[Nutloaf]

This is strange as it should have been run from system32. This is the solution:

Use this command instead at the CMD prompt: findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >sfcdetails.txt

Close CMD then click Start and in the search box type sfcdetails.txt in the list right click sfcdetails and select Open File Location and get the log from wherever it was saved. Please tell me where the log was located, this will tell me how SFC was run

[Advertisements]

Log was still empty. Was saved to "Computer/C/Users/owner/AppData/Roaming/Microsoft/Windows/Recent."

[velarie2112]

Log was still empty. Was saved to "Computer/C/Users/owner/AppData/Roaming/Microsoft/Windows/Recent."

[velarie2112]

When I search for that file name, two options come up. One under Programs and one under Files. They go to different locations. Both logs are empty text documents. Second location is, "Computer/C/Windows/System32."

[velarie2112]

Just noticed that the one in the System32 folder is the real file. The one in AppData is just a shortcut.

[Nutloaf]

This is most strange I will look into this more. CBS logs can only be opened through CMD. There may be another way from Event Viewer. SFC did fix some files so that is a good thing, I just wanted to know what they were

For now relax and wait for my next instalment for you, some time tommorow. I will get to the bottom of this your PC is giving me a challenge here and I accept, let the battle commence.......tomorrow

[velarie2112]

LOL. Thank you kind sir. I await your next attack strategy.

[velarie2112]

LOL. Thank you kind sir. I await your next attack strategy.

[Nutloaf]

A new day and a new fight

I am waiting for feedback from my instructor so will have something for you a little later on

[Nutloaf]

Today I will use my big hammer to fix shutdown. I would like you to run SFC again and get a log to make sure all is O.K.

Please follow in the order given: I know you will step 1 is to double check all is set correctly. You shouldn't uncheck items you don't want started, let me know what those are and I will fix those for you.


1. Normal Settings

• Click Start, type msconfig in the Start Search box, and then press ENTER.
• Now select the Services Tab Check Hide all Microsoft Services then click enable all
• Now select the General tab and select Normal Startup then click Apply and O.K and everything is now back to the way it was.
• Restart for changes to take effect

2. System File Checker

• Click Start and type cmd in the search box. In the list that appears right click CMD and Run as Administrator
• At the prompt copy and paste the following: sfc /scannow and press Enter
• Copy the following: findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt" and Paste at the CMD prompt and press Enter
• Close CMD window by clicking the X or by typing Exit Now Reboot the machine.
• On your Desktop should be an SFCdetails.txt copy and paste in your next reply.

3. Defragment the Hard-Drive

• Click Start , then click Run... then type in CMD and click on OK.
• At the Command Prompt C:\ > type the following:
• CD C:\ and press the Enter key.
• Now type in DEFRAG C: -F
• An Analysis report will be displayed and then Windows will start the Deragmentation run automatically.
• This may take some time, when completed the Command Prompt C:\ > will appear.
• Type in EXIT and and press the Enter key to close the command window.

4. OTL Fix
Open OTL then Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

:COMMANDS
[CREATERESTOREPOINT]

:REG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="8000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"ClearPageFileAtShutdown"=dword:00000000

:COMMANDS
[REBOOT]

• Then click Run Fix
• Click O.K if asked to Reboot.
• An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
• Copy and Paste the Fix Log in your next reply.

How is the Shutdown now?

[velarie2112]

So I wielded your big hammer. (Some pun intended.)

Went into msconfig and hid all Microsoft services. All non-Microsoft services were already enabled. Went to general tab and 'normal' startup was already selected. Rebooted anyway.

Ran sfc scan from command prompt and entered findstr command. At this point I didn't notice (or ignored) the instruction to reboot. I instead went right into disk defragmentation. After that was done running (started at 2% fragmentation and was 0% at the end) I rebooted. This reboot took over 5 minutes and I got a message that 3 updates were configured before it booted down. Naturally the sfcdetails.txt was empty, lol.

So after I rebooted I ran sfc scan again and entered the findstr command again. At this point I realized that I screwed up the first two times because I was using "/" instead of "\" in the string. So sorry. I put my dunce cap on and moved on. Again the scan reported that Windows repaired corrupted files successfully. Interestingly enough, after rebooting (and again it configured 3 updates before booting down and actually seemed to take longer) I checked the sfcdetails.txt file and again it was still empty!

Moved on and ran the OLT fix. You and your big hammer rock! (I should probably rephrase that, lol!) My shutdown time is under 30 seconds! I shutdown and booted back up a couple times in under 5 minutes just because I could.

So I'm considering this issue resolved. Thank you!

[velarie2112]

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\\"WaitToKillServiceTimeout"|"8000" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\\"ClearPageFileAtShutdown"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 07082013_224237

[Nutloaf]

That was a funny read. I am pleased the shutdown fix worked. I retuned the wait time to kill services, the time is over generous in Windows 7 but is ridiculous in Vista.

I will give you another post tomorrow to clean, close and give you some advice on MBAM and other things. I will also research and ask my instructor about the SFC results. Sometimes it does repair files that don't really need reparing as they aren't system critical. I have one user at the moment who's Norwegian language pack is corrupt, he doesn't speak Norwegian but did visit there 40 years ago

So it is looking rather good for tomorrows post

P.S. The Big Hammer it is for all my users from now on.

[Nutloaf]

Hello Velarie

I do need to see those SFC results I'm afraid. I don't want to pass you over as clean when there is something clearly wrong with the results. Here comes the interesting bit or the boring bit depending.

The SFC results are stored in a CBS log which can be really long, I looked at one recently and it was 25mb of text! The command I gave you looks for certain entries in that log that have [SR] in the line. If there are no [SR] entries then the page is blank

This is where the confusion comes in. Corrupt files have been fixed and should therefore be entered in the CBS log with an [SR] tag, so where are they I hear you ask? I don't know here comes the but......

BUT: I can retrieve the CBS log and edit out the lines I don't want to see, leaving, you guessed it the SFC details hooray. Even better is that I can use a .bat file so you don't have to mess about in CMD

That is what you are going to do - create a .bat file to retrieve the CBS.log.

Create a .BAT file

• Open Notepad then copy and paste the following: findstr /c:"CSI" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\Nutlook.txt"
• Now click File then Save As... Choose Desktop for the location
• Click the drop down menu beside Save as type and select all files
• In the File Name: box type: nutfix.bat and click Save and close notepad.
• On the Desktop right click nutfix.bat and Run as Administrator
• A log called Nutlook will appear on your Desktop, I'd like a looksee.
• If you have trouble pasting the log, as it may be long, you can Browse and Attach the file instead.

[velarie2112]

And the saga continues . . .

So I tried to create your .bat file (paying special attention to syntax) and it still produced an empty log. Tried it a second time with the same result. Next I referred to my dear friend Google and found this command, "notepad c:\windows\logs\cbs\cbs.log." I ran it from the command prompt as admin and was finally able to produce a log for you to look at. Yea! I have attached it as a text doc.

Your move.

Attached Files

•  20130709 CBS pt1.log   1.94MB   106 downloads

[velarie2112]

And part two and part three. I hope you can use this . . .

Attached Files

•  20130709 CBS pt2.log   1.24MB   107 downloads
•  20130709 CBS pt3.txt   1.52MB   97 downloads