00002b98 [SR] Beginning Verify and Repair transaction
2016-04-22 17:40:25, Info                  CSI    00002c00 [SR] Verify complete
2016-04-22 17:40:25, Info                  CSI    00002c01 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:40:25, Info                  CSI    00002c02 [SR] Beginning Verify and Repair transaction
2016-04-22 17:40:29, Info                  CSI    00002c6c [SR] Verify complete
2016-04-22 17:40:29, Info                  CSI    00002c6d [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:40:29, Info                  CSI    00002c6e [SR] Beginning Verify and Repair transaction
2016-04-22 17:40:34, Info                  CSI    00002cd4 [SR] Verify complete
2016-04-22 17:40:34, Info                  CSI    00002cd5 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:40:34, Info                  CSI    00002cd6 [SR] Beginning Verify and Repair transaction
2016-04-22 17:40:39, Info                  CSI    00002d49 [SR] Verify complete
2016-04-22 17:40:39, Info                  CSI    00002d4a [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:40:39, Info                  CSI    00002d4b [SR] Beginning Verify and Repair transaction
2016-04-22 17:40:44, Info                  CSI    00002e3f [SR] Verify complete
2016-04-22 17:40:45, Info                  CSI    00002e40 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:40:45, Info                  CSI    00002e41 [SR] Beginning Verify and Repair transaction
2016-04-22 17:40:48, Info                  CSI    00002ecb [SR] Verify complete
2016-04-22 17:40:48, Info                  CSI    00002ecc [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:40:48, Info                  CSI    00002ecd [SR] Beginning Verify and Repair transaction
2016-04-22 17:40:51, Info                  CSI    00002f32 [SR] Verify complete
2016-04-22 17:40:51, Info                  CSI    00002f33 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:40:51, Info                  CSI    00002f34 [SR] Beginning Verify and Repair transaction
2016-04-22 17:40:53, Info                  CSI    00002f99 [SR] Verify complete
2016-04-22 17:40:53, Info                  CSI    00002f9a [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:40:53, Info                  CSI    00002f9b [SR] Beginning Verify and Repair transaction
2016-04-22 17:40:57, Info                  CSI    00003000 [SR] Verify complete
2016-04-22 17:40:57, Info                  CSI    00003001 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:40:57, Info                  CSI    00003002 [SR] Beginning Verify and Repair transaction
2016-04-22 17:40:59, Info                  CSI    00003067 [SR] Verify complete
2016-04-22 17:40:59, Info                  CSI    00003068 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:40:59, Info                  CSI    00003069 [SR] Beginning Verify and Repair transaction
2016-04-22 17:41:02, Info                  CSI    000030cf [SR] Verify complete
2016-04-22 17:41:02, Info                  CSI    000030d0 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:41:02, Info                  CSI    000030d1 [SR] Beginning Verify and Repair transaction
2016-04-22 17:41:04, Info                  CSI    00003136 [SR] Verify complete
2016-04-22 17:41:04, Info                  CSI    00003137 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:41:04, Info                  CSI    00003138 [SR] Beginning Verify and Repair transaction
2016-04-22 17:41:06, Info                  CSI    0000319d [SR] Verify complete
2016-04-22 17:41:06, Info                  CSI    0000319e [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:41:06, Info                  CSI    0000319f [SR] Beginning Verify and Repair transaction
2016-04-22 17:41:09, Info                  CSI    00003205 [SR] Verify complete
2016-04-22 17:41:09, Info                  CSI    00003206 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:41:09, Info                  CSI    00003207 [SR] Beginning Verify and Repair transaction
2016-04-22 17:41:12, Info                  CSI    00003288 [SR] Verify complete
2016-04-22 17:41:12, Info                  CSI    00003289 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:41:12, Info                  CSI    0000328a [SR] Beginning Verify and Repair transaction
2016-04-22 17:41:14, Info                  CSI    000032ef [SR] Verify complete
2016-04-22 17:41:14, Info                  CSI    000032f0 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:41:14, Info                  CSI    000032f1 [SR] Beginning Verify and Repair transaction
2016-04-22 17:41:18, Info                  CSI    0000335e [SR] Verify complete
2016-04-22 17:41:18, Info                  CSI    0000335f [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:41:18, Info                  CSI    00003360 [SR] Beginning Verify and Repair transaction
2016-04-22 17:41:21, Info                  CSI    000033c5 [SR] Verify complete
2016-04-22 17:41:21, Info                  CSI    000033c6 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:41:21, Info                  CSI    000033c7 [SR] Beginning Verify and Repair transaction
2016-04-22 17:41:24, Info                  CSI    0000342c [SR] Verify complete
2016-04-22 17:41:24, Info                  CSI    0000342d [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:41:24, Info                  CSI    0000342e [SR] Beginning Verify and Repair transaction
2016-04-22 17:41:26, Info                  CSI    00003494 [SR] Verify complete
2016-04-22 17:41:26, Info                  CSI    00003495 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:41:26, Info                  CSI    00003496 [SR] Beginning Verify and Repair transaction
2016-04-22 17:41:28, Info                  CSI    000034fb [SR] Verify complete
2016-04-22 17:41:28, Info                  CSI    000034fc [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:41:29, Info                  CSI    000034fd [SR] Beginning Verify and Repair transaction
2016-04-22 17:41:34, Info                  CSI    00003569 [SR] Verify complete
2016-04-22 17:41:34, Info                  CSI    0000356a [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:41:34, Info                  CSI    0000356b [SR] Beginning Verify and Repair transaction
2016-04-22 17:41:37, Info                  CSI    000035db [SR] Verify complete
2016-04-22 17:41:37, Info                  CSI    000035dc [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:41:37, Info                  CSI    000035dd [SR] Beginning Verify and Repair transaction
2016-04-22 17:41:39, Info                  CSI    0000364c [SR] Verify complete
2016-04-22 17:41:39, Info                  CSI    0000364d [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:41:39, Info                  CSI    0000364e [SR] Beginning Verify and Repair transaction
2016-04-22 17:41:42, Info                  CSI    000036c2 [SR] Verify complete
2016-04-22 17:41:42, Info                  CSI    000036c3 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:41:42, Info                  CSI    000036c4 [SR] Beginning Verify and Repair transaction
2016-04-22 17:41:44, Info                  CSI    00003729 [SR] Verify complete
2016-04-22 17:41:44, Info                  CSI    0000372a [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:41:44, Info                  CSI    0000372b [SR] Beginning Verify and Repair transaction
2016-04-22 17:41:46, Info                  CSI    00003790 [SR] Verify complete
2016-04-22 17:41:47, Info                  CSI    00003791 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:41:47, Info                  CSI    00003792 [SR] Beginning Verify and Repair transaction
2016-04-22 17:41:49, Info                  CSI    000037f7 [SR] Verify complete
2016-04-22 17:41:49, Info                  CSI    000037f8 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:41:49, Info                  CSI    000037f9 [SR] Beginning Verify and Repair transaction
2016-04-22 17:41:53, Info                  CSI    0000386c [SR] Verify complete
2016-04-22 17:41:54, Info                  CSI    0000386d [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:41:54, Info                  CSI    0000386e [SR] Beginning Verify and Repair transaction
2016-04-22 17:41:57, Info                  CSI    000038df [SR] Verify complete
2016-04-22 17:41:57, Info                  CSI    000038e0 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:41:57, Info                  CSI    000038e1 [SR] Beginning Verify and Repair transaction
2016-04-22 17:42:00, Info                  CSI    0000395a [SR] Verify complete
2016-04-22 17:42:00, Info                  CSI    0000395b [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:42:00, Info                  CSI    0000395c [SR] Beginning Verify and Repair transaction
2016-04-22 17:42:02, Info                  CSI    00003961 [SR] Repairing corrupted file [l:23 ml:24]"\??\C:\Windows\SysWOW64"\[l:10]"dnsapi.dll" from store
2016-04-22 17:42:04, Info                  CSI    000039c6 [SR] Verify complete
2016-04-22 17:42:04, Info                  CSI    000039c7 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:42:04, Info                  CSI    000039c8 [SR] Beginning Verify and Repair transaction
2016-04-22 17:42:08, Info                  CSI    00003a44 [SR] Verify complete
2016-04-22 17:42:08, Info                  CSI    00003a45 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:42:08, Info                  CSI    00003a46 [SR] Beginning Verify and Repair transaction
2016-04-22 17:42:12, Info                  CSI    00003aae [SR] Verify complete
2016-04-22 17:42:12, Info                  CSI    00003aaf [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:42:12, Info                  CSI    00003ab0 [SR] Beginning Verify and Repair transaction
2016-04-22 17:42:14, Info                  CSI    00003b15 [SR] Verify complete
2016-04-22 17:42:14, Info                  CSI    00003b16 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:42:14, Info                  CSI    00003b17 [SR] Beginning Verify and Repair transaction
2016-04-22 17:42:16, Info                  CSI    00003b7c [SR] Verify complete
2016-04-22 17:42:16, Info                  CSI    00003b7d [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:42:16, Info                  CSI    00003b7e [SR] Beginning Verify and Repair transaction
2016-04-22 17:42:19, Info                  CSI    00003bf0 [SR] Verify complete
2016-04-22 17:42:20, Info                  CSI    00003bf1 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:42:20, Info                  CSI    00003bf2 [SR] Beginning Verify and Repair transaction
2016-04-22 17:42:25, Info                  CSI    00003c7c [SR] Verify complete
2016-04-22 17:42:26, Info                  CSI    00003c7d [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:42:26, Info                  CSI    00003c7e [SR] Beginning Verify and Repair transaction
2016-04-22 17:42:31, Info                  CSI    00003cef [SR] Verify complete
2016-04-22 17:42:31, Info                  CSI    00003cf0 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:42:31, Info                  CSI    00003cf1 [SR] Beginning Verify and Repair transaction
2016-04-22 17:42:38, Info                  CSI    00003d7b [SR] Verify complete
2016-04-22 17:42:38, Info                  CSI    00003d7c [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:42:38, Info                  CSI    00003d7d [SR] Beginning Verify and Repair transaction
2016-04-22 17:42:41, Info                  CSI    00003de9 [SR] Verify complete
2016-04-22 17:42:41, Info                  CSI    00003dea [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:42:41, Info                  CSI    00003deb [SR] Beginning Verify and Repair transaction
2016-04-22 17:42:44, Info                  CSI    00003e62 [SR] Verify complete
2016-04-22 17:42:45, Info                  CSI    00003e63 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:42:45, Info                  CSI    00003e64 [SR] Beginning Verify and Repair transaction
2016-04-22 17:42:48, Info                  CSI    00003ed2 [SR] Verify complete
2016-04-22 17:42:48, Info                  CSI    00003ed3 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:42:48, Info                  CSI    00003ed4 [SR] Beginning Verify and Repair transaction
2016-04-22 17:42:53, Info                  CSI    00003f4c [SR] Verify complete
2016-04-22 17:42:53, Info                  CSI    00003f4d [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:42:53, Info                  CSI    00003f4e [SR] Beginning Verify and Repair transaction
2016-04-22 17:42:57, Info                  CSI    00003fcc [SR] Verify complete
2016-04-22 17:42:57, Info                  CSI    00003fcd [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:42:57, Info                  CSI    00003fce [SR] Beginning Verify and Repair transaction
2016-04-22 17:43:02, Info                  CSI    00004048 [SR] Verify complete
2016-04-22 17:43:02, Info                  CSI    00004049 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:43:02, Info                  CSI    0000404a [SR] Beginning Verify and Repair transaction
2016-04-22 17:43:06, Info                  CSI    000040b5 [SR] Verify complete
2016-04-22 17:43:06, Info                  CSI    000040b6 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:43:06, Info                  CSI    000040b7 [SR] Beginning Verify and Repair transaction
2016-04-22 17:43:11, Info                  CSI    00004186 [SR] Verify complete
2016-04-22 17:43:11, Info                  CSI    00004187 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:43:11, Info                  CSI    00004188 [SR] Beginning Verify and Repair transaction
2016-04-22 17:43:15, Info                  CSI    00004230 [SR] Verify complete
2016-04-22 17:43:15, Info                  CSI    00004231 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:43:15, Info                  CSI    00004232 [SR] Beginning Verify and Repair transaction
2016-04-22 17:43:19, Info                  CSI    00004298 [SR] Verify complete
2016-04-22 17:43:19, Info                  CSI    00004299 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:43:19, Info                  CSI    0000429a [SR] Beginning Verify and Repair transaction
2016-04-22 17:43:21, Info                  CSI    00004301 [SR] Verify complete
2016-04-22 17:43:21, Info                  CSI    00004302 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:43:21, Info                  CSI    00004303 [SR] Beginning Verify and Repair transaction
2016-04-22 17:43:26, Info                  CSI    00004382 [SR] Verify complete
2016-04-22 17:43:26, Info                  CSI    00004383 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:43:26, Info                  CSI    00004384 [SR] Beginning Verify and Repair transaction
2016-04-22 17:43:31, Info                  CSI    0000440a [SR] Verify complete
2016-04-22 17:43:31, Info                  CSI    0000440b [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:43:31, Info                  CSI    0000440c [SR] Beginning Verify and Repair transaction
2016-04-22 17:43:34, Info                  CSI    0000447a [SR] Verify complete
2016-04-22 17:43:34, Info                  CSI    0000447b [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:43:34, Info                  CSI    0000447c [SR] Beginning Verify and Repair transaction
2016-04-22 17:43:37, Info                  CSI    000044ea [SR] Verify complete
2016-04-22 17:43:38, Info                  CSI    000044eb [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:43:38, Info                  CSI    000044ec [SR] Beginning Verify and Repair transaction
2016-04-22 17:43:40, Info                  CSI    00004552 [SR] Verify complete
2016-04-22 17:43:40, Info                  CSI    00004553 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:43:40, Info                  CSI    00004554 [SR] Beginning Verify and Repair transaction
2016-04-22 17:43:46, Info                  CSI    000045ef [SR] Verify complete
2016-04-22 17:43:46, Info                  CSI    000045f0 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:43:46, Info                  CSI    000045f1 [SR] Beginning Verify and Repair transaction
2016-04-22 17:43:51, Info                  CSI    00004667 [SR] Verify complete
2016-04-22 17:43:51, Info                  CSI    00004668 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:43:51, Info                  CSI    00004669 [SR] Beginning Verify and Repair transaction
2016-04-22 17:43:54, Info                  CSI    000046d3 [SR] Verify complete
2016-04-22 17:43:55, Info                  CSI    000046d4 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:43:55, Info                  CSI    000046d5 [SR] Beginning Verify and Repair transaction
2016-04-22 17:43:59, Info                  CSI    00004744 [SR] Verify complete
2016-04-22 17:43:59, Info                  CSI    00004745 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:43:59, Info                  CSI    00004746 [SR] Beginning Verify and Repair transaction
2016-04-22 17:44:02, Info                  CSI    000047b3 [SR] Verify complete
2016-04-22 17:44:02, Info                  CSI    000047b4 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:44:02, Info                  CSI    000047b5 [SR] Beginning Verify and Repair transaction
2016-04-22 17:44:05, Info                  CSI    0000481b [SR] Verify complete
2016-04-22 17:44:05, Info                  CSI    0000481c [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:44:05, Info                  CSI    0000481d [SR] Beginning Verify and Repair transaction
2016-04-22 17:44:08, Info                  CSI    00004886 [SR] Verify complete
2016-04-22 17:44:08, Info                  CSI    00004887 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:44:08, Info                  CSI    00004888 [SR] Beginning Verify and Repair transaction
2016-04-22 17:44:11, Info                  CSI    000048ee [SR] Verify complete
2016-04-22 17:44:11, Info                  CSI    000048ef [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:44:11, Info                  CSI    000048f0 [SR] Beginning Verify and Repair transaction
2016-04-22 17:44:14, Info                  CSI    00004957 [SR] Verify complete
2016-04-22 17:44:14, Info                  CSI    00004958 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:44:14, Info                  CSI    00004959 [SR] Beginning Verify and Repair transaction
2016-04-22 17:44:16, Info                  CSI    000049c2 [SR] Verify complete
2016-04-22 17:44:17, Info                  CSI    000049c3 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:44:17, Info                  CSI    000049c4 [SR] Beginning Verify and Repair transaction
2016-04-22 17:44:19, Info                  CSI    00004a2b [SR] Verify complete
2016-04-22 17:44:19, Info                  CSI    00004a2c [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:44:19, Info                  CSI    00004a2d [SR] Beginning Verify and Repair transaction
2016-04-22 17:44:23, Info                  CSI    00004a96 [SR] Verify complete
2016-04-22 17:44:23, Info                  CSI    00004a97 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:44:23, Info                  CSI    00004a98 [SR] Beginning Verify and Repair transaction
2016-04-22 17:44:26, Info                  CSI    00004b01 [SR] Verify complete
2016-04-22 17:44:26, Info                  CSI    00004b02 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:44:26, Info                  CSI    00004b03 [SR] Beginning Verify and Repair transaction
2016-04-22 17:44:29, Info                  CSI    00004b69 [SR] Verify complete
2016-04-22 17:44:29, Info                  CSI    00004b6a [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:44:29, Info                  CSI    00004b6b [SR] Beginning Verify and Repair transaction
2016-04-22 17:44:31, Info                  CSI    00004bd3 [SR] Verify complete
2016-04-22 17:44:31, Info                  CSI    00004bd4 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:44:31, Info                  CSI    00004bd5 [SR] Beginning Verify and Repair transaction
2016-04-22 17:44:34, Info                  CSI    00004c3c [SR] Verify complete
2016-04-22 17:44:34, Info                  CSI    00004c3d [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:44:34, Info                  CSI    00004c3e [SR] Beginning Verify and Repair transaction
2016-04-22 17:44:38, Info                  CSI    00004ca6 [SR] Verify complete
2016-04-22 17:44:38, Info                  CSI    00004ca7 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:44:38, Info                  CSI    00004ca8 [SR] Beginning Verify and Repair transaction
2016-04-22 17:44:40, Info                  CSI    00004d0d [SR] Verify complete
2016-04-22 17:44:40, Info                  CSI    00004d0e [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:44:40, Info                  CSI    00004d0f [SR] Beginning Verify and Repair transaction
2016-04-22 17:44:43, Info                  CSI    00004d74 [SR] Verify complete
2016-04-22 17:44:43, Info                  CSI    00004d75 [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:44:43, Info                  CSI    00004d76 [SR] Beginning Verify and Repair transaction
2016-04-22 17:44:46, Info                  CSI    00004ddc [SR] Verify complete
2016-04-22 17:44:46, Info                  CSI    00004ddd [SR] Verifying 100 (0x0000000000000064) components
2016-04-22 17:44:46, Info                  CSI    00004dde [SR] Beginning Verify and Repair transaction
2016-04-22 17:44:49, Info                  CSI    00004e43 [SR] Verify complete
2016-04-22 17:44:49, Info                  CSI    00004e44 [SR] Verifying 29 (0x000000000000001d) components
2016-04-22 17:44:49, Info                  CSI    00004e45 [SR] Beginning Verify and Repair transaction
2016-04-22 17:44:50, Info                  CSI    00004e63 [SR] Verify complete
2016-04-22 17:44:50, Info                  CSI    00004e64 [SR] Repairing 2 components
2016-04-22 17:44:50, Info                  CSI    00004e65 [SR] Beginning Verify and Repair transaction
2016-04-22 17:44:50, Info                  CSI    00004e67 [SR] Repairing corrupted file [l:23 ml:24]"\??\C:\Windows\System32"\[l:10]"dnsapi.dll" from store
2016-04-22 17:44:50, Info                  CSI    00004e6c [SR] Repairing corrupted file [l:23 ml:24]"\??\C:\Windows\SysWOW64"\[l:10]"dnsapi.dll" from store
2016-04-22 17:44:50, Info                  CSI    00004e6e [SR] Repair complete
2016-04-22 17:44:50, Info                  CSI    00004e6f [SR] Committing transaction
2016-04-22 17:44:51, Info                  CSI    00004e73 [SR] Unable to complete Verify and Repair transaction because some of the files that need to be repaired are in use. A reboot is required to complete this operation.
2016-04-22 17:44:51, Info                  CSI    00004e74 [SR] Repairing 2 components
2016-04-22 17:44:51, Info                  CSI    00004e75 [SR] Beginning Verify and Repair transaction
2016-04-22 17:44:51, Info                  CSI    00004e77 [SR] Repairing corrupted file [l:23 ml:24]"\??\C:\Windows\System32"\[l:10]"dnsapi.dll" from store
2016-04-22 17:44:51, Info                  CSI    00004e7c [SR] Repairing corrupted file [l:23 ml:24]"\??\C:\Windows\SysWOW64"\[l:10]"dnsapi.dll" from store
2016-04-22 17:44:51, Info                  CSI    00004e7e [SR] Repair complete
 
========= End of CMD: =========
 
 
==== End of Fixlog 17:44:53 ====
 
 
 
 
And here is the rkill text doc
 
Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 04/22/2016 05:31:33 PM in x64 mode. (Safe Mode)
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Active Proxy Server Detected
 
 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Backup Registry file created at:
 C:\Users\darry\Desktop\rkill\rkill-04-22-2016-05-31-34.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * AFD (AFD) is not Running.
   Startup Type set to: System
 
 * BFE (BFE) is not Running.
   Startup Type set to: Automatic
 
 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic
 
 * Dnscache (Dnscache) is not Running.
   Startup Type set to: Automatic
 
 * EventSystem (EventSystem) is not Running.
   Startup Type set to: Automatic
 
 * mpsdrv (mpsdrv) is not Running.
   Startup Type set to: Manual
 
 * MpsSvc (MpsSvc) is not Running.
   Startup Type set to: Automatic
 
 * NetBT (NetBT) is not Running.
   Startup Type set to: System
 
 * nsi (nsi) is not Running.
   Startup Type set to: Automatic
 
 * nsiproxy (nsiproxy) is not Running.
   Startup Type set to: System
 
 * tdx (tdx) is not Running.
   Startup Type set to: System
 
 * tdx (WinDefend) is not Running.
   Startup Type set to: System
 
 * wscsvc (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
Searching for Missing Digital Signatures: 
 
 * C:\Windows\System32\dnsapi.dll : 686,984 : 10/30/2015 00:18 AM : a9556b62136b8c09b4e09ac2e7870653 [NoSig]
 +-> C:\Windows\SysWOW64\dnsapi.dll : 535,088 : 03/17/2016 10:13 PM : 6dc9789a3808b19aec2d91295c529a3b [Pos Repl]
 +-> C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.0_none_22114c18cd7ccd17\dnsapi.dll : 686,984 : 10/30/2015 00:18 AM : e7b524818100b0fde2b057c74b0c0dcd [Pos Repl]
 +-> C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.0_none_2c65f66b01dd8f12\dnsapi.dll : 535,088 : 10/30/2015 00:18 AM : 2796c0957f6f05a528dd64b8591371b6 [Pos Repl]
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  107.178.255.88 www.google-analytics.com
  107.178.255.88 www.statcounter.com
  107.178.255.88 statcounter.com
  107.178.255.88 ssl.google-analytics.com
  107.178.255.88 partner.googleadservices.com
  107.178.255.88 google-analytics.com
  107.178.248.130 static.doubleclick.net
  107.178.247.130 connect.facebook.net
  107.178.255.88 www.google-analytics.com
  107.178.255.88 www.statcounter.com
  107.178.255.88 statcounter.com
  107.178.255.88 ssl.google-analytics.com
  107.178.255.88 partner.googleadservices.com
  107.178.255.88 google-analytics.com
  107.178.248.130 static.doubleclick.net
  107.178.247.130 connect.facebook.net
  107.178.255.88 www.google-analytics.com
  107.178.255.88 www.statcounter.com
  107.178.255.88 statcounter.com
  107.178.255.88 ssl.google-analytics.com
 
  20 out of 140 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 04/22/2016 05:32:17 PM
Execution time: 0 hours(s), 0 minute(s), and 44 seconds(s)
 
 
Also attached is my new FRST log
Attached File  FRST.txt   3.02MB   3 downloads
 
 
 

Edited by SunuvaGoose, 25 April 2016 - 10:44 PM.


#14 SunuvaGoose

SunuvaGoose
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 25 April 2016 - 10:49 PM

Alrighty, I have completed all of the steps given. Sorry about the long wait. 



#15 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:02:53 PM

Posted 26 April 2016 - 06:24 PM

Don't worry about the wait. I've been going over those files anyways, I'll need a bit more time to go over them.
 
For this next FRST log I'm going to ask that you run it from there in normal mode. This will give me a clearer picture of what's going on. So boot up that computer into Normal mode, insert that vaccinated drive and:
  • Right-click FRST then click "Run as administrator".
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • Make sure the option labeled Addition.txt is checked
  • When finished, it will produce two logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Please let me know how your Internet connection is doing as well. If you have any problems running this scan inform me of that.
To err is Human. To blame it on someone else is even more Human.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users