Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Viruses and PUPs [Closed]


  • This topic is locked This topic is locked

#61
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

There were only two lines to run. I'm guessing on your screen it wrapped to a second line. I'll shrink the font down. The second line should be as follows. Please do the second line again.

 

icacls "c:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" /GRANT ADMINISTRATORS:F


  • 0

Advertisements


#62
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

OK, said both were successfull.


  • 0

#63
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK. Download this file and save it to your desktop.

 

In the command-prompt window that you are still in, copy and paste the following line and let me know if it's successful. It's all one line. You will be asked to overwrite the file. Please answer Yes.

 

copy "C:\Users\punjab\Desktop\Maid with the Flaxen Hair.mp3" "c:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3"


  • 0

#64
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

said 1 file copied


  • 0

#65
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Great! Nice Job. Please do the following now. Let me know if it finishes or what percent it bombs out at. Thanks.

 

System File Checker
 
1. Click your Start Orb in the lower left of your computer and type cmd in the search box.
2. Once the cmd program is found, right-click on it with your mouse and select Run as administrator as shown below.
ElevateCommandPrompt.JPG

3. Answer Yes when asked to allow.
4. You should now have a black window open that you can type in to.
5. Type sfc /scannow and hit enter to start the scan. Please notice the space between sfc and /scannow.
6. Once the scan finishes please zip and attach the C:\Windows\Logs\CBS\CBS.log

Note: If the file is too large to attach here please upload to a service such as SendSpace or OneDrive or Dropbox and then provide the link.


  • 0

#66
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

Here is the file...  It failed again

Attached Files

  • Attached File  CBS.zip   821.13KB   45 downloads

  • 0

#67
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thank you. The good news is that we are passed the previous error we were getting. I'll provide next instructions shortly.


  • 0

#68
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

After further review of the log I don't see any new entries from running System File Checker. Can you run it again and let me know the exact error message that is displayed in the command-prompt window? After trying again, please send new CBS log as well. Thank you.

 

System File Checker
 
1. Click your Start Orb in the lower left of your computer and type cmd in the search box.
2. Once the cmd program is found, right-click on it with your mouse and select Run as administrator as shown below.
ElevateCommandPrompt.JPG

3. Answer Yes when asked to allow.
4. You should now have a black window open that you can type in to.
5. Type sfc /scannow and hit enter to start the scan. Please notice the space between sfc and /scannow.
6. Once the scan finishes please zip and attach the C:\Windows\Logs\CBS\CBS.log

Note: If the file is too large to attach here please upload to a service such as SendSpace or OneDrive or Dropbox and then provide the link.


  • 0

#69
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

C:\Windows\system32>sfc /scannow

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 33% complete.

Windows Resource Protection could not perform the requested operation.

Attached Files

  • Attached File  CBS.zip   851.65KB   95 downloads

  • 0

#70
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Bummer. Same spot. I have a couple other options. Please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   108bytes   118 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - System File Checker
 
1. Click your Start Orb in the lower left of your computer and type cmd in the search box.
2. Once the cmd program is found, right-click on it with your mouse and select Run as administrator as shown below.
ElevateCommandPrompt.JPG

3. Answer Yes when asked to allow.
4. You should now have a black window open that you can type in to.
5. Type sfc /scannow and hit enter to start the scan. Please notice the space between sfc and /scannow.
6. Once the scan finishes please zip and attach the C:\Windows\Logs\CBS\CBS.log

Note: If the file is too large to attach here please upload to a service such as SendSpace or OneDrive or Dropbox and then provide the link.

 

Items for the next post

1. FRST Fix log

2. CBS log


  • 0

Advertisements


#71
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02
Ran by punjab at 2015-05-16 18:04:43 Run:4
Running from C:\Users\punjab\Desktop
Loaded Profiles: punjab (Available profiles: punjab)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b
*****************
C:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b => Moved successfully.

==== End of Fixlog 18:04:43 ====

 

 

C:\Windows\system32>sfc /scannow

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 33% complete.
Windows Resource Protection found corrupt files but was unable to fix some of th
em.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log

 

 

 

 


  • 0

#72
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

Here is the log...

Attached Files

  • Attached File  CBS.zip   878.22KB   95 downloads

  • 0

#73
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Good. Now let's re-run SURT and see if it finds the corruption.

 

System Update Readiness Tool (SUR)
1. Download and run the following file.
2. When it asks you if you wish to install, please answer yes. Note: It could take 15 minutes or more to run. Please don't cancel.
3. You will get an Installation Complete screen when it's done running.
4. Please post the contents of the log from the following location. C:\Windows\Logs\CBS\CheckSUR.log


  • 0

#74
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

=================================
Checking System Update Readiness.
Binary Version 6.1.7601.22471
Package Version 26.0
2015-05-17 00:04

Checking Windows Servicing Packages

Checking Package Manifests and Catalogs

Checking Package Watchlist

Checking Component Watchlist

Checking Packages

Checking Component Store
(f)    CSI Payload File Missing    0x00000000    Kalimba.mp3    amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b    
(f)    CSI Store Directory Missing    0x00000002    winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\    amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b    
(fix)    CSI Store Directory Missing    CSI Store Directory Created    C:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\
(f)    CSI Payload File Missing    0x00000000    desktop.ini    amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b    
(f)    CSI Payload File Missing    0x00000000    Maid with the Flaxen Hair.mp3    amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b    
(f)    CSI Payload File Missing    0x00000000    Sleep Away.mp3    amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b    

Summary:
Seconds executed: 796
 Found 5 errors
 Fixed 1 errors
  CSI Payload File Missing Total count: 4
  CSI Store Directory Missing Total count: 1
  Fixed: CSI Store Directory Missing.  Total count: 1
 


  • 0

#75
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Good. As suspected the tool recognized the deleted directory and recreated. Now let's put the files back in there. Please do the following.
 
Step#1 - SFCFix Script
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  • Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.
  • Download the file , SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip - do not rename it.
  • Save any open documents and close all open windows.
  • On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
  • Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
  • SFCFix will now process the script.
  • Upon completion, a file should be created on your Desktop: SFCFix.txt.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP