scannow results

[samz2010]

Hi guys, so I recently got a Trojan virus, i ran my anti viruses etc to remove it and i read that sfc /scannow can also help with windows.

I ran it and it prompted me that there were errors and they were successfully fixed, however the log contains a lot of errors and i was wondering if anyone could go over them, the log is overly huge and i'm not sure if this is normal.

thanks.

I've attatched the log to thread and also posted it

 

[Ztruker]

There is some good info here: How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program generates in Windows Vista

Read through that then come back with any specific questions you have.

 

[samz2010]

sorry i suck with computers, is there no one who can just briefly analyze my results? i'd really appreciate it.

 

[samz2010]

Also is there any additional ways to check if i have removed the Trojan i had? i scanned using MSE, McAfee and malware bytes all seem fine, just Microsoft essential security somehow allowed it when it scanned and found it, just unsure if its still on my computer.

attacked a pic of the virus, also i had multiple java viruses.

hope it didn't damage my hardware of computer ;/

 

[Golden]

Hi,

You need to remove these infections using MSE, then update your Java, then rescan again.

Regards,
Golden

 

[samz2010]

Hi Golden, I did do a rescan using MSE but the viruses wern't picked up; could this be due to them being 'allowed' in the first place? i did navigate to the folders within mozilla/profile etc and manually delete them, would this remove all traces of the virus too?]


thanks

 

[Golden]

Hi,

It might, but I have no idea whether they would install any other malware. Do a scan from outside the Windows environment using this tool:

http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html

And don't forget to update your Java!

Why should I uninstall older versions of Java from my system?
How do I manually download and install Java for my Windows computer?

Regards,
Golden

 

[samz2010]

ok I tried burning it onto a DVD-r and it said at the end it failed, i then burned it to a usb flash drive, i set my boot prio to it and it ran, i clicked update and then it said that it can't connect to the internet and it needs to update before i scan for errors.

Can i just scan using the windows defender built into the operating system is there a real difference?

 

[windude99]

Also, don't use multiple antivirus programs. They can interfere with each other.

 

[Golden]

Can i just scan using the windows defender built into the operating system is there a real difference?

Hi,

Yes, there is a difference : in layman's terms, some malware is 'activated' and loaded into memory when Windows boots, where they become 'aware' you are trying to defeat them. They in turn, work to defeat your attempts at removing them, and are usually successful. If you scan from outside the Windows environment you prevent this from happening.

Make sure you have an ethernet cable connected to your computer when you boot Windows Offline Defender so it can update.

If this still doesn't work for you, then please try this alternate scanner from Kaspersky using the link below:

1. Download the kav_rescue_10.iso file
2. Download and use the rescue2usb.exe file to burn the ISO to the USB and make it bootable.
3. Boot from the USB, and follow the prompts.

ftp://devbuilds.kaspersky.com/rescuedisk/updatable/

Regards,
Golden

 

[karlsnooks]

ok I tried burning it onto a DVD-r and it said at the end it failed, i then burned it to a usb flash drive, i set my boot prio to it and it ran, i clicked update and then it said that it can't connect to the internet and it needs to update before i scan for errors.

Can i just scan using the windows defender built into the operating system is there a real difference? YES. they are different animals.

Here is how to run WDO (windows defender offline) from a usb stick:

HOW TO USE WINDOWS DEFENDER OFFLINE ON A USB STICK
Windows Defender Offline
· is a free standalone, bootable malware and virus remover from Microsoft.
· performs an offline scan of an infected PC to remove viruses, rootkits and other advanced malware.

Download Windows Defender Offline (about 764 kB)

You will have the choice of downloading the 32bit version (x86) or the 64 bit version (x64).
The link will help you determine whether you are running a 32 bit version or 64 bit version of Windows

NOTE!! You can download and prepare a 32 bit version using a 64 bit version of Windows
NOTE!! You can download and prepare a 64 bit version using a 32bit version of Windows.

You run the 32 bit version on a 32 bit version of Windows.
You run the 64 bit version on a 64 bit version of Windows.

The 32 bit download file name is: mssstool32.exe
The 64 bit download file name is: mssstool64.exe

For the curious, this program was originally name Microsoft Standalone System Sweeper.


INSTALLATION:
You will need an Internet Connection.
Insert 512 mB (Microsoft’s 256 mB is no longer accurate) or larger USB stick into a usb port.
Run the downloaded program--mssstool64.exe or mssstool32.exe
NEXT button
Choose the option On a USB flash drive that is not password protected
NEXT button
NEXT button
.
The install program will format the usb stick using the NTFS format.
The install program will download about 210 mB.
The install program will name the USB stick WDO_Media32 or WDO_Media64
The WDO_Media32 usb stick will have used space of 255 mB (268,140,544 bytes)
The WDO_Media64 usb stick will have used space of 282 mB (296,165,376 bytes)
You can expect the number of mB to increase as more malware appears.

UPDATE Windows Defender Offline USB stick:
· reinsert the usb stick
· run the installation program, mssstool64.exe or mssstool32.exe, again.
· the update will download about 66 mB (mssstool32.exe) and 68 mB (mssstool64.exe).

Since the malware database is sometimes updated several times in a day, always update before running.

PERFORM AN OFFLINE SCAN
Bootup your computer from the USB stick
Windows Defender Offline will automatically perform a quick scan.
After the quick scan finishes, Choose Full Scan
Select all of your drives

The initial, full scan can easily take several hours, but
Remember, your computer is being very thoroughly checked for all types of malware.
=========================================

 

[Ritter197]

HI;
I have not been able to run scf /scannow beyond 17% in Windows seven, even if Norton AV , Norton Firewall are turned off.
I have spent hours on the Internet trying to get answers and low and behold I find a number of people with exactly (even 17%) problem, but no good or workable answer.

I have tried whether I could succeed in Windows 7 Repair bur my upgrade disk only allow a new installation, I tried it a number of times.

Maybe someone knows the answer
Thanks

 

[karlsnooks]

The answer is given to you in post #11.

 

[Ritter197]

scannow

I can now get to 77%. That's all. I have been able to open the (is it CBS file) and read it. But I cannot tell from it what makes it stop at 77%.
Also, I am fairly new here and do not know how to see post #11. I went back to 3 days ago but I fail to see numbers on post.

 

[Ztruker]

Click here: http://www.sevenforums.com/performance-maintenance/241750-scannow-results-2.html

 

[karlsnooks]

Ritter,

each post has a bar at the top.

In the far right-hand corner of the post is the post number.

Please carry out the procedure in post #11.

 

[Ritter197]

First THANKS for telling me where the post number is, I never saw that, even when I looked for it.
Now to scan now:


After HOURS of trying and searching I found the culprit, it was the file t2embed.dll which needed to be replaced (which is very hard to begin with as a protected system file) in both windows, system 32 and in Windows WOW!
I copied the file from another working win7 computer.
It now allows scanning with no problems found to 100%.
But start up of windows 7 with a 2.33 Ghz machine still takes 158 seconds with hardly anything loaded automatically.

 

[karlsnooks]

Ritter,
Your startup time should not be that long.

The following will help me to look for culprits:

Install CCleaner:
CCleaner - PC Optimization and Cleaning - Free Download

list of STARTUP PROGRAMS

CCleaner | Tools icon | Startup button | Windows tab |
click on Save to text file button (bottom right side) |
accept Startup.txt as file name | SAVE button

list of SCHEDULED TASKS

CCleaner | Tools icon | Startup button | Scheduled Tasks tab |
click on Save to text file button (bottom right side) |
enter Scheduled Tasks as File name | Save button

List of INSTALLED PROGRAMS

CCleaner | Tools icon | Uninstall button |
click on Save to text file button (bottom right side) |
accept install.txt as File name | Save button


UPLOAD, as an attachment, the startup.txt file
UPLOAD, as an attachment, the Scheduled Tasks.txt file
UPLOAD, as an attachment, the install.txt file.

HOW TO UPLOAD
Post a File or Screenshot in Seven Forums
=================================================
==================================================
==================================================

Following will help you to see your actual startup/shutdown times:

# **********************INSTRUCTIONS**************************
# STEP 1 ** RUN POWERSHELL AS ADMINISTRATOR ******************
# ************************************************************
#
# WIN key | type POWERSHELL | do NOT hit ENTER |
# in the PROGRAMS list, right-click on WINDOWS POWERSHELL |
# choose "Run as administrator" |
# Click on the YES button (if such appears)
#
# WIN key = key with Microsoft log on top
#
# for the guru:
# WIN | type POWERSHELL | CTRL+SHIFT+ENTER key combo | ALT+Y keycombo
# ************************************************************
# STEP 2 ** COPY AND PASTE ***********************************
# ************************************************************
#
# COPY the script using CTRL+C,
# COPY every line of script down thru both EXIT statements
#
# PASTE into Powershell
#----Right-Click at the PowerShell Prompt
#----(Ctrl+V does not work)
#
# Start copying with first script line without a # at start of the line
# Note: Actually, you can paste the entire file if you rather
#-------Lines starting with a # are ignored by PowerShell
# ************************************************************
# STEP 3 ** SCRIPT OUTPUT & SCRIPT PURPOSE *******************
# ************************************************************
# --The script output and purpose is given at the very front of the script
#
# --The script output and purpose is given at the very front of the script
#
# ************************************************************
# ***************** NOTE - POWERSHELL VERSION*****************
# if you receive this error msg:
#--The system can not find the path specified
# you may need to update your PowerShell
# you must be using Powershell 2.0 or later.
#
# To determine your Powershell version:
#---Run PowerShell
#---enter $host.version
#---you should see at least:
# Major Minor Build Revision
# ----- ----- ----- --------
# 2......0......-1.....-1
#
# If you do not see the above, update your Vista/Win 7.
# ************************************************************
# *************** NOTE - EXECUTION POLICY*********************
# If you haven't set the execution policy, you may need to:
#---Run PowerShell
#---enter SET-EXECUTIONPOLICY -EXECUTIONPOLICY REMOTESIGNED
# ************************************************************

# ************************************************************
# Places BootAndShutdownPerfomance.txt on your DESKTOP 
# Contains event data from Startup and Shutdown
# ************************************************************

$events = Get-WinEvent -filterhashtable @{logname = 'Microsoft-Windows-Diagnostics-Performance/Operational'} `
-verbose:$false -force:$true
$f1 = @{label="Event ID";expression={$_.Id}}
$f2 = @{label="Time";expression={$_.timecreated}}
$f3 = @{label="Explanation";expression={$_.message}}

$events | sort timecreated -desc | fl $f1,$f2, $f3  > $env:userprofile\desktop\BootAndShutdownPerformance.txt

EXIT
EXIT

# ************************************************************

That placed a TXT file on your desktop with your bootup/shutdown times.

I'll await those three files.

karl

 

[Ritter197]

Scannow and slow startup Win7 by Karl Menzel

Karl I have trouble in this thread to use the paperclip and then select Startup. I selected it but do not see it here in the reply.

 

[Golden]

How many anti-virus applications are running? You mentioned Norton, but I see you also have Webroot installed. I recommend uninstalling both, and replacing it with MSE, then test the reboot time.

Regards,
Golden