Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - garegin

Pages: [1]
1
User Submitted Repair Guides / solution to cmd calling shutdown.exe
« on: February 21, 2019, 09:58:01 PM »
few years ago I posted a question here on a virus that created a script that restarted the computer. Even after removing the virus, the script still persisted. I actually saved the procmon log file. And we now know what it was. For one thing it's a scheduled task. It calls a batch file stored in c:\windows\system32\com\ntsd2.bat. AFAIK, Windows shouldn't even have a com folder in system32. My Windows 10 doesn't.
I googled this file and found a SINGLE thread from '10. https://forums.techguy.org/threads/hacker-logged-on-w-diff-user-name-changed-system.897126/

The log fie is stored in google drive https://drive.google.com/file/d/0B1lqZhpyr-KQcWdtRDRDUkJRcU0/view?usp=sharing

The key to finding out the cause is using the process tree view in procmon. It shows the parent process that has spawned the process in question. In our case, it was taskeng.exe, which is the task scheduler.

2
Computer Help / errors found in sfcfix, need those files
« on: October 10, 2016, 03:37:41 PM »
Hi

I ran sfc and then sfcfix. Sfcfix found three errors that it can't fix. Can you help me with them?

The sfcfix log is attached here

Thanks

3
Hello

I did a repair with dism and need these files to complete the repair.



=================================
Checking System Update Readiness.
Binary Version 6.1.7601.18741
2016-08-27 14:08

Checking Windows Servicing Packages

Checking Package Manifests and Catalogs
(f) CBS MUM Corrupt 0x00000000 servicing\Packages\Microsoft-Windows-IE-Hyphenation-Parent-Package-English~31bf3856ad364e35~~~11.2.9412.0.mum  Expected file name Microsoft-Windows-IE-Hyphenation-Parent-Package-English~31bf3856ad364e35~neutral~~11.2.9412.0.mum does not match the actual file name
(f) CBS MUM Corrupt 0x00000000 servicing\Packages\Microsoft-Windows-IE-Spelling-Parent-Package-English~31bf3856ad364e35~~~11.2.9412.0.mum  Expected file name Microsoft-Windows-IE-Spelling-Parent-Package-English~31bf3856ad364e35~neutral~~11.2.9412.0.mum does not match the actual file name

Checking Package Watchlist

Checking Component Watchlist

Checking Packages

Checking Component Store
(f) CSI Payload File Missing 0x00000000 AdmTmpl.dll amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8
(f) CSI Payload File Missing 0x00000000 AdmTmpl.dll.mui amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf
(f) CSI Payload File Missing 0x00000000 AdmTmpl.dll.mui x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79
(f) CSI Payload File Missing 0x00000000 AdmTmpl.dll x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2

Summary:
Seconds executed: 1427
 Found 6 errors
  CSI Payload File Missing Total count: 4
  CBS MUM Corrupt Total count: 2

Unavailable repair files:
 servicing\packages\Microsoft-Windows-IE-Hyphenation-Parent-Package-English~31bf3856ad364e35~~~11.2.9412.0.mum
 servicing\packages\Microsoft-Windows-IE-Spelling-Parent-Package-English~31bf3856ad364e35~~~11.2.9412.0.mum
 servicing\packages\Microsoft-Windows-IE-Hyphenation-Parent-Package-English~31bf3856ad364e35~~~11.2.9412.0.cat
 servicing\packages\Microsoft-Windows-IE-Spelling-Parent-Package-English~31bf3856ad364e35~~~11.2.9412.0.cat

4
Computer Help / need help fixing corrupt manifest from a cbs.log file
« on: August 03, 2016, 08:48:41 AM »
Hi

I did SFCFIX and it said that your manifest is corrupt. the SFCFIX log is attached. I'm also linking the CBS.log

CBS.log - Google Drive
https://drive.google.com/file/d/0B1lqZhpyr-KQcGdnekxjMFBuaG8/view?usp=sharing


7
Computer Help / Need to manually fix sfc errors
« on: October 16, 2015, 05:08:08 PM »
Hi

I can only boot in safe mode, normal mode boots into a black screen. I ran sfc /scannow and here is the CBS.log with all the errors.

The system is Windows 10 64 bit

http://www.sysnative.com/forums/redirect-to/?redirect=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F0B1lqZhpyr-KQbnpOUnNqaVNWTXc%2Fview%3Fusp%3Dsharing


8
Computer Help / windows shows wrong colors
« on: October 02, 2015, 06:56:50 PM »
Hello

In non-safe mode the blue login screen is showing green and everything seems to have a white tint. I looked in intel settings, and everything  looks normal. In safe mode everything looks fine. For all you color theory nerds, what could turn blue into green.
I even tried a linux live usb to see if it's some GPU failure issue. No, everything works fine there.

9
Computer Help / windows update cannot currently check for for updates
« on: September 28, 2015, 08:54:38 PM »
windows update cannot currently check for updates, because updates on this computer are controller by your system administrator
 I'm running win7 home premium. I ran tweaking repair tool, and the problem persists. have any ideas why?
I ran sfc and it fixed the corruption succesfuly, but it's still the same issue.

10
Computer Help / windows search missing from windows features
« on: September 25, 2015, 10:38:04 AM »

I can't turn on windows search because it's not even in windows features.
ran sfc and failed. dism didn't throw any errors, though

11
Computer Help / need to start in safe mode AND disable auto restart
« on: September 22, 2015, 10:11:35 AM »
Hi

I have a weird problem where the computer freezes at the logon screen in normal mode and restarts during boot during safe mode. I need to made it start in safe mode and disable auto restart. I know about pressing space during boot and then editing the boot options, but don't know what to put in.

Thanks

P.S. I think it's a virus, because it happened right after a malware removal

12
Computer Help / Need to manually fix problems in checksur
« on: September 13, 2015, 02:15:36 AM »
http://Hi

I have a corrupt manifest. I see that people come here with the same problem and a helpful poster gives out the needed files to fix it.


Summary:
Seconds executed: 2355
Found 901 errors
CSI Manifest Failed Catalog Check Total count: 5
CSI Missing Deployment Key Total count: 15
CSI Missing Identity Total count: 6
CSI Mismatched Identity Total count: 2
CSI C Mark Deployment Not Marked Total count: 862
CSI C Mark Deployment Missing Total count: 9
CBS MUM Corrupt Total count: 1
CSI Missing Winning Component Key Total count: 1

Unavailable repair files:
winsxs\manifests\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23040_none_25cd72a8a846d196.manifest
winsxs\manifests\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17633_none_ffdaa43c6ba73cf8.manifest
winsxs\manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.17420_none_1c0e758f636ca489.manifest
winsxs\manifests\x86_netfx-sbscmp10_dll_31bf3856ad364e35_6.1.7601.18514_none_770d53c5633e1fe1.manifest
winsxs\manifests\amd64_netfx-sbscmp10_dll_31bf3856ad364e35_6.1.7601.22724_none_d3aabe0e34c149f9.manifest
servicing\packages\Package_for_KB3004394_SP1~31bf3856ad364e35~amd64~~6.1.2.0.mum
servicing\packages\Package_for_KB3004394_SP1~31bf3856ad364e35~amd64~~6.1.2.0.cat

http://www.sevenforums.com/attachments/windows-updates-activation/371279d1442090898-checksur-log-corrupt-manifest-checksur.log

13
An admin account logs off right after logging in. I disabled all startup apps and did a repair with the Tweaking Tool and it's still the same. Did a malware scan- nothing. Also noticed that it wouldn't do it for non-admin accounts.

14
Computer Help / sfc fails, says check CBS.log
« on: July 23, 2015, 02:58:38 PM »
my MMC console doesn't work and it says "no audio output device is enabled". I did a sfc /scannow and it says check cbs.log

15
Computer Help / recycle bin is hijacked.
« on: July 08, 2015, 10:27:22 AM »
Ok, so when I try to erase the trash can I get.
"This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Program control panel."

The right click context menu for the recycle bin is also altered.

It says

Open
empty
Create Shortcut
Rename
Properties.

Notice that the empty is in lowercase, this is sign that it was modified by the malware.

16
Computer Help / track the process that's calling shutdown.exe
« on: June 27, 2015, 03:30:23 PM »
 Some malware(?) calls shutdown.exe to restart the computer every three minutes, unless I use safe mode. In safe mode I can see the log in event viewer that says that shutdown.exe is doing this. I  renamed shutdown.exe and now the whole process "fails". In the sense that shutdown.exe doesn't get run and the computer stays on. The question is how can I track the process that's going this. Can I program some kind of a trace routing that would catch the culprit.
I tried naming notepad into shutdown.exe and see what happens but I get nothing.

17
I get a black screen with a mouse cursor when I try to boot. Ctrl+alt+del, doesn't work. When I try to run dism /cleanup-image it throws an error. The dism.log on the google drive is linked here.

https://drive.google.com/file/d/0B1lqZhpyr-KQQ1F2N1hlRFFNUEU/view?usp=sharing

18
Hi

A volume on the HDD pulled from a computer causes the computers to crash when you connect it to them. the error is

"paged fault in a non-paged area ntfs.sys "
I can't fix the filesystem, because connecting it causes a BSOD to the host's OS. have any idea how I can get around this?

P.S. The HDD doesn't do this in Linux or Mac. Obviously I can just copy the files in Linux/Mac and then redo the OS. But I want to preserve the OS, if possible

19
Hi

I recently came across a system where I couldn't start on reinstall security essentials. The MS Fix It didn't help either. I found this script through.
http://fixedit.itxpress.biz/2013/05/16/trouble-reinstalling-ms-security-essentials/
Do you want to add this functionality to your utility?

Thanks

20
Hi

I can't save or open files through Internet Explorer, can't see any start menu items (unless I click on all programs), can't pin or see pinned items in the taskbar (only the opened ones)

21
The Windows search service is not running and is actually missing from the services.msc list. I created a backup of the entire HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search "tree" and is attached here. I think some subentries from that tree are missing.
Also Windows Store doesn't start up, I don't know if this is related or not.

22
Computer Help / system has recovered from a serious error
« on: January 20, 2015, 01:51:42 PM »
a virus, I think the name was serif, disabled my internet. I ran the all in one repair tool and it fixed it. Now, I keep getting a the "system has recovered from a serious" error, even if I click "don't send" it comes up again.


23
Computer Help / black screen with mouse cursor after malware removal
« on: November 17, 2014, 09:13:57 AM »
Hi

I removed some malware with offline windows defender and now I get the black screen of death. I looked at the winlogon shell in the registry and it is set to explorer.exe. I can't boot to safe mode either, so can't run the windows all in one tool.

Any ideas?

Pages: [1]