Malware detected, clean now but comp still running poorly.

JstRelax · 29 May 2015

Hello,
There are no MBAM reports before the one posted above. I ran it a few times after and it has come up clean since. I made the change suggested by MoxieMomma and ran it again. It appears to be clean.

Malwarebytes Anti-Malware

Scan Date: 5/29/2015
Scan Time: 2:44:11 AM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.29.01
Rootkit Database: v2015.05.24.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: bob

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 403700
Time Elapsed: 1 hr, 10 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)
--------------------------------------

I logged into Safe Mode with Networking and launched Windows Repair. It recommended I update to V. 3.2 so I did. I then ran System File Check and it appeared to come up clean. I have looked for a log but one appears to not have been created.

In addition to this, I ran CCleaner and under Startup - Scheduled Tasks I noticed these entries. I deleted them. Apparently launchie.vbs is apart of Yontoo Toolbar Adware. The Yontoo Toolbar was never installed on my browsers however.

a. 0 c:\program files\internet explorer\iexplore.exe
b. 4880 wscript.exe C:\Users\Admin\AppData\Local\Temp\launchie.vbs //B

Thank You

Borg 386 · 29 May 2015

Have you checked to see how many start up items are being loaded when you boot up? Go to start, type "msconfig", go to the startup tab & uncheck anything unnecessary. Some programs, when they are updated, automatically add themselves to the startup list. Adobe & Java are notorious for this.

If TDSSKiller didn't find anything, then no need to worry. If it did, please post what the name of the rootkit it found.

JstRelax · 29 May 2015

Hi Borg 386,
Yes I have a typed msconfig and looked at what my start up items were. I disabled anything that wasn't necessary. I usually do this every few months anyways. The TDSS Killer report is very long so I just put beginning & the end of it, which is the summary of what was detected. I did nothing as you can see, because I was not sure of what was found.

14:47:51.0190 0x0154 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
14:47:57.0211 0x0154 ============================================================
14:47:57.0211 0x0154 Current date / time: 2015/05/26 14:47:57.0211
14:47:57.0211 0x0154 SystemInfo:
14:47:57.0211 0x0154
14:47:57.0211 0x0154 OS Version: 6.1.7601 ServicePack: 1.0
14:47:57.0211 0x0154 Product type: Workstation
14:47:57.0211 0x0154 ComputerName: BOB-PC
14:47:57.0211 0x0154 UserName: bob
14:47:57.0211 0x0154 Windows directory: C:\Windows
14:47:57.0211 0x0154 System windows directory: C:\Windows
14:47:57.0211 0x0154 Running under WOW64
14:47:57.0211 0x0154 Processor architecture: Intel x64
14:47:57.0211 0x0154 Number of processors: 2
14:47:57.0211 0x0154 Page size: 0x1000
14:47:57.0211 0x0154 Boot type: Safe boot
14:47:57.0211 0x0154 ============================================================
14:47:57.0477 0x0154 KLMD registered as C:\Windows\system32\drivers\48401609.sys
14:47:57.0929 0x0154 System UUID: {1D913399-3B13-E254-B718-48028346063D}
14:47:59.0224 0x0154 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:47:59.0224 0x0154 ============================================================
14:47:59.0224 0x0154 \Device\Harddisk0\DR0:
14:47:59.0224 0x0154 MBR partitions:
14:47:59.0224 0x0154 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000
14:47:59.0224 0x0154 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x236AF2E3
14:47:59.0224 0x0154 ============================================================
14:47:59.0427 0x0154 C: <-> \Device\Harddisk0\DR0\Partition2
14:47:59.0427 0x0154 ============================================================
14:47:59.0427 0x0154 Initialize success
14:47:59.0427 0x0154 ============================================================
14:48:37.0147 0x04c4 ============================================================
14:48:37.0147 0x04c4 Scan started
14:48:37.0147 0x04c4 Mode: Manual; SigCheck; TDLFS;
14:48:37.0147 0x04c4 ============================================================
14:48:37.0147 0x04c4 KSN ping started
14:48:37.0413 0x04c4 KSN ping finished: false
14:48:37.0990 0x04c4 ================ Scan system memory ========================
14:48:37.0990 0x04c4 System memory - ok
14:48:37.0990 0x04c4 ================ Scan services =============================

*I omitted this content*

14:49:32.0387 0x04c4 Scan finished
14:49:32.0387 0x04c4 ============================================================
14:49:32.0387 0x04c0 Detected object count: 11
14:49:32.0387 0x04c0 Actual detected object count: 11
14:59:50.0476 0x04c0 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:59:50.0476 0x04c0 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:59:50.0476 0x04c0 ASD2Svc ( UnsignedFile.Multi.Generic ) - skipped by user
14:59:50.0476 0x04c0 ASD2Svc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:59:50.0491 0x04c0 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
14:59:50.0491 0x04c0 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:59:50.0507 0x04c0 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
14:59:50.0507 0x04c0 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:59:50.0523 0x04c0 McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user
14:59:50.0523 0x04c0 McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:59:50.0554 0x04c0 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
14:59:50.0554 0x04c0 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:59:50.0569 0x04c0 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
14:59:50.0569 0x04c0 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:59:50.0585 0x04c0 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - skipped by user
14:59:50.0585 0x04c0 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:59:50.0601 0x04c0 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
14:59:50.0601 0x04c0 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:59:50.0616 0x04c0 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:59:50.0616 0x04c0 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:59:50.0663 0x04c0 Broadcom Wireless Manager UI ( UnsignedFile.Multi.Generic ) - skipped by user
14:59:50.0663 0x04c0 Broadcom Wireless Manager UI ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:59:53.0986 0x03bc Deinitialize success

The comp still freezes up and is not functioning properly.
Thank You

cottonball · 29 May 2015

TDSSKiller shows:

Scan started
Mode: Manual; SigCheck; TDLFS; > checks also for Signatures and TDL File System

The Detected object count: 11 does not show a Rootkit, just some Unsigned Files that check out OK.

The malicious tasks entry was removed In CCleaner: wscript.exe C:\Users\Admin\AppData\Local\Temp\launchie.vbs //B

However, C:\Program Files\Internet Explorer\iexplore.exe is legit.

When Internet Explorer is closed, do you have any (iexplorer.exe) processes present in the Task Manager??

Borg 386 · 30 May 2015

If you ran a SFC, you might have to run it a couple more times. This tutorial will show you how to export the logs.

SFC /SCANNOW Command - System File Checker

If SFC could not fix something, then run the command again to see if it may be able to the next time. Sometimes it may take running the sfc /scannow command 3 or more times to completely fix everything that it's able to.

JstRelax · 30 May 2015

Cottonball,
It looks like I do not have iexplorer.exe running in the Task Manager when IE is closed. I read in an online tutorial on getting rid of Yontoo Toolbar Adware to delete both of those lines.

Borg 386,
Ok I have followed the elevated command prompt instructions and have a sfcdetails Notepad doc on my desktop but the contents are empty. I will now run System File Checker a few more times.

Thank You

JstRelax · 30 May 2015

Ok so I ran SFC 4 times, twice in Safe Mode and twice in Normal Mode. The reason in my last post I stated the sfcdetails log was empty was because I had ran it in Safe Mode, which meant that even running as Administrator, it starts out with C:\Users\Username and the text copied from the tutorial is looking for Windows\System32. I had to chop off over half of the log because it's too many characters. All the logs looks the same though except for the time on the left side. All state repairing 0 components.

2015-05-30 12:53:15, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 12:53:15, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2015-05-30 12:53:23, Info CSI 0000000c [SR] Verify complete
2015-05-30 12:53:25, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 12:53:25, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2015-05-30 12:53:32, Info CSI 00000010 [SR] Verify complete
2015-05-30 12:53:34, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 12:53:34, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2015-05-30 12:53:40, Info CSI 00000014 [SR] Verify complete
2015-05-30 12:53:41, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 12:53:41, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2015-05-30 12:53:47, Info CSI 00000018 [SR] Verify complete
2015-05-30 12:53:49, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 12:53:49, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2015-05-30 12:53:54, Info CSI 0000001c [SR] Verify complete
2015-05-30 12:53:55, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 12:53:55, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2015-05-30 12:53:58, Info CSI 00000020 [SR] Verify complete
2015-05-30 12:53:59, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 12:53:59, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2015-05-30 12:54:02, Info CSI 00000024 [SR] Verify complete
2015-05-30 12:54:03, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 12:54:03, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2015-05-30 12:54:06, Info CSI 00000028 [SR] Verify complete
2015-05-30 12:54:07, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 12:54:07, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2015-05-30 12:54:10, Info CSI 0000002c [SR] Verify complete
2015-05-30 12:54:11, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 12:54:11, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2015-05-30 12:54:14, Info CSI 00000030 [SR] Verify complete
2015-05-30 12:54:15, Info CSI 00000031 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 12:54:15, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2015-05-30 12:54:18, Info CSI 00000034 [SR] Verify complete
2015-05-30 12:54:18, Info CSI 00000035 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 12:54:18, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2015-05-30 12:54:24, Info CSI 00000038 [SR] Verify complete
2015-05-30 12:54:25, Info CSI 00000039 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 12:54:25, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2015-05-30 12:54:29, Info CSI 0000003c [SR] Verify complete
2015-05-30 12:54:30, Info CSI 0000003d [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 12:54:30, Info CSI 0000003e [SR] Beginning Verify and Repair transaction
2015-05-30 12:54:33, Info CSI 00000040 [SR] Verify complete

2015-05-30 13:04:04, Info CSI 000001f5 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:04:04, Info CSI 000001f6 [SR] Beginning Verify and Repair transaction
2015-05-30 13:04:09, Info CSI 000001f8 [SR] Verify complete
2015-05-30 13:04:10, Info CSI 000001f9 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:04:10, Info CSI 000001fa [SR] Beginning Verify and Repair transaction
2015-05-30 13:04:16, Info CSI 000001fc [SR] Verify complete
2015-05-30 13:04:17, Info CSI 000001fd [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:04:17, Info CSI 000001fe [SR] Beginning Verify and Repair transaction
2015-05-30 13:04:26, Info CSI 00000200 [SR] Verify complete
2015-05-30 13:04:26, Info CSI 00000201 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:04:26, Info CSI 00000202 [SR] Beginning Verify and Repair transaction
2015-05-30 13:04:34, Info CSI 00000205 [SR] Verify complete
2015-05-30 13:04:34, Info CSI 00000206 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:04:34, Info CSI 00000207 [SR] Beginning Verify and Repair transaction
2015-05-30 13:04:38, Info CSI 00000209 [SR] Verify complete
2015-05-30 13:04:38, Info CSI 0000020a [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:04:38, Info CSI 0000020b [SR] Beginning Verify and Repair transaction
2015-05-30 13:04:42, Info CSI 0000020d [SR] Verify complete
2015-05-30 13:04:43, Info CSI 0000020e [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:04:43, Info CSI 0000020f [SR] Beginning Verify and Repair transaction
2015-05-30 13:04:59, Info CSI 00000214 [SR] Verify complete
2015-05-30 13:05:00, Info CSI 00000215 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:05:00, Info CSI 00000216 [SR] Beginning Verify and Repair transaction
2015-05-30 13:05:10, Info CSI 0000021b [SR] Verify complete
2015-05-30 13:05:10, Info CSI 0000021c [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:05:10, Info CSI 0000021d [SR] Beginning Verify and Repair transaction
2015-05-30 13:05:20, Info CSI 0000021f [SR] Verify complete
2015-05-30 13:05:21, Info CSI 00000220 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:05:21, Info CSI 00000221 [SR] Beginning Verify and Repair transaction
2015-05-30 13:05:30, Info CSI 0000022d [SR] Verify complete
2015-05-30 13:05:30, Info CSI 0000022e [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:05:30, Info CSI 0000022f [SR] Beginning Verify and Repair transaction
2015-05-30 13:05:39, Info CSI 00000235 [SR] Verify complete
2015-05-30 13:05:40, Info CSI 00000236 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:05:40, Info CSI 00000237 [SR] Beginning Verify and Repair transaction
2015-05-30 13:05:46, Info CSI 00000239 [SR] Verify complete
2015-05-30 13:05:46, Info CSI 0000023a [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:05:46, Info CSI 0000023b [SR] Beginning Verify and Repair transaction
2015-05-30 13:05:52, Info CSI 0000023f [SR] Verify complete
2015-05-30 13:05:52, Info CSI 00000240 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:05:52, Info CSI 00000241 [SR] Beginning Verify and Repair transaction
2015-05-30 13:05:58, Info CSI 00000243 [SR] Verify complete
2015-05-30 13:05:58, Info CSI 00000244 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:05:58, Info CSI 00000245 [SR] Beginning Verify and Repair transaction
2015-05-30 13:06:07, Info CSI 0000026a [SR] Verify complete
2015-05-30 13:06:07, Info CSI 0000026b [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:06:07, Info CSI 0000026c [SR] Beginning Verify and Repair transaction
2015-05-30 13:06:13, Info CSI 0000026e [SR] Verify complete
2015-05-30 13:06:14, Info CSI 0000026f [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:06:14, Info CSI 00000270 [SR] Beginning Verify and Repair transaction
2015-05-30 13:06:19, Info CSI 00000272 [SR] Verify complete
2015-05-30 13:06:19, Info CSI 00000273 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:06:19, Info CSI 00000274 [SR] Beginning Verify and Repair transaction
2015-05-30 13:06:25, Info CSI 00000276 [SR] Verify complete
2015-05-30 13:06:25, Info CSI 00000277 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:06:25, Info CSI 00000278 [SR] Beginning Verify and Repair transaction
2015-05-30 13:06:30, Info CSI 00000286 [SR] Verify complete
2015-05-30 13:06:31, Info CSI 00000287 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:06:31, Info CSI 00000288 [SR] Beginning Verify and Repair transaction
2015-05-30 13:06:38, Info CSI 0000028a [SR] Verify complete
2015-05-30 13:06:39, Info CSI 0000028b [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:06:39, Info CSI 0000028c [SR] Beginning Verify and Repair transaction
2015-05-30 13:06:46, Info CSI 0000029a [SR] Verify complete
2015-05-30 13:06:46, Info CSI 0000029b [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:06:46, Info CSI 0000029c [SR] Beginning Verify and Repair transaction
2015-05-30 13:06:49, Info CSI 0000029e [SR] Verify complete
2015-05-30 13:06:49, Info CSI 0000029f [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:06:49, Info CSI 000002a0 [SR] Beginning Verify and Repair transaction
2015-05-30 13:06:56, Info CSI 000002a3 [SR] Verify complete
2015-05-30 13:06:57, Info CSI 000002a4 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:06:57, Info CSI 000002a5 [SR] Beginning Verify and Repair transaction
2015-05-30 13:07:01, Info CSI 000002a7 [SR] Verify complete
2015-05-30 13:07:02, Info CSI 000002a8 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:07:02, Info CSI 000002a9 [SR] Beginning Verify and Repair transaction
2015-05-30 13:07:04, Info CSI 000002ab [SR] Verify complete
2015-05-30 13:07:05, Info CSI 000002ac [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:07:05, Info CSI 000002ad [SR] Beginning Verify and Repair transaction
2015-05-30 13:07:13, Info CSI 000002af [SR] Verify complete
2015-05-30 13:07:13, Info CSI 000002b0 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:07:13, Info CSI 000002b1 [SR] Beginning Verify and Repair transaction
2015-05-30 13:07:19, Info CSI 000002b3 [SR] Verify complete
2015-05-30 13:07:20, Info CSI 000002b4 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:07:20, Info CSI 000002b5 [SR] Beginning Verify and Repair transaction
2015-05-30 13:07:28, Info CSI 000002cb [SR] Verify complete
2015-05-30 13:07:29, Info CSI 000002cc [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:07:29, Info CSI 000002cd [SR] Beginning Verify and Repair transaction
2015-05-30 13:07:35, Info CSI 000002d3 [SR] Verify complete
2015-05-30 13:07:36, Info CSI 000002d4 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:07:36, Info CSI 000002d5 [SR] Beginning Verify and Repair transaction
2015-05-30 13:07:50, Info CSI 000002d7 [SR] Verify complete
2015-05-30 13:07:51, Info CSI 000002d8 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:07:51, Info CSI 000002d9 [SR] Beginning Verify and Repair transaction
2015-05-30 13:07:56, Info CSI 000002db [SR] Verify complete
2015-05-30 13:07:56, Info CSI 000002dc [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:07:56, Info CSI 000002dd [SR] Beginning Verify and Repair transaction
2015-05-30 13:08:01, Info CSI 000002e0 [SR] Verify complete
2015-05-30 13:08:01, Info CSI 000002e1 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:08:01, Info CSI 000002e2 [SR] Beginning Verify and Repair transaction
2015-05-30 13:08:06, Info CSI 000002e5 [SR] Verify complete
2015-05-30 13:08:06, Info CSI 000002e6 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:08:06, Info CSI 000002e7 [SR] Beginning Verify and Repair transaction
2015-05-30 13:08:11, Info CSI 000002e9 [SR] Verify complete
2015-05-30 13:08:11, Info CSI 000002ea [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:08:11, Info CSI 000002eb [SR] Beginning Verify and Repair transaction
2015-05-30 13:08:17, Info CSI 000002ed [SR] Verify complete
2015-05-30 13:08:17, Info CSI 000002ee [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:08:17, Info CSI 000002ef [SR] Beginning Verify and Repair transaction
2015-05-30 13:08:22, Info CSI 000002f2 [SR] Verify complete
2015-05-30 13:08:23, Info CSI 000002f3 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:08:23, Info CSI 000002f4 [SR] Beginning Verify and Repair transaction
2015-05-30 13:08:28, Info CSI 000002f6 [SR] Verify complete
2015-05-30 13:08:28, Info CSI 000002f7 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:08:28, Info CSI 000002f8 [SR] Beginning Verify and Repair transaction
2015-05-30 13:08:33, Info CSI 000002fa [SR] Verify complete
2015-05-30 13:08:34, Info CSI 000002fb [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:08:34, Info CSI 000002fc [SR] Beginning Verify and Repair transaction
2015-05-30 13:08:39, Info CSI 000002fe [SR] Verify complete
2015-05-30 13:08:39, Info CSI 000002ff [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:08:39, Info CSI 00000300 [SR] Beginning Verify and Repair transaction
2015-05-30 13:08:47, Info CSI 00000303 [SR] Verify complete
2015-05-30 13:08:48, Info CSI 00000304 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:08:48, Info CSI 00000305 [SR] Beginning Verify and Repair transaction
2015-05-30 13:08:53, Info CSI 00000307 [SR] Verify complete
2015-05-30 13:08:53, Info CSI 00000308 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:08:53, Info CSI 00000309 [SR] Beginning Verify and Repair transaction
2015-05-30 13:09:01, Info CSI 0000030b [SR] Verify complete
2015-05-30 13:09:02, Info CSI 0000030c [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:09:02, Info CSI 0000030d [SR] Beginning Verify and Repair transaction
2015-05-30 13:09:09, Info CSI 0000030f [SR] Verify complete
2015-05-30 13:09:10, Info CSI 00000310 [SR] Verifying 100 (0x0000000000000064) components
2015-05-30 13:09:10, Info CSI 00000311 [SR] Beginning Verify and Repair transaction
2015-05-30 13:09:16, Info CSI 00000313 [SR] Verify complete
2015-05-30 13:09:16, Info CSI 00000314 [SR] Verifying 52 (0x0000000000000034) components
2015-05-30 13:09:16, Info CSI 00000315 [SR] Beginning Verify and Repair transaction
2015-05-30 13:09:19, Info CSI 00000317 [SR] Verify complete
2015-05-30 13:09:19, Info CSI 00000318 [SR] Repairing 0 components
2015-05-30 13:09:19, Info CSI 00000319 [SR] Beginning Verify and Repair transaction
2015-05-30 13:09:19, Info CSI 0000031b [SR] Repair complete

cottonball · 30 May 2015

Please use the Farbar Recovery Scan Tool.
Download: Farbar Recovery Scan Tool Download
Select the version that applies to your system.
Save it to your Desktop.

Double-click the downloaded file to run it.
When the tool opens, click Yes to the disclaimer.

Press the Scan button.

When done, the tool makes a report, FRST.txt, in the same directory from which the tool is run (Desktop).

Please provide the FRST.txt in your reply.

The first time the tool is run, it also creates another report: Addition.txt

Also post the Addition.txt in your reply.

JstRelax · 30 May 2015

Ok here is the 2 .txt files attached. Should I copy & paste instead?

cottonball · 31 May 2015

JstRelax,

Since your problems started about a week ago, have you attempted to do a System Restore:

System Restore

The reports provided show some entries that could be cleaned up, as well as application errors, system errors, etc., however, cannot guarantee that doing so is going to solve all your problems.