Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No C drive.....no ability to restore....Acer 5920 Laptop


  • This topic is locked This topic is locked
8 replies to this topic

#1 vwjimmy

vwjimmy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kentucky Bluegrass
  • Local time:06:24 AM

Posted 07 January 2012 - 02:56 PM

Hello,
My first here! Among my systems is my main surfing machine....an Acer 5920 running Vista Home Premium. When rebooting last night, it reported the C drive has been corrupted. It has the D2D restore partition, and a D partition and I can access both of those....but not the 'C' drive. The restore function (accessed with alt+F10) starts but crashes.
Is this a virus? What can I do to9 restore it without loosing the factory restoration partition? Any help would be appriciated. Thanks for listening!
~Jim

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:24 AM

Posted 07 January 2012 - 08:19 PM

:welcome:

Lets give it a try. You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:24 AM

Posted 07 January 2012 - 09:32 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 vwjimmy

vwjimmy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kentucky Bluegrass
  • Local time:06:24 AM

Posted 08 January 2012 - 02:39 PM

First, thank you so much for taking the time to help!
Here is the LOG. There is no op system to choose from under system recovery options.....but I was able to finally get a c: prompt so I got a c:\windows prompt and here is the result. As you can see, the reported c drixe specs match the restore x drive specs....and they should match the d drive.
What do you think?


Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
Ran by SYSTEM at 2012-01-08 14:25:56
Running from F:\
(X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell]

================================ Services (Whitelisted) ==================

3 sacsvr; C:\Windows\System32\sacsvr.dll [14848 2006-11-02] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

0 FBWF; C:\Windows\System32\DRIVERS\fbwf.sys [69120 2006-11-02] (Microsoft Corporation)
0 Mraid35x; C:\Windows\System32\drivers\mraid35x.sys [33384 2006-11-02] (LSI Logic Corporation)
0 Ramdisk; C:\Windows\System32\DRIVERS\ramdisk.sys [22528 2006-11-02] (Microsoft Corporation)
0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [83560 2006-11-02] (Microsoft Corporation)
0 UlSata; C:\Windows\System32\drivers\ulsata.sys [98408 2006-11-02] (Promise Technology, Inc.)
0 ulsata2; C:\Windows\System32\drivers\ulsata2.sys [115816 2006-11-02] (Promise Technology, Inc.)
0 WimFsf; C:\Windows\System32\Drivers\WimFsf.sys [52224 2006-11-02] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-01-08 14:20 - 2012-01-08 14:20 - 0000775 ____A C:\Windows\WindowsUpdate.log
2012-01-08 14:12 - 2012-01-08 14:13 - 0000000 ____D C:\FRST

============ 3 Months Modified Files and Folders ===============

2012-01-08 14:20 - 2012-01-08 14:20 - 0000775 ____A C:\Windows\WindowsUpdate.log
2012-01-08 14:13 - 2012-01-08 14:12 - 0000000 ____D C:\FRST
2012-01-08 14:12 - 2006-11-02 02:22 - 0000000 __RHD C:\users\Default
2011-10-28 11:47 - 2008-01-06 09:51 - 0000232 ____A C:\OBR3.acr
2011-10-28 11:24 - 2006-11-11 02:56 - 0000055 ____A C:\Windows\System32\winpeshl.ini
2011-10-23 18:53 - 2011-10-23 18:53 - 0060048 ____A C:\Windows\System32\FNTCACHE.DAT
2011-10-23 18:53 - 2011-10-23 18:53 - 0000094 ____A C:\Windows\SETUPAPI.LOG
2011-10-23 18:53 - 2011-10-23 18:53 - 0000000 ____D C:\Windows\ServiceProfiles

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe
[2006-11-02 00:44] - [2006-11-02 01:45] - 0308224 ____A (Microsoft Corporation)

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys
[2006-11-02 00:52] - [2006-11-02 01:51] - 0208488 ____A (Microsoft Corporation) 11EF6C1CAEF76B685233450A126125D6


========================= Memory info ======================

Percentage of memory in use: 7%
Total physical RAM: 4085.63 MB
Available physical RAM: 3793.29 MB
Total Pagefile: 3951.36 MB
Available Pagefile: 3789.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1988.67 MB

======================= Partitions =========================

1 Drive c: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:1.33 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:66.27 GB) (Free:6.03 GB) NTFS
4 Drive f: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
5 Drive x: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:1.33 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 966 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 10 GB 32 KB
Partition 2 Primary 70 GB 10 GB
Partition 3 Primary 66 GB 80 GB
Partition 4 OEM 3319 MB 146 GB

Disk: 0
Partition 1
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C PQSERVICE NTFS Partition 10 GB Healthy Hidden

Disk: 0
Partition 2
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y RAW Partition 70 GB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D DATA NTFS Partition 66 GB Healthy

Disk: 0
Partition 4
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 NTFS Partition 3319 MB Healthy Hidden

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 966 MB 252 KB

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F FAT Removable 966 MB Healthy

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:24 AM

Posted 08 January 2012 - 06:43 PM

Lets take a look at the MBR.

Download MBRFix from here.

Save and extract its contents to the working computer's desktop. There are three files in the MBRFix folder. From these, only copy the MBRFix.exe to the USB drive.

Also download this file and save it in the USB drive. [attachment=116458:fixlist.txt]

In addition, download this file: [attachment=116459:runme.zip]

Extract the contents of the runme.zip to the root folder in the USB drive. Having been saved, it should appear as F:\runme.bat, where F: is the drive letter of the USB drive.

Insert the USB drive into the ailing computer.

Now please enter System Recovery Options

First, at the prompt type F:\runme.bat and press Enter, then run FRST as you did before, except that this time around, press the Fix button just once and wait.

The tool will make a couple of logs in the flashdrive (Fixlog.txt and Log.txt). It will also create a file labeled MBRDUMP.txt. Copy and Paste the contents of the Fixlog.txt and Log.txt files in your next reply, but attach the MBRDUMP.txt as it is a hex file.

Edited by JSntgRvr, 08 January 2012 - 07:03 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:24 AM

Posted 08 January 2012 - 07:04 PM

I edited the post, please refresh the page.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 vwjimmy

vwjimmy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kentucky Bluegrass
  • Local time:06:24 AM

Posted 08 January 2012 - 07:09 PM

I edited the post, please refresh the page.

Got it...thanks. Post back in as soon as it is done
.

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:24 AM

Posted 11 January 2012 - 09:55 PM

Are we still on?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:24 AM

Posted 10 March 2012 - 07:16 PM

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users