Author Topic: Windows 7 Ult 64 bit trapped by BSD and can not get out. (Read 192208 times)

Boggin · « **Reply #275 on:** April 03, 2018, 01:39:36 pm »

Try a sfc /scannow from that prompt.

FreeCat · « **Reply #276 on:** April 03, 2018, 05:39:43 pm »

OK,
It took a while. Here is the screen:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Morgan Pierce Parker>
C:\Users\Morgan Pierce Parker>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\Users\Morgan Pierce Parker>

Boggin · « **Reply #277 on:** April 04, 2018, 12:06:47 am »

You shouldn't have been able to do that from that level of cmd prompt.

When you select the cmd prompt to Run as administrator you will find that findstr cmd will produce the desktop icon for the CBS log as I've described.

Boot up into Safe Mode with Networking and open Windows Repair and run just the Permissions repairs to see if that puts things right.

See if you can still perform a sfc /scannow from the Users cmd prompt after the reboot.

FreeCat · « **Reply #278 on:** April 04, 2018, 07:00:35 am »

ok Boggin, I will do that in the safe mode later today.
Currently, I am using the machine for work and can not reboot.

But, I did do a Malware Bytes scan and some thing have shown up:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/4/18
Scan Time: 2:16 AM
Log File: b9e38b54-37cf-11e8-9250-00ff83c10af3.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4608
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 807126
Threats Detected: 12
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 41 min, 4 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.FindWide, HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E8307B89-5F41-4591-83AE-91CC210327DF}, No Action By User, [314], [238383],1.0.4608

Registry Value: 4
PUP.Optional.FindWide, HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E8307B89-5F41-4591-83AE-91CC210327DF}|DISPLAYNAME, No Action By User, [314], [238383],1.0.4608
PUP.Optional.TNT, HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E8307B89-5F41-4591-83AE-91CC210327DF}|OSDFILEURL, No Action By User, [6695], [244085],1.0.4608
PUP.Optional.FindWide, HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E8307B89-5F41-4591-83AE-91CC210327DF}|FAVICONURL, No Action By User, [314], [238383],1.0.4608
PUP.Optional.FindWide, HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E8307B89-5F41-4591-83AE-91CC210327DF}|URL, No Action By User, [314], [238383],1.0.4608

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.FastestTube, C:\Users\Morgan Pierce Parker\AppData\Roaming\Opera Software\Opera Stable\Extensions\phahnhbgfdhgobenebnjbgmacgpbfaag\2.4.0.19_0\_metadata, No Action By User, [1229], [373186],1.0.4608
PUP.Optional.FastestTube, C:\Users\Morgan Pierce Parker\AppData\Roaming\Opera Software\Opera Stable\Extensions\phahnhbgfdhgobenebnjbgmacgpbfaag\2.4.0.19_0, No Action By User, [1229], [373186],1.0.4608
PUP.Optional.FastestTube, C:\USERS\MORGAN PIERCE PARKER\APPDATA\ROAMING\OPERA SOFTWARE\OPERA STABLE\EXTENSIONS\PHAHNHBGFDHGOBENEBNJBGMACGPBFAAG, No Action By User, [1229], [373186],1.0.4608

File: 4
PUP.Optional.FastestTube, C:\Users\Morgan Pierce Parker\AppData\Roaming\Opera Software\Opera Stable\Extensions\phahnhbgfdhgobenebnjbgmacgpbfaag\2.4.0.19_0\_metadata\computed_hashes.json, No Action By User, [1229], [373186],1.0.4608
PUP.Optional.FastestTube, C:\Users\Morgan Pierce Parker\AppData\Roaming\Opera Software\Opera Stable\Extensions\phahnhbgfdhgobenebnjbgmacgpbfaag\2.4.0.19_0\_metadata\verified_contents.json, No Action By User, [1229], [373186],1.0.4608
PUP.Optional.FindWide, C:\USERS\MORGAN PIERCE PARKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DZYGI7OP.DEFAULT\PREFS.JS, No Action By User, [314], [301558],1.0.4608
PUP.Optional.Freshy, C:\USERS\MORGAN PIERCE PARKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DZYGI7OP.DEFAULT\PREFS.JS, No Action By User, [277], [301562],1.0.4608

Physical Sector: 0
(No malicious items detected)

(end)
===============================

I think I should quarantine these, but I will wait for your opinion.

I do not know how these PUPs get there. I plan to uninstall MalwareBytes and put on Avast on the next boot. Would that stop these PUPs?

I see that two of these are for FireFox. I only use FireFox when GoToMeeting is used as that does not work with Opera. Is there another supplementary browser you would suggest. I have been running Opera for ten years and, to me, it is the best.

Boggin · « **Reply #279 on:** April 04, 2018, 07:28:50 am »

I would keep MBAM as it's an excellent antimalware scanner, but if you read the report, it says no action by user.

They are just browser extensions which a website may have put in.

I only ever use IE - currently IE 11.

FreeCat · « **Reply #280 on:** April 05, 2018, 07:16:13 am »

OK, Boggin,

I will keep Malware bytes on your suggestion.

Speaking of which there were threats discovered overnight, below; I quarantined them.
Can you tell me how it works. License is not activated and yet it did a scan without my asking overnight. So, that must means it works in real time, maybe?

Is there a way to stop the nagging update message? I remember once before I did subscribe (prolly on another machine) and it began nagging about all kinds of other products they have --- about 5 different things. It never stopped so I un-installed it.
So, what it the difference between a malicious item and a threat?

So, we should quarantine both --- all the time? When not to do that.

BTW, I stopped using IE many years ago. IE let so much bad stuff on my other machine. Nagging me, etc. At least once a virus which messed up my machine. It was a new machine and Dell fixed it and told me not to use it. There were many articles about IE being bad, so I stopped all togehr using it in all machine.

But, now, some program will call it up even though I have Opera as my default. I never had trouble with Opera and it is faster.

I had problems similar to IE with Firefox also, but I use it as my alternate only when some broadcast program like TOTOMEETING does not work with Opera. What about Safari? How is that. I do not like Chrome due to the nature of the Google corporation. IMO, a bad company that does things behind your back.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/5/18
Scan Time: 2:16 AM
Log File: e44b2086-3898-11e8-9311-00ff83c10af3.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4624
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 807301
Threats Detected: 12
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 25 min, 36 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.FindWide, HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E8307B89-5F41-4591-83AE-91CC210327DF}, No Action By User, [314], [238383],1.0.4624

Registry Value: 4
PUP.Optional.FindWide, HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E8307B89-5F41-4591-83AE-91CC210327DF}|DISPLAYNAME, No Action By User, [314], [238383],1.0.4624
PUP.Optional.TNT, HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E8307B89-5F41-4591-83AE-91CC210327DF}|OSDFILEURL, No Action By User, [6697], [244085],1.0.4624
PUP.Optional.FindWide, HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E8307B89-5F41-4591-83AE-91CC210327DF}|FAVICONURL, No Action By User, [314], [238383],1.0.4624
PUP.Optional.FindWide, HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E8307B89-5F41-4591-83AE-91CC210327DF}|URL, No Action By User, [314], [238383],1.0.4624

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.FastestTube, C:\Users\Morgan Pierce Parker\AppData\Roaming\Opera Software\Opera Stable\Extensions\phahnhbgfdhgobenebnjbgmacgpbfaag\2.4.0.19_0\_metadata, No Action By User, [1228], [373186],1.0.4624
PUP.Optional.FastestTube, C:\Users\Morgan Pierce Parker\AppData\Roaming\Opera Software\Opera Stable\Extensions\phahnhbgfdhgobenebnjbgmacgpbfaag\2.4.0.19_0, No Action By User, [1228], [373186],1.0.4624
PUP.Optional.FastestTube, C:\USERS\MORGAN PIERCE PARKER\APPDATA\ROAMING\OPERA SOFTWARE\OPERA STABLE\EXTENSIONS\PHAHNHBGFDHGOBENEBNJBGMACGPBFAAG, No Action By User, [1228], [373186],1.0.4624

File: 4
PUP.Optional.FastestTube, C:\Users\Morgan Pierce Parker\AppData\Roaming\Opera Software\Opera Stable\Extensions\phahnhbgfdhgobenebnjbgmacgpbfaag\2.4.0.19_0\_metadata\computed_hashes.json, No Action By User, [1228], [373186],1.0.4624
PUP.Optional.FastestTube, C:\Users\Morgan Pierce Parker\AppData\Roaming\Opera Software\Opera Stable\Extensions\phahnhbgfdhgobenebnjbgmacgpbfaag\2.4.0.19_0\_metadata\verified_contents.json, No Action By User, [1228], [373186],1.0.4624
PUP.Optional.FindWide, C:\USERS\MORGAN PIERCE PARKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DZYGI7OP.DEFAULT\PREFS.JS, No Action By User, [314], [301558],1.0.4624
PUP.Optional.Freshy, C:\USERS\MORGAN PIERCE PARKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DZYGI7OP.DEFAULT\PREFS.JS, No Action By User, [277], [301562],1.0.4624

Physical Sector: 0
(No malicious items detected)

(end)

===========

There was one more thing overnight: Windows update happened and it wants me to reboot to complete now. I thought I choose "notify me but do not install". But, it updated anyway.
I have posed the update history below. Can you have a look to see it all is good with that update?

I will reboot in safe mode and do what you asked in one of you last posts, now.
But I am unsure of how to do this. Is this permissions repair with the MS WINDOWS7 SP1 release disc:

"Boot up into Safe Mode with Networking and open Windows Repair and run just the Permissions repairs to see if that puts things right.

See if you can still perform a sfc /scannow from the Users cmd prompt after the reboot."

Boggin · « **Reply #281 on:** April 05, 2018, 08:51:18 am »

The reason MBAM is doing the scans is because you are running the 14 day Premium free trial.

If you want to revert to just the free version then open MBAM and click on Settings and then on Account Details where you will see a button to end the free trial.

I said to expect some more updates as the machine is catching up on those.

It shouldn't have auto installed them when you have the update settings set to Check for but let me choose - have you checked to see if it's still set to that.

You don't need the install disk to run the Windows Repair program.

If you haven't already have it installed or don't have the latest version then download it from www.tweaking.com

The repairs I want you to run are as in my pic.

Uncheck the top box which will clear the rest then check just the first 4 boxes.

I've always used IE since I bought my first laptop in 2010 and have used Norton since then without my machines becoming infected.

I don't click on unknown links in emails - don't use P2P download sites and don't go looking for what could be dodgy websites.

Do you actually have an antivirus program installed ?

FreeCat · « **Reply #282 on:** April 06, 2018, 09:03:18 am »

OK, Boggin,

Ran Tweaking Tool. (BTW, I was very confused when you said run repair tool; I kept looking for some Microsoft thing). But, I ran Tweaking tools with only first four check as admin. Machine has doubled in speed.

The setting reverted back to install on Windows Update. (pic below). But, can you tell me if the other setting are correct?

Several updates applied them selves and there were several reboots due to this.

But, there are several updated that are "recommended". So, I wonder should I do these and what is the rule going forward about recommended?

I am running the SFC now, but I had a hard time getting the command prompt as "administrator.
See the windows it ways administrator at the top.

Boggin · « **Reply #283 on:** April 06, 2018, 09:26:02 am »

That's still showing as your Users cmd prompt even though it says Admin in the top bar - I don't understand why that is.

I'm going to ask my Support about that.

As AMD said you could ignore the AMD update then right click on it and select Hide - do the same for KB2952664

I got KB4099950 as an Important one on my Win 7 so install that one and you will have to click on each one of the rest and then on the More info link in the right pane to see what the rest are for.

You probably don't need any that are for Remote Desktop.

FreeCat · « **Reply #284 on:** April 06, 2018, 10:41:35 am »

Thanks, Boggin.

OK I did what you said about KB4099950.
But, what about the .NET framework. I use .NET programs so should I include that?

And the one to Preview of Quality Rollup --- that sounds important. No?

However after this last reboot, there is a major problem that I can not resolve.

Most web pages (about 35 of 40) that I have tabs open on will not long open. They give a message like The webpage at https://email.secureserver.net/login.php?domain=email.mpj.com might be temporarily down or it may have moved permanently to a new web address.

using Firefox, I CAN get to that site.

Also, many desktop shortcuts, etc. no longer work.

Also, VERY IMPORTANT: VARIOUS DROP DOWN ITEMS NO LONGER WORK:

Send to Zip file, Open with RAR, etc.
machine is vi rurally unusable for most that i do with it.

How can I fix these things? thanks in advance.

Boggin · « **Reply #285 on:** April 06, 2018, 01:27:39 pm »

Yes, I had .Net Framework on my list to install, but forgot to include it in my post.

You can hide the Preview for the Rollup as they can sometimes cause problems and it's only Optional anyway.

Go to Installed Updates - type KB4099950 into the top right search box and when it comes up, right click on it and select Uninstall then see if your computer starts working again as it should after the reboot and let me know.

That update should be installed before KB4088878 or KB4088875 as this article explains - https://blogs.technet.microsoft.com/yongrhee/2018/04/02/hotfix-4099950-to-fix-lost-network-settings-after-kb4088878-andor-kb4088875-on-windows-7-sp1-andor-windows-server-2008-r2-sp1/

After the reboot go back to Installed Updates and type each of those updates into the top right search box to see if you have them installed.

FreeCat · « **Reply #286 on:** April 06, 2018, 02:33:03 pm »

OK, Boggin,

I made one mistake in my last report.
What I said:
""... I did what you said about KB4099950."
What i meant to say:
I did not yet do what you said about KB4099950."
So, the condition was no caused by that.

I did make a Tweaking backup of registry, create restore and the optional "ownership" (right under registry) just before the reboot to apply updates.

Should I restore those?

Also, the two updates you said should be installed before KB4099950 are not in my to be installed list of past history list.

Also, I went to see about un-installing the very last update kb4100480 that has installed date of 4-6 and the one before that KB4074598, but I can not see any otpion to uninstall them. How is that done? Thanks.

Boggin · « **Reply #287 on:** April 06, 2018, 03:01:58 pm »

Windows Update should have created a restore point - use that to go back.

FreeCat · « **Reply #288 on:** April 18, 2018, 08:16:00 am »

Hi Boggin - Been through a nightmare here. finally was able to get updates applied using iobit tool that Satchan used many times and restoring restore point. tweaking tool made things worse just doing the first four. Have not had a bootable system till now. I just applied the last updates and system looks stable. I am thinking of getting Win 10 and a 500 gb SSD and having Win 7 run virtual. This way I would use my main dozen programs on 10 and still have all my 7 stuff available. . Does that make sense.

Boggin · « **Reply #289 on:** April 18, 2018, 08:45:24 am »

Some do dual boot with Win 10 and 7 but the few programs I have installed all worked except CCleaner when I upgraded from 7 to 10 and I was surprised my printer also did.

CCleaner just needed to be reinstalled as any program would should it not survive the upgrade.

What Win 7 stuff are you talking about as I believe most will survive the upgrade, although I've seen a few complaints about Office 2003 running in Win 10 - mainly because MS seems to have given up on it.

I don't have Office installed but do have Word Viewer so that my old MS Works can read attached docs which have been put together in Office.

By all accounts, you can still get Win 10 free providing you have a valid Win 7 key as someone found on another forum.

With OEM machines, the COA sticker key tends to wear off - I'm sure MS made those biodegradable

I made a hard copy of those should I have ever needed them.

To get Win 10, just create the install media from after reading the instructions - https://www.microsoft.com/en-gb/software-download/windows10

Prior to upgrading my two Toshiba Win 7 machines, I created system images as well as having factory reset install media.

While I've never created a virtual drive to dual boot or for anything else, to upgrade, go Start - Computer - insert the install media and double click on its drive.

This will start the process if using a DVD but will open to its files when using an USB where you would then double click on setup Application.

Before deciding on whether to use a DVD or USB, you will need to ascertain if your machine can boot from an USB, although that isn't a requirement for the upgrade.

I've created both DVD and USB and prefer to use the USB when I want to boot up with install media to troubleshoot.

When you are prompted for a product key, just enter your Win 7 one.

If you are installing onto a new disk, then you will need to have Win 7 installed on it first to get the freebie.

FreeCat · « **Reply #290 on:** April 18, 2018, 08:54:28 am »

OK, thanks, Boggin. I have to take all you said in and rest for a day or so before I move again. I am very fearful that W7 will go back to unusable state. I --- before your response --- was thinking of install the dozen or so programs that I use 90+% of the time fresh on W10 and then doing a virtual boot of 7 into 10 - avoiding dual boot which will waste time.

Happy to hear that W10 will not cost. My plan would be to install 7 from MS disc onto the SSD (valid copy) and then put W10 on to that.

What do you think of that?

Boggin · « **Reply #291 on:** April 18, 2018, 08:56:48 am »

Are you still talking about a virtual install ?

FreeCat · « **Reply #292 on:** April 18, 2018, 09:03:53 am »

hehe - I do not know what virtual install is. What I am planning (but not sure is a good idea) is install fresh 7 onto the new ssd using the 7 ultimate 64 product key. Then installing 10 onto that ssd. then, when I want to use 7 load it as virtual OS from my (damaged) w7.

Boggin · « **Reply #293 on:** April 18, 2018, 09:19:17 am »

I think once you have gotten used to Win 10 you won't want to go back to 7.

FreeCat · « **Reply #294 on:** April 18, 2018, 11:04:16 am »

OK, Boggin - So what I said makes sense. I am just afraid of W7 conversion effort bringing broken registry stuff in W10. But, if I can use W7 programs (those I only use 10% of the time) in a virtual image of 7 that would make me feel safer. Does it make sense to you?

Boggin · « **Reply #295 on:** April 18, 2018, 01:34:03 pm »

If you are going to do a clean install onto a new drive then you shouldn't have any broken registry stuff.

FreeCat · « **Reply #296 on:** April 18, 2018, 01:55:46 pm »

Yes, but I though you implied that I put existing W7 on the new drive and put W10 ONTOP OF W7.
nO?

Boggin · « **Reply #297 on:** April 18, 2018, 02:13:37 pm »

No - if you put Win 10 on top of a clean install of Win 7 then there shouldn't be any corruption to transfer, but I've seen where a problem with Win 7 has vanished after the upgrade.

You are in effect installing a different OS.

The only way a problem could be transferred would be if you had bad sectors on a HDD - you're not likely to have bad cells on a new SSD.

Don't forget though - after you have clean installed Win 7 you will need to sit through all of the updates again before upgrading and make sure all of your drivers are up to date, including those in Device Manager/View/Show hidden devices/Non Plug and Play Drivers.

You just right click on each in each section, select Update Driver Software and use the default search online.

For the most part you'll probably get that you already have the latest driver, but there may be the odd one that will update.

FreeCat · « **Reply #298 on:** April 18, 2018, 05:44:25 pm »

Thanks, Boggin, but i am confused by your response.

Yes, I understand that win 10 over a clean and updated install of win 7 would hve no corruption as my "weirdo" Win 7 would nt be involved.

And, my "weirdo" win 7 now does have all the updates. So, you are saying that an install over it might make all corruption vanish?
And the probability of that is 20% 50% 80%.

I have no HDD errors. with chkdsk.

Boggin · « **Reply #299 on:** April 19, 2018, 12:49:05 am »

Yes, that's a possibility.

Do you feel that your Win 7 still isn't as it should be and if so, in what way ?