SFC /Scanonce

  • Thread starter Thread starter Chris Wagner
  • Start date Start date
C

Chris Wagner

Having a problem with a system.
After running some spyware and finding over 500 events and over 600
virus problems there appeared to be a problem with the shlweapi.dll
file. On trying to run sfc from the Start>Run, the window would just
disappear after a short while. On trying again it just flashed the
command window . Trying to run SFC directly from the command window
Brought up the commands that go with the SFC program. Tried running
SFC /Scannow and it mentioned something about Administrative mode....
Saw the /scanonce and thought this may work. On boot up yes it does
run but stops saying there is an error with the shlweapi.dll file and
stops with the blue screen. Does not ask for a CD which I don't have
anyway.

But the question is Now that I have the drive as a slave in another
machine, Where does it get the command sfc /scanonce on bootup and
how can i go in and change it so it won't run on bootup.

I'm thinking that since the SFC didn't finish the process, it doesn't
throw the flag to say it has finished therefore each time I try to start
the computer it tries to run SFC and crashes.

Tried the F8 and every choice given but still no luck

I just want to get that function to stop on boot.

Any Ideas?

Thanks
Chris Wagner
 
Chris said:
Having a problem with a system.
After running some spyware and finding over 500 events and over 600
virus problems there appeared to be a problem with the shlweapi.dll
file. On trying to run sfc from the Start>Run, the window would just
disappear after a short while. On trying again it just flashed the
command window . Trying to run SFC directly from the command window
Brought up the commands that go with the SFC program. Tried running
SFC /Scannow and it mentioned something about Administrative mode....
Saw the /scanonce and thought this may work. On boot up yes it does
run but stops saying there is an error with the shlweapi.dll file and
stops with the blue screen. Does not ask for a CD which I don't have
anyway.

But the question is Now that I have the drive as a slave in another
machine, Where does it get the command sfc /scanonce on bootup and
how can i go in and change it so it won't run on bootup.

I'm thinking that since the SFC didn't finish the process, it doesn't
throw the flag to say it has finished therefore each time I try to start
the computer it tries to run SFC and crashes.

Tried the F8 and every choice given but still no luck

I just want to get that function to stop on boot.

Any Ideas?

Thanks
Chris Wagner
Click to expand...
If *I* that many viruses and spyware programs on a drive I would definitely
format the drive and reload windows. You have no way of knowing if
the machine is compromised in some manner.

gls858
 
Hopefully the people who advocate reformatting and reinstalling as a "last
resort" to deal with spyware and virus infections will your post and help
you out. If not then reformat and reinstall XP. You do have backups right?
If not make sure you copy off your important data first.
 
gls858 said:
If *I* that many viruses and spyware programs on a drive I would
definitely
format the drive and reload windows. You have no way of knowing if
the machine is compromised in some manner.

gls858
Click to expand...

If it were 'my' system I'd do the same. This is a newbie's system
connected to the internet by cable without virus checker running. said
it started running real slow............ I asked if there was anything
that needed to be saved the answer was no........... well maybe
this................ oh yea and that....... and
maybe....................... Just trying to do my best to keep
those files available for them.

So the question still remains How to stop the sfc /scanonce to stop.

Chris Wagner
 
Chris said:
So the question still remains How to stop the sfc /scanonce to stop.
Click to expand...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

SFCScan
Dword value 0x0.

John
 
Harry said:
Hopefully the people who advocate reformatting and reinstalling as a
"last resort" to deal with spyware and virus infections will your
post and help you out.
Click to expand...



LOL! I guess that's a dig at me, among others.

But in this case, I'm with you. If Chris has 500 instances of spyware and
over 600 viruses, I'm surprised that his computer works at all.

If not then reformat and reinstall XP.
Click to expand...


Definitely!

WIth that much malware present, the chances of straightening things out any
other way are slim.
 
Thanks John John,

The problem remains that I can't get into windows to do a regedit since
the SFC crashes the system first. Since I have the hard drive in
another machine right now as a slave, do you know a way to get into the
registry on a slave drive and change the settings you mentioned?

Thanks
Chris Wagner
 
regedt32. When it opens on the local registry maximixe the HKLM window
and highlight the top key HKEY_LOCAL_MACHINE. Now click on the
Registry menu and select "Load Hive..." Navigate to the Software hive
of the broken Windows installation (it will be in
[drive]:\WINNT\system32\config) (named SOFTWARE without an extension).
Give the hive a temporary name, any name it doesn't matter, call it aaa
for example. Now in the same window you will see the loaded aaa hive,
the name you just gave it. Double click with the mouse to expand the
hive and keys. To see the key data click the View menu and select Tree
and Data. Do the changes then unload the hive.

Good luck. You have a lot of cleaning to do to repair the installation!
Should it get beyond repair an in-place upgrade might be an
alternative to a format and reinstall, but you will still have lots of
cleaning to do!

John
 
PS. On XP the %windir% folder is Windows, not WINNT. Mistake in my
other post.

John

John said:
regedt32. When it opens on the local registry maximixe the HKLM window
and highlight the top key HKEY_LOCAL_MACHINE. Now click on the
Registry menu and select "Load Hive..." Navigate to the Software hive
of the broken Windows installation (it will be in
[drive]:\WINNT\system32\config) (named SOFTWARE without an extension).
Give the hive a temporary name, any name it doesn't matter, call it aaa
for example. Now in the same window you will see the loaded aaa hive,
the name you just gave it. Double click with the mouse to expand the
hive and keys. To see the key data click the View menu and select Tree
and Data. Do the changes then unload the hive.

Good luck. You have a lot of cleaning to do to repair the installation!
Should it get beyond repair an in-place upgrade might be an alternative
to a format and reinstall, but you will still have lots of cleaning to do!

John

Chris said:
Thanks John John,

The problem remains that I can't get into windows to do a regedit
since the SFC crashes the system first. Since I have the hard drive
in another machine right now as a slave, do you know a way to get
into the registry on a slave drive and change the settings you mentioned?

Thanks
Chris Wagner
Click to expand...
Click to expand...
 
To all,
Thanks for all your help as I have gone ahead and formated and
reinstalled the operating system. It wasn't quite as painful as I had
figured, but then again it wasn't my files that I might have been
overwriting. I did have full assurance from the owner that it would be
OK to do that.

Thanks Again

Chris Wagner
 
Chris said:
To all,
Thanks for all your help as I have gone ahead and formated and
reinstalled the operating system. It wasn't quite as painful as I had
figured, but then again it wasn't my files that I might have been
overwriting. I did have full assurance from the owner that it would be
OK to do that.

Thanks Again

Chris Wagner
Click to expand...
Thanks or the feed back. Hopefully the owner of this PC now understands
the necessity of running up to date anti virus and anti spyware programs.

gls858
 
Back
Top