Hi OCD,
Sure, The start-up issue is when I log in the screen will go blue for a short time, then I will get the welcome message, then it will go to a white screen for a short time then the desk top will show up.
The internet explorer is the one that locks up. Some time it tell me the internet explorer is not responding.
Hi OCD,
Update on computer. I got back on it today and the system was running extremely slow. The system would lock up completely at desk top. Nothing would work, mouse, tab, ctrl-alt-del nothing complete lock down. It would hang up when you would log out it would go to a black screen and stay there. After about three or four shut downs the system started running better. I'm not sure what's going on.
IE 9 when I launched it this morning was asking me to set security setting. I use recommended setting. So something changed there.
Do you have any suggestions or thoughts?
Hi Frosty,
This problem doesn't seem malware related, more along the lines of corrupt file/s. Let's run a few scans and see if they yield any indication of the issue.
=========================
Chkdsk in Vista/7
You must run the command prompt as an administrator or in an "elevated mode".
- Start menu, in the search bar type "cmd"
- Right-click the cmd icon, select "run as administrator"
- If you have user account control (UAC) set up it may prompt you to accept that action.
- Then type in "chkdsk /r" (make note of the space between chkdsk and /)
=========================
- Open the Start Menu, and type eventvwr.msc in the search box and press enter.
- If prompted by UAC, then click on Yes (Windows 7) or Continue (Vista).
- In the left pane of Event Viewer, double click on Windows Logs to expand it, then right click on Application and click on Find.
- Copy and paste Chkdsk into the line, and click on Find Next.
- You will now see the system log for the scan results of Check Disk (chkdsk).
- In the right had menu select copy, open notepad and paste the chkdsk results into notepad
- Post in your next reply.
=========================
- Click on the Start button and in the Search programs and files box type the following:
- command
- Don't press Enter, just let the search results populate above.
- In the search results, locate the Programs section.
- Locate the Command Prompt shortcut and right-click on it.
- Select Run as administrator.
- Click Yes on the User Account Control window that appears.
- Important: If you are see a User Account Control window but also a message that says To continue, type an administrator password, and then click Yes, then your user account must be a standard account, not an administrator account. Before you can click Yes and open an elevated command prompt, you'll need to type the password of another user on your Windows 7 computer that has administrator level privileges.
- Note: You will not see this window at all if your User Account Control settings are turned all the way down. See How To Disable User Account Control in Windows 7 for more information.
- An elevated Command Prompt window will appear.
- Type: sfc /scannow (There's a space between sfc and /scannow.) , then hit Enter
- After the scan runs type exit to close the command prompt window
=========================
How long have you been using IE9?IE 9 when I launched it this morning was asking me to set security setting. I use recommended setting. So something changed there.
=========================
Do you remember the date when you first started having the computer problem?
=========================
In your next post please provide the following:
- chkdsk results
- SFC scan results
- Answer to the questions asked.
OCD
----------
Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Hi OCD,
I have the info you requested.
Chkdsk log:
Information 11/11/2013 12:16:59 PM Wininit 1001 None
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 11/11/2013 12:16:59 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: FrontDesk
Description:
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x128d209 for possibly 0xe2 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x128d209 for possibly 0xe2 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x103b6 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 66486.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x12a7467 for possibly 0x38f clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x12a7467 for possibly 0x38f clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x10d9e is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 69022.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x153fd99 for possibly 0x401 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x153fd99 for possibly 0x401 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x1970b is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 104203.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x1167040 for possibly 0xa91 clusters.
233792 file records processed.
1067 large file records processed.
0 bad file records processed.
Correcting cross-link for file 159178.
0 EA records processed.
76 reparse records processed.
286652 index entries processed.
0 unindexed files processed.
233792 security descriptors processed.
Cleaning up 271 unused index entries from index $SII of file 0x9.
Cleaning up 271 unused index entries from index $SDH of file 0x9.
Cleaning up 271 unused security descriptors.
Inserting data attribute into file 66486.
Inserting data attribute into file 69022.
Inserting data attribute into file 104203.
26434 data files processed.
CHKDSK is verifying Usn Journal...
37047760 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
233776 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
25358788 free clusters processed.
Free space verification is complete.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
145984182 KB total disk space.
44111952 KB in 155121 files.
85276 KB in 26432 indexes.
0 KB in bad sectors.
351802 KB in use by the system.
65536 KB occupied by the log file.
101435152 KB available on disk.
4096 bytes in each allocation unit.
36496045 total allocation units on disk.
25358788 allocation units available on disk.
Internal Info:
40 91 03 00 3e c5 02 00 bd ba 04 00 00 00 00 00 @...>...........
6e 05 00 00 4c 00 00 00 00 00 00 00 00 00 00 00 n...L...........
42 00 00 00 e2 73 c1 77 80 e7 3f 00 80 df 3f 00 B....s.w..?...?.
Windows has finished checking your disk.
Please wait while your computer restarts.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-11-11T18:16:59.000Z" />
<EventRecordID>205098</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>FrontDesk</Computer>
<Security />
</System>
<EventData>
<Data>
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x128d209 for possibly 0xe2 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x128d209 for possibly 0xe2 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x103b6 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 66486.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x12a7467 for possibly 0x38f clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x12a7467 for possibly 0x38f clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x10d9e is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 69022.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x153fd99 for possibly 0x401 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x153fd99 for possibly 0x401 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x1970b is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 104203.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x1167040 for possibly 0xa91 clusters.
233792 file records processed.
1067 large file records processed.
0 bad file records processed.
Correcting cross-link for file 159178.
0 EA records processed.
76 reparse records processed.
286652 index entries processed.
0 unindexed files processed.
233792 security descriptors processed.
Cleaning up 271 unused index entries from index $SII of file 0x9.
Cleaning up 271 unused index entries from index $SDH of file 0x9.
Cleaning up 271 unused security descriptors.
Inserting data attribute into file 66486.
Inserting data attribute into file 69022.
Inserting data attribute into file 104203.
26434 data files processed.
CHKDSK is verifying Usn Journal...
37047760 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
233776 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
25358788 free clusters processed.
Free space verification is complete.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
145984182 KB total disk space.
44111952 KB in 155121 files.
85276 KB in 26432 indexes.
0 KB in bad sectors.
351802 KB in use by the system.
65536 KB occupied by the log file.
101435152 KB available on disk.
4096 bytes in each allocation unit.
36496045 total allocation units on disk.
25358788 allocation units available on disk.
Internal Info:
40 91 03 00 3e c5 02 00 bd ba 04 00 00 00 00 00 @...>...........
6e 05 00 00 4c 00 00 00 00 00 00 00 00 00 00 00 n...L...........
42 00 00 00 e2 73 c1 77 80 e7 3f 00 80 df 3f 00 B....s.w..?...?.
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>
sfc log:
Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\EMachUser>sfc /scannow
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of th
em.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log
C:\Users\EMachUser>
Do you want me to get the CBS log file for you?
I have been using the IE 9 for quit some time. It's not something new.
The problem started back at the beginning of October. I was told that the A/V came up and said that it had found win32 trojan right after she went to WBAP.com
Hi Frosty,
Yes, please do. If the file is too large, attach it to your reply.Do you want me to get the CBS log file for you?
OCD
----------
Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Hi OCD,
The CBS log file is large file so I Zip it for the attachment.
CBS.zip
Hi Frosty,
The CBS log file is a bit out of my knowledge range. I will ask for some help interpreting it, meanwhile let's try this.
Slightly different command, please run, reboot and post the log.
=========================
You must run the command prompt as an administrator or in an "elevated mode".
- Start menu, in the search bar type "cmd"
- Right-click the cmd icon, select "run as administrator"
- If you have user account control (UAC) set up it may prompt you to accept that action.
- Then type in "chkdsk /f" (make note of the space between chkdsk and /)
=========================
- Open the Start Menu, and type eventvwr.msc in the search box and press enter.
- If prompted by UAC, then click on Yes (Windows 7) or Continue (Vista).
- In the left pane of Event Viewer, double click on Windows Logs to expand it, then right click on Application and click on Find.
- Copy and paste Chkdsk into the line, and click on Find Next.
- You will now see the system log for the scan results of Check Disk (chkdsk).
- In the right had menu select copy, open notepad and paste the chkdsk results into notepad
- Post in your next reply.
=========================
Any change in performance?
OCD
----------
Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Hi OCD,
Definitely out mine range. I was looking at it going uhThe CBS log file is a bit out of my knowledge range.
I will have that new log shortly.
Hi OCD,
I finally had the chance to run chkdsk for you.
Here is the info.
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 11/12/2013 3:38:50 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: FrontDesk
Description:
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
233792 file records processed.
1068 large file records processed.
0 bad file records processed.
0 EA records processed.
76 reparse records processed.
286710 index entries processed.
0 unindexed files processed.
233792 security descriptors processed.
Cleaning up 17 unused index entries from index $SII of file 0x9.
Cleaning up 17 unused index entries from index $SDH of file 0x9.
Cleaning up 17 unused security descriptors.
26460 data files processed.
CHKDSK is verifying Usn Journal...
33828560 USN bytes processed.
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
145984182 KB total disk space.
46944756 KB in 156508 files.
86608 KB in 26461 indexes.
0 KB in bad sectors.
348726 KB in use by the system.
65536 KB occupied by the log file.
98604092 KB available on disk.
4096 bytes in each allocation unit.
36496045 total allocation units on disk.
24651023 allocation units available on disk.
Internal Info:
40 91 03 00 c3 ca 02 00 98 c5 04 00 00 00 00 00 @...............
73 05 00 00 4c 00 00 00 00 00 00 00 00 00 00 00 s...L...........
42 00 00 00 e2 73 26 77 80 e7 07 00 80 df 07 00 B....s&w........
Windows has finished checking your disk.
Please wait while your computer restarts.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-11-12T21:38:50.000Z" />
<EventRecordID>205283</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>FrontDesk</Computer>
<Security />
</System>
<EventData>
<Data>
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
233792 file records processed.
1068 large file records processed.
0 bad file records processed.
0 EA records processed.
76 reparse records processed.
286710 index entries processed.
0 unindexed files processed.
233792 security descriptors processed.
Cleaning up 17 unused index entries from index $SII of file 0x9.
Cleaning up 17 unused index entries from index $SDH of file 0x9.
Cleaning up 17 unused security descriptors.
26460 data files processed.
CHKDSK is verifying Usn Journal...
33828560 USN bytes processed.
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
145984182 KB total disk space.
46944756 KB in 156508 files.
86608 KB in 26461 indexes.
0 KB in bad sectors.
348726 KB in use by the system.
65536 KB occupied by the log file.
98604092 KB available on disk.
4096 bytes in each allocation unit.
36496045 total allocation units on disk.
24651023 allocation units available on disk.
Internal Info:
40 91 03 00 c3 ca 02 00 98 c5 04 00 00 00 00 00 @...............
73 05 00 00 4c 00 00 00 00 00 00 00 00 00 00 00 s...L...........
42 00 00 00 e2 73 26 77 80 e7 07 00 80 df 07 00 B....s&w........
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>
No noticable diffrences in porformace.
Hi Frosty,
I'm still waiting to see if any of my colleagues have any recommendations about the CBS file. Let's run this tool while we wait.
=========================
Download TFC to your desktop
- Close any open windows.
- Double click the TFC icon to run the program
- Vista, Windows 7 & 8 Right click and select "Run as Administrator"
- TFC will close all open programs itself in order to run,
- Click the Start button to begin the process.
- Allow TFC to run uninterrupted.
- The program should not take long to finish it's job
- Once its finished it should automatically reboot your machine,
- if it doesn't, manually reboot to ensure a complete clean
=========================
Any change in performance?
OCD
----------
Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Posting Permissions
