Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Windows 7 White Screen After Log In [Closed]

Started by doubled1990 , Aug 04 2013 12:24 PM

This topic is locked

#16
godawgs

Posted 17 August 2013 - 12:12 PM

Teacher

Retired Staff
8,228 posts

Hi,

Thanks for the log. How long did it take for CF to complete? Just curious.

If you haven't turned Norton back on please leave it turned off for the following steps.

Step-1.

Please try to run the FarBar Service Scanner again and post the FSS.txt log if it runs. IF it still doesn't run complete the following:

Step-2.

Delete Old SFC Log and run SFC

Open an elevated command prompt. To do that:
- Click Start, click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)
A command window will open like the image below:
Type the following and press ENTER after each line:
```
cd  \windows\Logs\cbs

copy  cbs.log  cbs.old

del  cbs.log
```
Back at the blinking cursor:
Type or copy and paste the following command and press Enter:
sfc /scannow(Notice the space between sfc and /scannow, it needs to be there)

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions. Note: This may take awhile to finish.
You will get a message that SFC didn't find any problems, SFC found corrupted files and repaired all of them or SFC was not able to repair some files. Let me know which message you got.
Type exit and press the ENTER key to close the command window.

NOTE: IF SFC found damaged files and was able to repair all or some of them please run the FarBar Service Scanner and see if it will complete then continue with the next Step.

Step-3.

Check Hard Disk For Errors:

Please copy everything in the quote box below into notepad. To do this highlight all text, then right click and click Copy.

@Echo Off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0

Next, open Notepad, or click Start->Run and in the Open: box type notepad.exe and click OK.
Right click in the notepad window and click Paste, or put the cursor inside the notepad window and press the Ctrl-V keys to paste the text into notepad.
On the File menu, click Save
On the Save AS window that comes up, do the following:
- On the left side, click the Desktop Icon. This will put "Desktop" in the Save In: box at the top.
- At the bottom in the File Name: box type testhd.bat
- In the Save as type: box, click the down arrow and click All Files(*.*)
- Click Save
This will put a new file on the Desktop named testhd.bat
The file icon will look like this:

Close all open windows and any open Browsers.
Right click the testhd.bat file on the desktop and click Run As Administrator then OK any UAC prompts to run the file. A command window will open briefly, then close. This is quite normal. NOTE:It can taks several minutes for this to complete as chkdsk has five stages to run through.
When the command window has closed there will be a new file on the desktop named checkhd.txt
Copy and paste the contents of the checkhd.txt file in your next reply.

Step-4

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The FSS.txt log (If you got it to run)
2. Tell me what message you got from SFC
3. The checkhd.txt log

#17
doubled1990

Posted 18 August 2013 - 12:04 AM

Member

Topic Starter
Member
15 posts

Based on the ending period for my log the ComboFix ran about 12 hours. There were no directions for the FarBar Service Scanner, so I grabbed this from a different thread. I wasn't sure if you still wanted to follow step 2, but even when I tried I couldn't delete the CBS log. On step 3 I think this ran for 4 hours. I don't like the results of the chkdsk.

=================
FSS Log
=================

Farbar Service Scanner Version: 17-08-2013
Ran by Messy Family (administrator) on 17-08-2013 at 15:56:32
Running from "C:\Users\Messy Family\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

=================
checkhd.txt log
=================

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File record segment 284356 is unreadable.
File record segment 284357 is unreadable.
File record segment 284358 is unreadable.
File record segment 284359 is unreadable.
File verification completed.
671 large file records processed.

Errors found. CHKDSK cannot continue in read-only mode.

#18
godawgs

Posted 18 August 2013 - 11:56 AM

Teacher

Retired Staff
8,228 posts

There were no directions for the FarBar Service Scanner, so I grabbed this from a different thread.

You are correct and I apologize. I thought we had already run it one time :blush:

I wasn't sure if you still wanted to follow step 2, but even when I tried I couldn't delete the CBS log.

Did you get any error message? If so what was it? If you can't remember just rerun those commands and note any message.

I don't like the results of the chkdsk.

Yep, those errors were found in file segments. Chkdsk didn't get far enough to indicate if it found any bad clusters or sectors on the hard disk.
Let's run chkdsk again and see it it can repair the disk errors. First we will clear the Event logs.

NOTE: If Norton is still disabled leave it that way. Disable any screen saver you have running. Turn the Sleep mode off if you have the computer running in that mode.

Step-1.

Clear Event Logs

Click the Start Orb. In the Start Search box type eventvwr.msc and press the Enter key.
Click (Continue) on the UAC screen. The Computer Management window will come up.
On the left side of the window click the arrow beside Event Viewer , then click the arrow beside Windows Logs
Right click on Application and click Clear Logs... Select No or Don't save if you are asked if you want to save the old logs.
Right click on System and click Clear Logs... Select No or Don't save if you are asked if you want to save the old logs.
Close the Event Viewer.

Step-2.

Run the Disk Checker

NOTE: Before running the disk checker to repair a volume, you must do the following:

Be prepared to let the process complete.
- If you check either or both of the boxes on the Check Disk window...
- Automatically fix file system errors.
- Scan for and attempt recovery of bad sectors
...on a large volume (for example, 450 GB) or on a volume with a very large number of files (in the millions), Chkdsk can take a long time to complete.
NOTE: My record so far was a 450GB hard drive that took 20+ hours for Chdsk to complete. When it gets to Stage 4 (Verifying file data) it may stay on the same file number for hours. Chkdsk is still running even though it looks like it has quit responding and stalled. Just let it run.
The volume is not available during this time because Chkdsk does not relinquish control until it is done. If a volume is being checked during the startup process, the computer is not available until the disk checking process is complete.
The disk checker does not include parameters that let you cancel the process.

The image below is from a Vista machine but the screens look similar and operate the same in all versions of Windows.

Click the Start Orb and click Computer. The Computer window will open.
Right click your main drive (look for OS(C:) or just (C:)) and select Properties
Select the Tools tab
Select Error Checking
Click Check Now and OK any UAC prompts.
Place a tick in both boxes in the Check Disk (OS) window:
- Automatically fix file system errors.
- Scan for and attempt recovery of bad sectors
Press Start

Note: If one or more of the files on the hard disk are open, you will receive the following message:

Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)
Type Y, and then press ENTER to schedule the disk check, and then restart, not reboot, your computer to start the disk check.
To restart the computer:
- Shutdown the computer
- Re-start the computer
- When your computer turns on, you will see a black screen with white lettering, this is chkdsk running.
- Let chkdsk run through its 5 Stages. When it is finished, your computer will boot to the desktop.
- You will get a warning that it needs to reboot to continue
- Allow it to do so.

Let me know if chkdsk was able to repair the errors found or if it found errors it could not repair.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know what the error message was when you tried to delete the CBS log
2. Let me know if chkdsk was able to repair the disk.

#19
doubled1990

Posted 18 August 2013 - 04:54 PM

Member

Topic Starter
Member
15 posts

I should have captured the exact error from before on the SFC CBS log process so I'm sorry, but this was along the lines of the function "running" at the time. I tried once more, however, and was able to succeed. My results was as follows:

>> Windows Resource Protection did not find any integrity violations.

Chkdsk completed while I was away from the computer, so based on the Event Viewer log (Windows Logs > Application > under Wininit) the errors found were fixed. But the computer is still a bit sluggish whenever I try to open windows and do things.

#20
godawgs

Posted 19 August 2013 - 10:21 AM

Teacher

Retired Staff
8,228 posts

I should have captured the exact error from before on the SFC CBS log process so I'm sorry...

Not a problem.

...>> Windows Resource Protection did not find any integrity violations.

Chkdsk completed while I was away from the computer, so based on the Event Viewer log (Windows Logs > Application > under Wininit) the errors found were fixed. But the computer is still a bit sluggish whenever I try to open windows and do things.

That is good news indeed.
Let's see if Security Check will run now and get a fresh OTL scan. Then we will deal with those and the Action Center service that isn't running and see where we are.

Step-1.

Re-run Security Check using the instructions in Step 3. of post #6

Step-2.

Posted Image

OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image

box in OTL. To do that:

Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
/md5start
objlist.exe
/md5stop

2. Re-open Posted Image

on the desktop. To do that:

Vista / 7 Users: Right click on the icon and click Run as Administrator)

Make sure all other windows are closed.

You will see a console like the one below:
Click the box beside Scan All Users at the top of the console
Click the box beside Include 64bit Scans at the top of the console.
Make sure the Output box at the top is set to Standard Output.
In the Extra Registry section click the radio button beside Use SafeList<---Very Important
Check the boxes beside LOP Check and Purity Check.
Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted.
When the scan completes, it will open two notepad windows. OTL.Txt will open on the desktop and Extras.Txt will be minimized on the taskbar. These are saved in the same location as OTL.
Please copy the contents of these files, one at a time, and paste them into your reply. To do that:
On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The checkup.txt log
2. The new OTL.txt log
3. The new Extras.txt log

#21
doubled1990

Posted 19 August 2013 - 10:38 PM

Member

Topic Starter
Member
15 posts

I still cannot pass the SecurityCheck app as I continue to get the message:

AutoIt Error

Line -1:

Error: Variable must be of type "Object".

-

I'm not sure if you want me to proceed out of sequence and do "Step 2" or not.

#22
godawgs

Posted 20 August 2013 - 02:00 PM

Teacher

Retired Staff
8,228 posts

No. Skip Step 2. When you run SecurityCheck and get the error is there an OK button? And if so have you clicked it? I have seen some users get the same error but clicking the OK button lets the program continue.

#23
doubled1990

Posted 20 August 2013 - 02:05 PM

Member

Topic Starter
Member
15 posts

If you mean the AutoIt popup, yes, but nothing happens further (at least the command prompt window).

#24
godawgs

Posted 20 August 2013 - 10:53 PM

Teacher

Retired Staff
8,228 posts

OK, let's check the hard disk one more time and make sure it doesn't find any errors.

Check Hard Disk For Errors:

Please delete the checkhd.txt file on the desktop.

Please copy everything in the quote box below into notepad. To do this highlight all text, then right click and click Copy.

@Echo Off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0

Next, open Notepad, or click Start->Run and in the Open: box type notepad.exe and click OK.
Right click in the notepad window and click Paste, or put the cursor inside the notepad window and press the Ctrl-V keys to paste the text into notepad.
On the File menu, click Save
On the Save AS window that comes up, do the following:
- On the left side, click the Desktop Icon. This will put "Desktop" in the Save In: box at the top.
- At the bottom in the File Name: box type testhd.bat
- In the Save as type: box, click the down arrow and click All Files(*.*)
- Click Save
This will put a new file on the Desktop named testhd.bat
The file icon will look like this:

Close all open windows and any open Browsers.
Right click the testhd.bat file on the desktop and click Run As Administrator then OK any UAC prompts to run the file. A command window will open briefly, then close. This is quite normal.
When the command window has closed there will be a new file on the desktop named checkhd.txt
Copy and paste the contents of the checkhd.txt file in your next reply.

#25
doubled1990

Posted 21 August 2013 - 07:01 PM

Member

Topic Starter
Member
15 posts

Please see below for the checkHD log.

=================
checkhd.txt
=================

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
671 large file records processed.

0 bad file records processed.

0 EA records processed.

43 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
1 unindexed files scanned.

Detected orphaned file AM7C12~2.MAN (284359), should be recovered into directory file 22602.
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
File 284358 is missing a data attribute.
37703 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
The master file table's (MFT) BITMAP attribute is incorrect.
The Volume Bitmap is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

229274623 KB total disk space.
120843768 KB in 242420 files.
126012 KB in 37703 indexes.
296 KB in bad sectors.
441867 KB in use by the system.
65536 KB occupied by the log file.
107862680 KB available on disk.

4096 bytes in each allocation unit.
57318655 total allocation units on disk.
26965670 allocation units available on disk.

#26
godawgs

Posted 22 August 2013 - 12:52 AM

Teacher

Retired Staff
8,228 posts

Hello,

The hard disk check is still showing errors on the hard drive. These could be false positives....or your hard drive could be failing. Let's run chkdsk from an elevated command prompt and then get a look at the Event log.

Step-1.

Run the Disk Checker

NOTE: Before running Chkdsk to repair a volume, you must do the following:

Be prepared to let the Chkdsk process complete.
If you use the /f or /r parameter on a large volume (for example, 450 GB) or on a volume with a very large number of files (in the millions), Chkdsk can take a long time to complete.
Chkdsk runs through 5 stages. When it gets to Stage 4 (Verifying file data) it may stay on the same file number for hours. Chkdsk is still running even though it looks like it has quit responding and stalled. Just let it run.
The volume is not available during this time because Chkdsk does not relinquish control until it is done. If a volume is being checked during the startup process, the computer is not available until the Chkdsk process is complete.
Chkdsk does not include parameters that let you cancel the Chkdsk process.

Click the Start Orb. In the Start Search box type cmd.exe. The menu will populate with Programs and Files.
Under the Programs section find cmd.exe. Right click the file and click Run as Administrator. The Command window will open.
At the blinking cursor in the Command Window type the following and press the ENTER key:

chkdsk C: /r
(note the space between the C: and /r It needs to be there.)

Note: If one or more of the files on the hard disk are open, you will receive the following message:

Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)
Type Y, and then press ENTER to schedule the disk check, and then restart, not reboot, your computer to start the disk check.
To restart the computer:
Shutdown the computer
Re-start the computer
When your computer turns on, you will see a black screen with white lettering, this is chkdsk running.
Let chkdsk run through its 5 Stages. When it is finished, your computer will boot to the desktop.

Step-2.

Get the Chkdsk log

Click the Start Orb. In the Start Search box type eventvwr.msc and press the Enter key and click (Continue) on the UAC screen. The Computer Management window will open.
On the left side of the window click the arrow beside Event Viewer and click Windows Logs
Click Application. The Application logs will appear in the center window.
The chkdsk log should be the first entry, or near the top. The Source column will have an entry of Wininit.
If it is not the first log:
- Click on View, and then on Sort by > Date and Time.
- This should place the chkdsk log at or near the top of the list.
Double click the entry. An Event Properties window will open.
Click the Copy button. This will copy the log to the clipboard.
Open a text file. Put the mouse pointer inside the text window, right click and click Paste. This will put the contents of the log into a text file.
Paste the contents of the log your next Reply to this topic.

#27
doubled1990

Posted 22 August 2013 - 11:47 PM

Member

Topic Starter
Member
15 posts

Please see below for the latest chkdsk results.

=================
checkhd.txt
=================

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 8/22/2013 7:40:36 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: MFamily-PC
Description:

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
331008 file records processed. File verification completed.
671 large file records processed. 0 bad file records processed. 0 EA records processed. 43 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)...
406398 index entries processed. Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
1 unindexed files scanned. Recovering orphaned file AM7C12~2.MAN (284359) into directory file 22602.
0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)...
331008 file SDs/SIDs processed. Cleaning up 13 unused index entries from index $SII of file 0x9.
Cleaning up 13 unused index entries from index $SDH of file 0x9.
Cleaning up 13 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 284358.
37697 data files processed. CHKDSK is verifying Usn Journal...
36820784 USN bytes processed. Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
330992 files processed. File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
27102555 free clusters processed. Free space verification is complete.
Adding 1 bad clusters to the Bad Clusters File.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

229274623 KB total disk space.
120295652 KB in 242407 files.
126012 KB in 37697 indexes.
300 KB in bad sectors.
442443 KB in use by the system.
65536 KB occupied by the log file.
108410216 KB available on disk.

4096 bytes in each allocation unit.
57318655 total allocation units on disk.
27102554 allocation units available on disk.

Internal Info:
00 0d 05 00 35 46 04 00 32 62 07 00 00 00 00 00 ....5F..2b......
1a 8c 00 00 2b 00 00 00 00 00 00 00 00 00 00 00 ....+...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-08-23T02:40:36.000000000Z" />
<EventRecordID>30331</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>MFamily-PC</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
331008 file records processed. File verification completed.
671 large file records processed. 0 bad file records processed. 0 EA records processed. 43 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)...
406398 index entries processed. Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
1 unindexed files scanned. Recovering orphaned file AM7C12~2.MAN (284359) into directory file 22602.
0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)...
331008 file SDs/SIDs processed. Cleaning up 13 unused index entries from index $SII of file 0x9.
Cleaning up 13 unused index entries from index $SDH of file 0x9.
Cleaning up 13 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 284358.
37697 data files processed. CHKDSK is verifying Usn Journal...
36820784 USN bytes processed. Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
330992 files processed. File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
27102555 free clusters processed. Free space verification is complete.
Adding 1 bad clusters to the Bad Clusters File.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

229274623 KB total disk space.
120295652 KB in 242407 files.
126012 KB in 37697 indexes.
300 KB in bad sectors.
442443 KB in use by the system.
65536 KB occupied by the log file.
108410216 KB available on disk.

4096 bytes in each allocation unit.
57318655 total allocation units on disk.
27102554 allocation units available on disk.

Internal Info:
00 0d 05 00 35 46 04 00 32 62 07 00 00 00 00 00 ....5F..2b......
1a 8c 00 00 2b 00 00 00 00 00 00 00 00 00 00 00 ....+...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>

#28
godawgs

Posted 23 August 2013 - 07:53 PM

Teacher

Retired Staff
8,228 posts

That disk check showed 300K in Bad Sectors. The first one you ran showed 296K in Bad Sectors. You need to keep an eye on this. If your hard drive is failing that number will keep growing. And eventually the computer won't boot up. Once we are done here I would suggest that you post a topic in our Hardware forum and let the techs take a closer look at this.
Let's run the Windows Repair tool to fix some permissions and repair some services and then see if SeccurityCheck will run.

Tell me if you are having any other issues.

Step-1.

Run Windows All-In-One

Download Windows Repair (all in one) from this site. Click one of the Download buttons under the Installer (5.12 MB)

Close the browser and all open windows.

Right click the tweaking.com_windows_repair_aio_setup.exe file, click Run as Administrator and allow any UAC prompts to install the program. Let it install to the default locations
Go to Step 4 to create a Restore point and backup the Registry
- Under System Restore click the Restore button. You will see a message saying that system Restore is creating a Restore point. when it is finished you will see a message saying that the Restore point wes created.
- Under Registry Backup click the Backup button. When it is finished you will see the message telling you that the Registry is backed up.
- Click the Next button. You will be taken to the Start Repairs screen.
On the Start Repairs tab click Start. You will see a Repair Options screen like the image below with the Default options checked"
Please make the following changes:
- Click the box beside the following Default items to remove the checkmark:
  - Repair MDAC/MS Jet
  - Repair Windows Updates
  - Repair CD/DVD Missing/Not Working
  - Repair MSI(Windows Installer)
In the lower right corner click the box beside Shutdown/Restart System when Finished and tick the radio button beside Restart System.
Click the Start button.

NOTE: These repairs will take some time to complete depending on the speed of the system, the number of files and the number of reg keys. On a few systems it is possible for these repairs to get stuck in an infinite loop and thus never complete. This is because of symbolic links. Symbolic links are a way for a folder or reg key to point to a different location. On a normal system this isn't a problem. But if a system has a bad link that points back to a parent path then everything it hits in that link it will hit it again and again forever.
IF the repairs are running for a insane amount of time then they are most likely stuck in a loop. If that is the case stop the repairs and let me know.

Step-2.

Run Farbar Service Scanner

Right click the FSS.exe file, click Run as Administrator and OK any UAC prompts.
Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Step-3.

Run Security Check

Right click the SecurityCheck icon and click Run as Administrator to run the application. Allow any UAC warnings.
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the computer is runing and what issues remain.
2. The new FSS.txt log
3. The checkup.txt log

#29
doubled1990

Posted 24 August 2013 - 12:42 AM

Member

Topic Starter
Member
15 posts

godawgs, wow! Thanks! I don't know what was done, but after the reboot once the Tweaking Window Repair finished I noticed I can move and click things so much more fluidly. I thought someone doped my water with a 24 hour energy drink! Yes, I can now run through the Security Check. See below for the FSS and checkup files. I just hope there are no signs of possible hard drive failure.

=================
FSS.txt
=================

Farbar Service Scanner Version: 17-08-2013
Ran by Messy Family (administrator) on 23-08-2013 at 23:20:57
Running from "C:\Users\Messy Family\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

=================
checkup.txt
=================

Results of screen317's Security Check version 0.99.72
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 17
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (23.0)
Google Chrome 28.0.1500.71
Google Chrome 28.0.1500.72
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#30
godawgs

Posted 24 August 2013 - 11:49 PM

Teacher

Retired Staff
8,228 posts

godawgs, wow! Thanks! ... I just hope there are no signs of possible hard drive failure.

You are welcome. There are diagnostics that can be run on the hard drive. When we are done here if you want to have them run you can start a topic in the Hardware forum. If you do that PM me with a link to the topic and I will ask a tech to look at it.

Looks like Windows Repair did it's job. Let's update the programs that SecurityCheck found. Then if you don't have any further issues we will be ready to clean up the tools we've used and wrap this puppy up.

Step-1.

Posted Image

JAVA Advice
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:

For Firefox, install the NoScript add-on.
For Chrome, install the Script-No add-on.
NOTE: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Java.
Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)

If you still want to update your Java, follow the instructions below:

A.
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

Download the latest version of the Java Runtime Environment (JRE) Version from Here or Here and save it to your desktop.
Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 7u25
Click the "Download button under the JRE" column.
On the Java SE Runtime Environment page, click the button to "Accept License Agreement".
Under the Java SE Runtime Environment 7u25 heading:
You will need to install both the 32bit and 64bit versions.
- Look for Windows x86 Offline 30.25MB, click the jre-7u25-windows-i586.exe file and save it to your desktop. Do Not run it from the Java site.
- For the 64bit version, look for Windows x64 31.61MB, click the jre-7u25-windows-64.exe file and save it to your desktop. Do Not run it from the Java site.
Close any programs you may have running - especially your web browser.

B.
Uninstall all versions of Java

Click Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Click to (highlight) any Java item. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
The versions I see on the computer are:
- Java™ 6 Update 17 (64-bit)
  Java™ 6 Update 17
For Vista/7/8: Right click each program and click Uninstall and follow the on screen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.

C.
Install the latest JAVA

Back on your desktop:
Right click the jre-7u25-Windows-i586.exe file. Click Run as Administrator and allow any UAC prompts you get to install the 32bit Java
When the Java Setup - Welcome window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Reboot the computer
Repeat numbers 2 through 5 to install the jre-7u25-windows-x64.exe file.

[Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

Step-2.

Update Adobe Reader

Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy.

Click the Start Orb and click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
Remove ALL instances of Adobe Reader. the versions I see on the computer are:
- Adobe Reader 9.5.4 MUI
Re-boot your computer as required.
Once ALL versions of Adobe Reader have been uninstalled, download the latest version of Adobe Reader from Here.
Remove the check mark next to Yes, install McAfee Security Scan Plus-optional box.
Click the Download Now button to download Adobe Reader and follow the directions.

Alternative Option: After uninstalling Adobe Reader, you could try installing Foxit Reader from HERE. Foxit Reader is a much smaller program. It has fewer add-ons therefore loads more quickly.
NOTE: When installing FoxitReader, be careful not to install anything to do with AskBar.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the updates went and if any issues remain.