Aero themes switching back to basic shortly after start Win7 sp1 x64

[SubyTooner]

Avast corrupt registry entries!

exile360 suggested to start a new topic and post MB log in a post from win7 freeze thread.

I hadn’t updated my HDD for about 6 months in 2017 and during that period I missed a few Avast software updates.

After updating Avast my Aero themes went cuckoo. On start up, 1-2 mins after start my Aero themes turns back to basic. Greyed out windows and the pc locks up, becomes slow and unresponsive or takes a long time to open an app or folder. This was a known issue with one of their updates if you had missed a previous update it left unwanted registry keys effecting Aero themes.

It also sometimes will turn grey a second time after Aero theme comes back to life, with no ill effects on pc performance. When Aero theme enables again it seems to come good.

There was thread about this on some site I never bookmarked where someone was writing scripts to remove the Avast reg keys causing this problem. At the time I was going to format my HDD and use it for storage only. Buy another SSD and use My existing main drive SSD as back up but decided to just leave it.

I have uninstalled Avast with Avastclear and re-installed Avast but it doesn’t remove the reg keys that are causing this issue.

The issue is still present when Avast is uninstalled and when all other start up programs are disabled.  

Any help would be great.

 

mbst-grab-results.zip

[exile360]

Hello again

I checked your logs and unfortunately I'm not seeing what I expected with issues like this.  Typically it is a problem with the application compatibility registry settings (located under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers or HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers) but your logs don't show any entries there so the problem may be elsewhere.  There are a few other things to try and we'll likely check those keys manually as well just to make sure there's nothing there that shouldn't be which could account for this issue, but first just to eliminate the most obvious causes please try following the procedures outlined in this article the next time the issue occurs to see if that helps.

Once that's done, assuming the issue returns again, please go ahead and get an export of the registry keys I mentioned by doing the following:

Create a Batch File:

• Please copy and paste the following text exactly as written into notepad (not wordpad or any other text editor):
  

  @echo off
  reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /s>"%userprofile%\desktop\CompatFlags.txt"
  reg query "HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /s>>"%userprofile%\desktop\CompatFlags.txt"
  "%userprofile%\desktop\CompatFlags.txt"
  del /f /q "%userprofile%\desktop\CompatFlags.txt"
  del /f /q %0

  Once you've done that click on File and select Save As...
• In the Save dialogue box click on the drop down menu next to Save as type and select All Files
• Name the file check.bat(the .bat extension is very important)
• Save the file to your desktop and double click it to run it.
• Once it finishes it will open the file it created in notepad, please copy and paste the file's contents into your next reply.
  

[SubyTooner]

The trouble shooter finds no issues. I had tried this a while back and tried it just now again, no problems found. The Aero theme issue happens every time I start this drive. It will switch to grey usually twice.

I ran that script you posted and this is what I got in notepad.

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
    C:\Program Files (x86)\Realtek\Realtek Ethernet Diagnostic Utility\8169Diag.exe    REG_SZ    RUNASADMIN

and in cmd

Error:The system was unable to find the specified registry key or value.

[exile360]

OK, thanks, I figured that would be the case but just wanted to make sure we didn't skip anything that might fix it.

Next, lets take a look at the hardware starting with your graphics drivers; one of the most common culprits when the problem isn't a compatibility setting.  Please do the following:

Provide System Specifications:

• Please download Speccy from here and save the ZIP file to your desktop or another location where you can easily find it.
• Right-click the file select Extract All... then click Extract in the window that pops up and it should be extracted to a folder in the same location as the ZIP file you downloaded.
• Open the extracted folder and then double-click on the version of Speccy appropriate for your system (select Speccy.exe if using a 32 bit Windows version or Speccy64.exe if you are running a 64 bit version of Windows) and click Yes, OK or Allow if prompted by User Account Control.
• Once the program starts it will analyze your system, please be patient as it may take a few moments to complete.
• Once it finishes and none of the areas say Analyzing click on the File button at the top and select Save Snapshot...
• Save the file to your desktop and click Ok to confirm
• Go to your desktop and right click on the file you just created and hover over Send to and select Compressed (zipped) Folder
• Please attach the zip file you just created to your next post
  

[SubyTooner]

speccy zip

I have the same graphics drivers on my main drive SSD, never had an issue.

ASUSZ68I5-2500K.zip

[exile360]

I know, I just want to make sure it's not some wonky graphics issue causing it just in case.  The latest driver I could find from AMD is located here, however the most recent one from Asus (the board partner that built/distributed the card) is newer and can be found here.  I'd definitely recommend the newer one.

Once the driver is updated (assuming you don't already have the latest installed) would be to take a look and see if Avast is leaving anything behind since you've indicated that it is the culprit, but to do that you'll first need to remove it completely from your system, otherwise we have no way of knowing which entries belong there and which ones do not, so please follow the instructions on this page to remove Avast from Safe Mode using their cleaner utility, then restart the system normally and then do the following:

Create an Autoruns Log:
Please download Sysinternals Autoruns from here and save it to your desktop.

Note: If using Windows Vista, Windows 7, Windows 8/8.1 or Windows 10 then you also need to do the following:

                Right-click on Autoruns.exe and select Properties
                Click on the Compatibility tab
                Under Privilege Level check the box next to Run this program as an administrator
                Click on Apply then click OK

• Double-click Autoruns.exe to run it.
• Once it starts, please press the Esc key on your keyboard.
• Now that scanning is stopped, click on the Options button at the top of the program and verify that the following are checked, if they are unchecked, check them:
      Hide empty locations
      Hide Windows entries
• Click on the Options button at the top of the program and select Scan Options... then in the Autoruns Scan Options dialog enable/check the following two options:
      Verify code signatures
      Check VirusTotal.com
• Once that's done click the Rescan button at the bottom of the Autoruns Scan Options dialog and this will start the scan again, this time let it finish.
• When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the file to your desktop and close Autoruns.
• Right click on the file on your desktop that you just saved and hover your mouse over Send To and select Compressed (zipped) Folder
• Attach the ZIP folder you just created to your next reply

[SubyTooner]

Should I update the graphics driver through Device Manager?  I've never updated a graphics driver before...lol...not sure what the correct method is.

also

The driver installed is 15.200.1062.1004

The downloaded driver you linked as newer is V15_201

[exile360]

Nope, no need for the Device Manager, just run the installer and it should update it for you automatically.  Just follow the onscreen instructions then reboot the system if prompted to do so once it's done.  Yeah, since you're using an older driver it's a good idea to update it anyway even if it's unrelated to the issue you're having since there have likely been countless fixes/stability improvements/performance improvements they've made to the driver since your original one.

[SubyTooner]

OK

Thanx for your help so far.

I've run out of time for the moment.

I will update driver and create an Autorun log and post results in few hours or tomorrow.

[exile360]

Sure, no problem, whenever you're ready

[SubyTooner]

After updating AMD drivers and CCC software my AMD folder disappeared from start menu. I can still access CCC when right clicking on desktop and toolbar icon. I can now only access help feature from toolbar icon. Before update the AMD folder in start menu had CCC and help in it. Everything installed OK and the Aero theme issue was unchanged after driver update. Still present.

Is this normal to have the AMD folder disappear from start menu?

If any other drivers are out of date could they cause a conflict with the new version AMD drivers?.....Intel drivers perhaps?

 

I removed Avast with Avastclear in safe mode and ran Autorun as instructed.

 

ASUSZ68I5-2500K (2).zip

[exile360]

AMD must have changed how their drivers install.  It is typical for the default means of accessing your graphics settings to be through the right-click context menu of the desktop (and the tray if you leave the AMD tray icon visible/enabled).  You can also access it through the Control Panel.

Thanks for the logs, it looks like you might have a few items that are out of date.  For the sake of security some of them really need to be updated.  I'll help you with that while we work on the other issue as well.

First, let's start with the leftovers from Avast.  There are a few of them so just take your time and we'll get them all.

Please open Autoruns again and click on the Logon tab then right-click on the following entry and select Delete and click Yes when prompted:

AvastUI.exe   File not found: C:\Program Files\AVAST Software\Avast\AvLaunch.exe  

Next, click on the Scheduled Tasks tab and right-click on each of the following one at a time and select Delete then click Yes when prompted:

\Avast Emergency Update   File not found: C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe  
\AVAST Software\Avast settings backup   File not found: C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe  
\AVAST Software\Overseer   File not found: C:\Program Files\Common Files\avast software\Overseer\overseer.exe  
\SafeZone scheduled Autoupdate 1461245603   File not found: C:\Program Files\AVAST Software\SZBrowser\launcher.exe  

Once that's done, go ahead and restart your system and test to see if the issue with your Aero theme is resolved and let me know if it is not.

[SubyTooner]

Deleted the 5 Avast leftovers.

No change to Aero themes. Still cuckoo.

Could there be any other Avast leftovers Autorun isn't picking up?

Should I re-install Avast?

Trying to enable Windows Defender in the meantime but keep getting - This program is blocked by group policy Error code 0x800704ec

[SubyTooner]

I now have Windows Defender enabled running alongside MB.

I set Windows Defender DisableAntiSpyware reg key value to 0 and MB to never register Malwarebytes in the Windows Action Center.

[exile360]

OK, yes, there could still be more leftovers from Avast.  We'll see about tracking those down.

Regarding Windows Defender, you can try the solution listed under Method 3 on this page to see if that helps or you can try installing Microsoft Security Essentials temporarily from this page.  Just select the download link for the appropriate language and OS version.  MSE is a full antivirus and should provide adequate protection while we're hunting down the remnants of Avast.  Never mind, I see that you were able to resolve the issue with Defender  

As for hunting down the remaining traces of Avast, please download and extract RegScanner by Nir Sofer from here and then right-click on RegScanner 64 and select Run as administrator and click Yes to the UAC prompt then configure it as shown in the image below:

Once that's done, click on OK wait for the search to complete.  Once it does, click on Edit at the top menu bar of the results window and choose Select All then click Edit once more and choose Copy then open Notepad and paste the contents into notepad, save the file somewhere convenient such as your desktop ZIP and attach the file to your next reply (to ZIP the file, right-click on it and hover your mouse over Send to and select Compressed (zipped) folder).

Thanks

Edited February 2, 2019 by exile360

[exile360]

By the way, when this issue occurs with Aero, does the glass theme show up normally at first when your system starts and then reverts to the non-glass theme or is glass disabled from the very start when your system starts up and you log into Windows?  I ask because that could be the difference between something causing it to crash and something actually disabling it which could give us some clues as to where to look for the solution.

Please let me know.

Thanks

[SubyTooner]

It starts off with glass theme showing then reverts to grey and will only ever go glass to grey then glass 1 more time. Last start only went grey once and barely locked up.

I was watching hidden icons in toolbar on last start up and it seemed to grey out at the same time AMD CCC and MalwareBytes icons appeared. It's not locking up as bad as before and starts a lot quicker.

I deleted 2 Broadcom drivers and 3 Broadcom logon entries(failed attempts at updating driver) as I no longer use the Asus adapter on this drive via Autorun.

I will run regscanner64 and post results shortly.

 

[SubyTooner]

I think I did this rite 🤔

rs64 scan.zip

[exile360]

Great job

Yes, there's definitely a lot of leftovers there from Avast, but there are a few that stand out in particular that may have something to do with this issue.  In the search results window for RegScanner, click Edit and select Find and type appcompat and hit Enter then right-click on the entry it highlights and select Delete.  Once that's done, press CTRL+F on your keyboard or click Edit and select Find again and click Find Next then delete the entry it highlights.  Repeat this until no more entries are found containing appcompat.

Once that's done, restart your system and see if anything has changed and let me know how it goes.

Thanks

[SubyTooner]

Still the same. Aero turned grey twice.

There are 3 entries with appcompatcache left.  I deleted one of them ( not sure if it re appeared) and I tried to delete 2 entries with appcompatflags which wouldn't delete but after restarting and doing another scan they're gone. 

Maybe I should just format the drive 😯

I have an internet access small window above my toolbar hidden icons that won't go away now.

[exile360]

Formatting is certainly an option, but honestly what I'm afraid of is that we may come to find out that this issue is actually due to a hardware issue.  The graphics card in your system is pretty old and it's the lowest-end model that AMD made in the HD 5x series, so if the graphics card is going bad/has gone bad and that's the reason this is happening, then unfortunately formatting/reinstalling Windows won't do anything to fix it.

Can you take a screenshot of the icon for me and post the pic please?  It could just be one of the icons that's normally hidden and I just want to make sure it's not anything we need to worry about.

[SubyTooner]

Yeh the window should go away after a few seconds...lol

The graphics card is low end. I don't game and was using the onboard motherboard graphics for the first 3-4 years after I built the PC. I updated to this card toward the end of 2016 and only reason I did was for rendering rom maps in 3d. It's only 2 and a bit years old and everything works fine on my main drive. SSD.

I tune ecu's and the onboard MB graphics was terrible for map 3d rendering. I did'nt need anything fancy and did'nt want to spend big as it's an old build. It's the silent version, the one without the fan. My case has 5 fans so nothing ever runs hot.

This drive is just a back up, storage and test mule. Kinda feel bad for troubling you over it.

Keyboard and mouse is acting up now too not typing properly. Maybe I deleted the wrong key 🤣 it's taken ages to type this. I did make a restore point when starting this thread.

 

[exile360]

Hmm, that's odd.  Those keys shouldn't have affected your keyboard/input at all.  For the tray icon, you should be able to resolve that by clearing your notification area icon cache.  Instructions on how to do so can be found here.  Both methods work, but the CCleaner method is easiest.

I'm glad you created a restore point.  I was actually going to have you create a registry backup before proceeding with removing any of those other Avast keys from the registry but I assumed those appcompat keys would be harmless since Avast isn't currently installed anyway.  I suspect there's something else going on with the system making it act up, but hopefully once we get things cleaned up a bit more it will settle down.  I do have a few more items for you for maintenance that would be good to take care of, especially for security if you'd like to proceed with that first.  It won't necessarily address the main issue, but they are things that should be done just to update and secure the system.

First is Java; if you don't use Java at all then please remove it using the Java uninstall tool located here.  If you do use it then please make sure it's up to date by following the instructions on this page to check, and if it is out of date, use the uninstall tool I linked to then download and install the latest version for your OS which is available here.

Next, make sure that Adobe Reader is up to date.  To do so, open Adobe Reader and click on Help>Check for Updates and it should check for any updates and offer to install them if available; allow it to do so if there are any.

After that, please make sure you're running the latest version of Adobe Flash Player.  You can find a tutorial on updating Flash in this post.

There are also a few startup items you can probably disable using Autoruns if you want as it could help the system's performance (and if we're lucky, it might fix the theme issue if one of them is related to the problem, though that's not too likely).

Edited February 2, 2019 by exile360

[exile360]

I had a thought, you mentioned the drivers were pretty old and I know the graphics card drivers were.  It may help to update your other drivers, especially given the issue you're having with your keyboard (likely culprit would be the motherboard's USB drivers for that issue).

I was able to track down the product page for your system's motherboard, however the majority of the drivers being offered are pretty old so Intel likely has newer ones available on their site.

With that said, I also did find that the BIOS you're using is one version out of date and the latest one they have posted lists the changes as Improved system stability; if that doesn't sound like a possible fix for such issues, I don't know what does, so updating the BIOS would definitely be a good idea.  You can find the latest BIOS here.  It's version 4102, and you currently have version 4101 and given their comment on the update about stability, it could certainly be related to these issues.  You can find the support/downloads page for your motherboard's BIOS here.  The drivers page is located here (just select your OS; i.e. Windows 7 64 bit).

For the Intel components, such as the integrated graphics, chipset, USB controllers, SATA controllers etc. the easiest method to update would be to use Intel's DSA utility located here.  It is possible that the integrated graphics ship built into your CPU is what's causing Aero glass not to work properly, and hopefully updating that driver will resolve it.

[SubyTooner]

Firstly, thank you for your help and if nothing more, I’ve e learnt allot during this process.

The registry delete done the trick for the tray icons and a few icons that had gone walkabout, reappeared.

I figured I would start with the Bios update. I knew of the newer version but had taken the if it aint broke don’t fix it approach and never updated it. I tend to do this with drivers as well, only updating if I have a problem.

What a headache the bios update turned out to be. My OC results on bios 4101, a 4.3g over clock are now slightly different on bios 4102. My board isn't great for over clocking and I used a + 0.005 offset for my cpu voltage with 4101. With 4102 my Vcore with same offset is 0.015v - 0.020v more then what it was with 4101 at maximum. I disabled pll overvoltage which I had set on Auto with 4101 as I was seeing a few voltage spikes to 1.296v. I’m still seing spikes though and the OC is stable. Vdroop is the same with llc set on Auto and C1E enabled. Idle voltage is 0.950v - 1.000v. The voltage peak has me a little concerned as it seems a little high for a 1gig clock with my cpu. Mite try a negative offset but this never worked with 4101 and setting it on Auto had it in the 1.3’s. I almost reflashed back to 4101...lol. So my clock needs more testing with new bios version or I just live with the slightly higher Vcore peak voltage.  The MB stock cpu voltage is 1.250v for both bios version so it has me scratching my head.

Anyhoo start ups are quicker on my SSD and it has resolved my keyboard and mouse issues I was having my on HDD while typing last post. Aero theme issue is unchanged on HDD. The drivers are up to date from Asus website on both drives.

Running the intel driver tool shows everything as being up to date. Results attached from HDD intel scan.

On my SSD I have Avast driver updater installed for s..ts and giggles. I’ve never used it to update anything as I don’t trust it and it shows 16 drivers as being out of date. Running the intel driver tool shows everything as being up to date, even the out of date AMD graphics driver which I haven’t updated on my SSD shows as being up to date.  

With Java, I need the 32 bit version installed to run Romraider. An opensource rom editing/logging software. It doesn’t work without 32 bit Java. As far as I know the older Java is removed when updating???  Only new version shows up in programs installed. Can older versions still be somewhere hidden?

With Adobe reader I was unimpressed with the newer DC’s privacy policies and update so I uninstalled it on my SSD and installed adobe v11. I created bUpdater registry entry in FeatyreLockDown and set the value to 0 so it can’t update. I did this on my HDD as well where adobe v10 is installed. Can the older versions be exploited?

I update Adobe flash player regularly through Avast software updater.

What next start up items?....I disabled all start up programs except Avast when it was installed and Aero greyed out. Then I disabled Avast along with all other start ups but Avast kept enabling itself and Aero turned grey.

I remember updating Avast then restarting system as prompted and that was the first time Aero greyed out. Could this have something to do with Avast policy reg keys?

Sorry for the long winded post.

 

Detailed-System-Report.zip