Messages

51

General Computer Support / Re: sfc fails, says check CBS.log

« on: July 24, 2015, 04:18:32 am »

I don't have the computer with me right now, but I already ran a chkdsk /f on the volume.
as for the sfc error, it said "Windows Resource Protection found corrupt files but was unable to fix some of them"

52

General Computer Support / Re: sfc fails, says check CBS.log

« on: July 23, 2015, 07:42:07 pm »

ok. here is sfcdetails

53

General Computer Support / sfc fails, says check CBS.log

« on: July 23, 2015, 02:58:38 pm »

my MMC console doesn't work and it says "no audio output device is enabled". I did a sfc /scannow and it says check cbs.log

54

General Computer Support / recycle bin is hijacked.

« on: July 08, 2015, 10:27:22 am »

Ok, so when I try to erase the trash can I get.
"This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Program control panel."

The right click context menu for the recycle bin is also altered.

It says

Open
empty
Create Shortcut
Rename
Properties.

Notice that the empty is in lowercase, this is sign that it was modified by the malware.

55

General Computer Support / Re: track the process that's calling shutdown.exe

« on: June 30, 2015, 10:39:36 am »

ok
this is the new link to the log file. It's 800MB, so will take some time to download.

https://drive.google.com/file/d/0B1lqZhpyr-KQcWdtRDRDUkJRcU0/view?usp=sharing

takes me a couple seconds to download i have 100mbs per second ha lol and dang why so big?

would you have any ideas what's causing it?

56

General Computer Support / Re: track the process that's calling shutdown.exe

« on: June 30, 2015, 05:13:23 am »

It becomes big if you run it for a minute or two

57

General Computer Support / Re: track the process that's calling shutdown.exe

« on: June 29, 2015, 11:07:08 pm »

ok
this is the new link to the log file. It's 800MB, so will take some time to download.

https://drive.google.com/file/d/0B1lqZhpyr-KQcWdtRDRDUkJRcU0/view?usp=sharing

58

General Computer Support / Re: track the process that's calling shutdown.exe

« on: June 29, 2015, 01:14:52 pm »

the .PML log file was created by process monitor. So it definitely shows shutdown.exe being called by I don't know by what.

59

General Computer Support / Re: track the process that's calling shutdown.exe

« on: June 29, 2015, 08:39:53 am »

i got nothing with process explorer but can clearly see shutdown.exe (which is really renamed notepad.exe) called many times in the log. Can someone please take a look at the log file on google drive

https://drive.google.com/file/d/0B1lqZhpyr-KQZDliUm5Bc3dwQkE/view?usp=sharing

60

General Computer Support / Re: track the process that's calling shutdown.exe

« on: June 27, 2015, 06:06:58 pm »

i don't have access to the machine until Monday, but do you think I can create a "fake shutdown.exe" to track the process that's trying to call it. Thanks for your help BTW, I'll try what you said when I get to work on Monday.
A year and a half ago another computer did the same thing. It also made the partition hidden on every restart.

61

General Computer Support / track the process that's calling shutdown.exe

« on: June 27, 2015, 03:30:23 pm »

 Some malware(?) calls shutdown.exe to restart the computer every three minutes, unless I use safe mode. In safe mode I can see the log in event viewer that says that shutdown.exe is doing this. I  renamed shutdown.exe and now the whole process "fails". In the sense that shutdown.exe doesn't get run and the computer stays on. The question is how can I track the process that's going this. Can I program some kind of a trace routing that would catch the culprit.
I tried naming notepad into shutdown.exe and see what happens but I get nothing.

62

General Computer Support / Re: dism says the c:\windows is not a valid windows directory, dism.log is linked

« on: May 18, 2015, 03:27:37 pm »

it's not bad sectors nor the filesystem. I've check both. How would I fix permissions? I can't run tweakingtool in an offline mode, right?

63

General Computer Support / dism says the c:\windows is not a valid windows directory, dism.log is linked

« on: May 18, 2015, 12:21:01 pm »

I get a black screen with a mouse cursor when I try to boot. Ctrl+alt+del, doesn't work. When I try to run dism /cleanup-image it throws an error. The dism.log on the google drive is linked here.

https://drive.google.com/file/d/0B1lqZhpyr-KQQ1F2N1hlRFFNUEU/view?usp=sharing

64

General Computer Support / Re: a filesystem causing a bsod (paged fault in a non-paged area)

« on: May 18, 2015, 08:29:13 am »

ok I found the solution. You have to force the OS to check the volume before it mounts it.

http://www.retosphere.de/tipsandtricks/ntfserror.php

65

General Computer Support / Re: a filesystem causing a bsod (paged fault in a non-paged area)

« on: May 18, 2015, 07:10:23 am »

the problem is from the filesystem. It does the same when you pull the HDD and connect it to another machine.

66

General Computer Support / a filesystem causing a bsod (paged fault in a non-paged area)

« on: May 17, 2015, 01:04:12 pm »

Hi

A volume on the HDD pulled from a computer causes the computers to crash when you connect it to them. the error is

"paged fault in a non-paged area ntfs.sys "
I can't fix the filesystem, because connecting it causes a BSOD to the host's OS. have any idea how I can get around this?

P.S. The HDD doesn't do this in Linux or Mac. Obviously I can just copy the files in Linux/Mac and then redo the OS. But I want to preserve the OS, if possible

67

General Computer Support / Re: ie can't save files, can't see start menu items or pinned taskbar items

« on: April 22, 2015, 09:29:10 am »

ok, the new profile works. how do I transfer everything from the old to the new. I want to keep the app settings also, not just the files in the user folders. I've heard about xcopy deployment, but don't know much about it.

68

General Computer Support / ie can't save files, can't see start menu items or pinned taskbar items

« on: April 21, 2015, 03:19:40 pm »

Hi

I can't save or open files through Internet Explorer, can't see any start menu items (unless I click on all programs), can't pin or see pinned items in the taskbar (only the opened ones)

69

General Computer Support / Re: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search is corrupted

« on: March 06, 2015, 06:07:41 am »

ok. Windows Search was deselected in Programs and Features. I also fixed the Windows Store not opening by using "Repair Windows 8 App Store"

70

General Computer Support / Re: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search is corrupted

« on: March 05, 2015, 05:49:54 am »

Whats the regsvr32.exe command to register windows search?

71

General Computer Support / Re: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search is corrupted

« on: March 04, 2015, 03:59:02 pm »

OK, I did that already and it still doesn't show up in the services.msc. I tried to attach the entire services tree, but the file is 4MB and the forum says that its too big

72

General Computer Support / HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search is corrupted

« on: March 04, 2015, 11:22:11 am »

The Windows search service is not running and is actually missing from the services.msc list. I created a backup of the entire HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search "tree" and is attached here. I think some subentries from that tree are missing.
Also Windows Store doesn't start up, I don't know if this is related or not.

73

General Computer Support / Re: system has recovered from a serious error

« on: January 21, 2015, 12:23:59 pm »

since I'm running XP, the program says it needs an extra component and then freezes. BTW. When I tried to uninstall AVG, it said that the installer service is not started. Is that any indication of something?

74

General Computer Support / Re: system has recovered from a serious error

« on: January 20, 2015, 01:54:51 pm »

i am attaching the dump file too

75

General Computer Support / system has recovered from a serious error

« on: January 20, 2015, 01:51:42 pm »

a virus, I think the name was serif, disabled my internet. I ran the all in one repair tool and it fixed it. Now, I keep getting a the "system has recovered from a serious" error, even if I click "don't send" it comes up again.