It looks like I got a little behind on my windows updates. The last successful run was May 28th. I didn't notice this until yesterday when my computer was having some problems. Yesterday we had a power outage and the computer was on when the power went out. When I tried to start the computer up again it would boot, but then run very slowly. Realplayer was running multiple times in the task manager. I don't use Realplayer so I attempted to uninstall and after a few attempts I was successful. I attempted to run Windows Update again and it started to run. It got to 3 of 5. I let it run for an hour hoping that it wasn't hung, but it was hung. I did a hard stop (power button for 5 seconds). I started again. It asked for safe mode which I used. It then uninstalled the updates that didn't work and it looks like it reverted back to an old install point. It is also telling me that my copy of windows is not genuine, but I purchased this copy of windows.
I have also tried a Safe Boot with limited services. I still wasn't able to get the Windows Update to run. I am guessing that I have probably made things worse rather than better at this point, so time to stop and let someone else take a look.
I originally thought there was just a problem with some files that were corrupted with after the hard power down. I still can't get the windows update to run and I am thinking that there is more going on. I have backed up the registry (erdnt), run dds, and aswMBR.
The first way to validate that Windows 7 is genuine is to click on Start, then type in activate windows in the search box.
If your copy of Windows 7 is activated and genuine, you will ge t a message that says “Activation was successful” and you will see the Microsoft Genuine software logo on the right hand side.
=========================
1.Security Check
Download Security Check by screen317 from here or here.
Save it to your Desktop.
Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
BASESERVICES
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
I was able to verify that windows is activated. Here is my checkup.txt:
Results of screen317's Security Check version 0.99.71
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.7.700.224
Adobe Reader 10.1.7 Adobe Reader out of Date!
Google Chrome 27.0.1453.116
Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
aswMBR.txt:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-20 08:49:57
-----------------------------
08:49:57.768 OS Version: Windows x64 6.1.7601 Service Pack 1
08:49:57.768 Number of processors: 8 586 0x1A04
08:49:57.768 ComputerName: MEDIA_01_10 UserName: Home
08:49:59.063 Initialize success
08:53:21.200 AVAST engine defs: 13072000
08:54:36.633 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:54:36.637 Disk 0 Vendor: ST3750528AS CC44 Size: 715404MB BusType: 3
08:54:36.640 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-3
08:54:36.642 Disk 1 Vendor: ST32000542AS CC95 Size: 1907729MB BusType: 3
08:54:36.746 Disk 0 MBR read successfully
08:54:36.749 Disk 0 MBR scan
08:54:36.754 Disk 0 Windows 7 default MBR code
08:54:36.765 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 715402 MB offset 2048
08:54:36.785 Disk 0 scanning C:\Windows\system32\drivers
08:54:47.367 Service scanning
08:55:07.008 Modules scanning
08:55:07.016 Disk 0 trace - called modules:
08:55:07.039 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
08:55:07.045 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006614060]
08:55:07.050 3 CLASSPNP.SYS[fffff88001a8e43f] -> nt!IofCallDriver -> [0xfffffa80062d6520]
08:55:07.055 5 ACPI.sys[fffff88000d777a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80062c5060]
08:55:11.347 AVAST engine scan C:\Windows
08:55:13.844 AVAST engine scan C:\Windows\system32
09:00:15.310 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\Fixes_07_20_2013\aswMBR\MBR.dat"
09:00:15.315 The log file has been saved successfully to "C:\Users\Home\Desktop\Fixes_07_20_2013\aswMBR\aswMBR.txt"
The system seems to function correctly for a few minutes, but then programs will stop working. For example it took three restarts to download and run checkup. It would run and get to a certain point and then freeze up. When I try to restart windows it will log off and get to a certain point and then stop shutting down. I am then forced to perform a hard power down. I have run a checkdisk with no problems that I can see. If a program freezes I can do other things, but that program does not come back. It is unavailable. If I open up task manager the processor never gets over 5% and nothing is really running.
When windows starts there is an error message. I have attached a screenshot of this message.
I have attempted multiple times to run OTL. I will restart again and give it another try.
You stated you ran chkdsk, please follow the below steps to get the log from that scan.
1.To view chkdsk results log:
Open the Start Menu, and type eventvwr.msc in the search box and press enter.
If prompted by UAC, then click on Yes (Windows 7) or Continue (Vista).
In the left pane of Event Viewer, double click on Windows Logs to expand it, then right click on Application and click on Find.
Copy and paste Chkdsk into the line, and click on Find Next.
You will now see the system log for the scan results of Check Disk (chkdsk).
In the right had menu select copy, open notepad and paste the chkdsk results into notepad
Post in your next reply.
=========================
2.System File Checker (SFC)
Click on the Start button and in the Search programs and files box type the following:
command
Don't press Enter, just let the search results populate above.
In the search results, locate the Programs section.
Locate the Command Prompt shortcut and right-click on it.
Select Run as administrator.
Click Yes on the User Account Control window that appears.
Important: If you are see a User Account Control window but also a message that says To continue, type an administrator password, and then click Yes, then your user account must be a standard account, not an administrator account. Before you can click Yes and open an elevated command prompt, you'll need to type the password of another user on your Windows 7 computer that has administrator level privileges.
Checking file system on C:
The type of the file system is NTFS.
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
CHKDSK is verifying files (stage 1 of 3)...
275712 file records processed.
File verification completed.
2162 large file records processed.
0 bad file records processed.
0 EA records processed.
60 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 3)...
The index bitmap $I30 in file 0xe18 is incorrect.
Correcting error in index $I30 for file 3608.
400330 index entries processed.
Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file WER3E5~1.TXT (188513) into directory file 3608.
Recovering orphaned file WER3E56.tmp.appcompat.txt (188513) into directory file 3608.
Recovering orphaned file WER3EE~1.XML (188530) into directory file 3608.
Recovering orphaned file WER3EE4.tmp.WERInternalMetadata.xml (188530) into directory file 3608.
3 unindexed files scanned.
CHKDSK is verifying security descriptors (stage 3 of 3)...
275712 file SDs/SIDs processed.
Cleaning up 418 unused index entries from index $SII of file 0x9.
Cleaning up 418 unused index entries from index $SDH of file 0x9.
Cleaning up 418 unused security descriptors.
Security descriptor verification completed.
62310 data files processed.
CHKDSK is verifying Usn Journal...
33751696 USN bytes processed.
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
732571647 KB total disk space.
536216876 KB in 209851 files.
143092 KB in 62311 indexes.
0 KB in bad sectors.
400863 KB in use by the system.
65536 KB occupied by the log file.
195810816 KB available on disk.
4096 bytes in each allocation unit.
183142911 total allocation units on disk.
48952704 allocation units available on disk.
Checking file system on C:
The type of the file system is NTFS.
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
CHKDSK is verifying files (stage 1 of 3)...
275712 file records processed.
File verification completed.
2162 large file records processed.
0 bad file records processed.
0 EA records processed.
60 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 3)...
The index bitmap $I30 in file 0xe18 is incorrect.
Correcting error in index $I30 for file 3608.
400330 index entries processed.
Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file WER3E5~1.TXT (188513) into directory file 3608.
Recovering orphaned file WER3E56.tmp.appcompat.txt (188513) into directory file 3608.
Recovering orphaned file WER3EE~1.XML (188530) into directory file 3608.
Recovering orphaned file WER3EE4.tmp.WERInternalMetadata.xml (188530) into directory file 3608.
3 unindexed files scanned.
CHKDSK is verifying security descriptors (stage 3 of 3)...
275712 file SDs/SIDs processed.
Cleaning up 418 unused index entries from index $SII of file 0x9.
Cleaning up 418 unused index entries from index $SDH of file 0x9.
Cleaning up 418 unused security descriptors.
Security descriptor verification completed.
62310 data files processed.
CHKDSK is verifying Usn Journal...
33751696 USN bytes processed.
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
732571647 KB total disk space.
536216876 KB in 209851 files.
143092 KB in 62311 indexes.
0 KB in bad sectors.
400863 KB in use by the system.
65536 KB occupied by the log file.
195810816 KB available on disk.
4096 bytes in each allocation unit.
183142911 total allocation units on disk.
48952704 allocation units available on disk.
Print out these instructions as we may need to close every window that is open later in the fix.
It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
Do not reboot your computer after running rkill as the malware programs will start again.
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one. Right click and select "Run as Administrator"
You only need to get one of them to run, not all of them.
* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
Any improvement in the performance of the computer?
=========================
1.Windows Automatic Updates
Open Windows Update by clicking the Start button , clicking All Programs, and then clicking Windows Update.
In the left pane, click Change settings.
Choose the option that you want.
Under Recommended updates, select the Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
=========================
2.Windows Update
Open Windows Update by clicking the Start button . In the search box, type Update, and then, in the list of results, click Windows Update.
In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your computer.
If you see a message telling you that important updates are available, or telling you to review important updates, click the message to view and select the important updates to install.
In the list, click the important updates for more information. Select the check boxes for any updates that you want to install, and then click OK.
Click Install updates.
Read and accept the license terms, and then click Finish if the update requires it. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
=========================
3.Reboot
=========================
4.Delete the copy of OTL you previously downloaded
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply