Win 7 black screen after logon

Quite a little bit to fix, so here comes the first part:

Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
• Now select the Start Repairs tab.
• The click the Start button.
• Create a System Restore point if prompted.
• On the next screen, click the Unselect All button to first deselect all repairs.
• Now select the following repair options:
  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair WMI
  • Repair Windows Firewall
  • Remove Policies Set By Infections
  • Repair Winsock & DNS Cache
  • Repair Proxy Settings
  • Repair Windows Updates
  • Set Windows Services To Default Startup
• Now on the lower right side check the box to Restart/Shutdown System When Finished
• Then make sure the Restart System radio button is enabled.
• Shutdown any other programs that you are running now before continuing.
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• It should reboot automatically when finished.

After reboot, check to see if your firewall is working.

 

http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

 

Alot to do so here comes the first wave:

Download BITS.reg to your desktop.

• Now please click Start, and type regedit into the search box.
• You should see a regedit.exe and icon appear in the Programs area of the Start Menu.
• Right click on regedit.exe and select Run As Administrator
• Then in the Registry Editor menu click File and select Import.
• Navigate to the BITS.reg file saved to your Desktop and double click it. Allow it to be added to the registry.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

 

I can tell from the logs. No need to have to keep saying. Save you some trouble. Reviewing logs now.

 

Download BFE.reg to your desktop. Do the same procedure for importing it to your registry as you did with BITS.reg, and also go through the same with BITS again too.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

 

I just want to check for something.

http://img827.imageshack.us/img827/1263/frst.gif For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
• Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please attach this log to your next reply. (How to attach)

 

Choose to boot from disk and let me know.

 

So what are you seeing now?

(I am going to have to seek further advice from Chaslang regarding your machine. Alot is broken.)

 

Seeking advice. Hang in there.

 

Does Task Manager open when you hit CTRL-SHIFT-ESC

Also are you booting in just safe mode??? Try Safe Mode with Networking and get a new log from MGtools this way.

 

OK, the logs look good. Can you describe what issues remain?

Delete these:
C:\Windows\Tasks\update-sys.job
C:\Windows\Tasks\update-S-1-5-21-1338759378-2145454223-1684209335-1001.job

 

Hopefully Chaslang will be able to further assist you, or you can post in the software forum regarding this.

 

Please answer my question from earlier on whether you can use CTRL-SHIFT-ESC to bring up Task Manager at this point.

Back in message # 3 you said

So this changed at some point???

Thus far none of the logs have really shown any malware problems so you will likely have to take this to the Software Forum but try the below first.

Click Start, Run, and enter sfc /scannow and click OK. There is a space after the sfc. This runs System File Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk or from the CD if necessary. So it will ask for the Windows CD if it needs it.

 

Something else you may want to try before they disappear is using one of your System Restore points. Your logs showed two that could be of use:

If these were from before your problem started, they could cure the issue....... assuming you get System Restore to work successfully.

 

Okay so are your problems all solved now?

Just an FYI: Every post bumps!

 

No. You were not having malware problems.

Since you are not having malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
5. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
10. After doing the above, you should work thru the below link:

 

That is just adware/junkware stuff and MBAM already took care of it. It is not a major issue. PUP = Potentially Unwanted Program. Many people install PUP type programs on purpose and use them.

No. System Restore would not remove the C:\MGtools folder. So if the folder is still there, and it should be, then MGclean.bat is there too. Perhaps you are only seeing MGclean without the .bat extension because you may have disabled viewing of file extensions now when you ran system restore.

 

Well somehow you have managed to remove all of the utilities that are part of MGtools from that folder. You could just run the MGtools.exe program again which would put everything back in. You do not have to let it run thru to completion. Just run it and then once the black command prompt window opens, click on the X to close the command prompt. The files will already be extracted and you should see MGclean.bat. Run it as requested to do proper cleanup.