[briz_dad]

After you have completed this let me know how the browsers are

all good, sir!

(in case a scan shows it - i'd already reestablished my shortcuts )

[Advertisements]

I am so pleased. We can concentrate on the W: drive problems. Not sure if I will get a reply tonight for my next post.

In the meantime...........No..........Downloading.............Toolbar Rubbish We will be clear then to sort out the drive problem then you are free to surf all you like

This sums up my feelings!

[Nutloaf]

I am so pleased. We can concentrate on the W: drive problems. Not sure if I will get a reply tonight for my next post.

In the meantime...........No..........Downloading.............Toolbar Rubbish We will be clear then to sort out the drive problem then you are free to surf all you like

This sums up my feelings!

[briz_dad]

yeah!!

not a great segue, but i like this video and song a lot! maybe it is referencing my bad boy ways?

[Nutloaf]

Hi Briz.

I love that song and video, I saw it for the first time last year sometime. As soon as I started watching I thought this video is a 3D map of this fix We go here, we go there, we go everywhere and it all ends in a big explosion I hope not

You completed Check Disk for the C: drive so I want to see those results first. Then I have some steps for you to take for the external drive. An infection was removed from that drive as you know so try not to use it. If you really have to: Press and Hold down the shift button before attaching the drive, keep holding until the drive is recognised This will prevent cross infection. I have a tool for you to download once I have clearence, that will help you out

CHKDSK LOG

• Click Start and in the search box type Event Viewer and press Enter (See Image below)
• Click the small arrow to the left of Windows Logs then click Applications the events will show in a few seconds.
• Scroll down the information list to locate the Wininit entry then Double click Wininit
• In the window that pops up select Copy then open Notepad and Paste the log there.
• Copy and Paste the log in your reply

[briz_dad]

CHKDSK LOG
Copy and Paste the log in your reply

oh, my... it does seem like there is light at the end of this tunnel...

(unfortunately, I needed to run W drive for some work items that I needed to complete. so far, no signs of danger...)

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 6/7/2013 1:16:51 AM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Gregz-PC
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
461312 file records processed.

File verification completed.
1225 large file records processed.

0 bad file records processed.

0 EA records processed.

61 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
560558 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
461312 file SDs/SIDs processed.

Cleaning up 321 unused index entries from index $SII of file 0x9.
Cleaning up 321 unused index entries from index $SDH of file 0x9.
Cleaning up 321 unused security descriptors.
Security descriptor verification completed.
49624 data files processed.

CHKDSK is verifying Usn Journal...
35260776 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
461296 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
140206695 free clusters processed.

Free space verification is complete.
Windows has checked the file system and found no problems.

963876863 KB total disk space.
402273696 KB in 352692 files.
183788 KB in 49625 indexes.
0 KB in bad sectors.
592599 KB in use by the system.
65536 KB occupied by the log file.
560826780 KB available on disk.

4096 bytes in each allocation unit.
240969215 total allocation units on disk.
140206695 allocation units available on disk.

Internal Info:
00 0a 07 00 91 23 06 00 ca 32 0b 00 00 00 00 00 .....#...2......
42 04 00 00 3d 00 00 00 00 00 00 00 00 00 00 00 B...=...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-06-07T08:16:51.000000000Z" />
<EventRecordID>81521</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Gregz-PC</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
461312 file records processed.

File verification completed.
1225 large file records processed.

0 bad file records processed.

0 EA records processed.

61 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
560558 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
461312 file SDs/SIDs processed.

Cleaning up 321 unused index entries from index $SII of file 0x9.
Cleaning up 321 unused index entries from index $SDH of file 0x9.
Cleaning up 321 unused security descriptors.
Security descriptor verification completed.
49624 data files processed.

CHKDSK is verifying Usn Journal...
35260776 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
461296 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
140206695 free clusters processed.

Free space verification is complete.
Windows has checked the file system and found no problems.

963876863 KB total disk space.
402273696 KB in 352692 files.
183788 KB in 49625 indexes.
0 KB in bad sectors.
592599 KB in use by the system.
65536 KB occupied by the log file.
560826780 KB available on disk.

4096 bytes in each allocation unit.
240969215 total allocation units on disk.
140206695 allocation units available on disk.

Internal Info:
00 0a 07 00 91 23 06 00 ca 32 0b 00 00 00 00 00 .....#...2......
42 04 00 00 3d 00 00 00 00 00 00 00 00 00 00 00 B...=...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>

[Nutloaf]

0 bad sectors That drive is good.

Tomorrow I have plans for the W: drive. I want to check the drive is O.K and that the files are O.K.

There is a light, yes indeed

[briz_dad]

you've been a guiding star...

[Nutloaf]

Hello Briz another day, another bunch of to do's.

I will check for infections and check the state of the drive.

With step 2. there is a toolbar included with Auslogics, so follow my instructions carefully

1. MCShield

• Using this link download and install MCShield
• Once installed attach the External Drive and MCShield will scan it. If any infections are found stop right here, don't carry on with 2 and 3. Let me know what was found.
• If clean carry on with next step

2. Auslogics Disk Defrag
IMPORTANT You can keep this program but only use to defrag. There are links included in this program for performance and error fixing tools Steer Clear

• Using this link Download Auslogics Disk Defrag
• Click Run to start the install.
• On the Welcome to Auslogics screen click Next
• Accept the License agreement and click Next
• Select Destination location screen click Next
• Select Start Menu folder screen click Next
• TOOLBAR PAGE - UNCHECK both boxes for the Toolbar and Ask Homepage and click Next
• Additionals screen click Next Auslogics will install then click Finish Auslogics will now open
• Uncheck all drives, leaving the W: drive checked and click Defrag
• Once complete close Auslogics

3. Check Disk

• Click Start then Computer and Right click the W: drive and select Properties
• Select the Tools Tab. Under Error Checking click Check now
• Check both boxes Automatically fix.... and Scan for and attempt..... and click Start
• This can take many hours. Do not power off if it looks stuck this is normal. It will finish

Let me know when all is complete, I will then ask for the ChkDsk results from Event viewer called ChkDsk

[briz_dad]

Let me know when all is complete, I will then ask for the ChkDsk results from Event viewer called ChkDsk

ok - working this now...

[briz_dad]

diskchk still running on W

Is it okay to be doing other work from other drives while it is in progress? (i hope so!!)

[Nutloaf]

Yes this is fine, it may progress a little slower though but as long as it finishes

No infections found then?

[briz_dad]

Yes this is fine, it may progress a little slower though but as long as it finishes

No infections found then?

No infections found

[briz_dad]

by the way - can you tell me what file was infected on the W drive?

if it is from a client's site - i'd like to make sure it is cleaned up there as well...

~ greg

[Nutloaf]

The file in question was deleted from the Recycle bin on that drive. It was a picture called RFJJVRT.jpg Delete anything in that bin also.

As you are only waiting for ChkDsk to finish. I will re-post instructions, if you like, on how to retrieve those results from Event Viewer. Same as before but the log is called ChkDsk

[briz_dad]

CHKDSK LOG
[list]
[*]Scroll down the information list to locate the Chkdisc entry then Double click Chkdisc
[*]In the window that pops up select Copy then open Notepad and Paste the log there.
[*]Copy and Paste the log in your reply

Is the above the appropriate instructions for the next report you want? (W still being checked on)