Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows failing to start, System Repair ain't repairing!


  • This topic is locked This topic is locked
21 replies to this topic

#1 MCKNBRD

MCKNBRD

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:10 PM

Posted 02 December 2012 - 01:43 PM

Very similar to the situation posted here: http://www.bleepingcomputer.com/forums/topic448339.html

I have a 2 1/2 year old Asus Eee PC 1005PE, running Win 7 Starter. Gotta admit, this little netbook has been impressive and fits my needs pretty darn well. Until last week. I woke up one morning and it was locked up. Apparently, a Windows update had occured, it rebooted, and locked up. I got the 'Windows Failed to Start' and Startup Repair wasn't able to fix it, any of the eleventy-three billion times I tried it. After Googling the heck out of it, and finally finding this website, I hope ya'll can find the source of the issue.

I finally got into the safe mode (wouldn't even give me the option for a while, it would just hang up, then attempt another reboot) and have managed to save most of my data, but I'd rather not have to reinstall everything.

Per Sardonicus' post in March, I'll lay out what I've seen/done so far.

The Windows Repair Problem Signature
Problem Event Name: Startup Repair Offline
Problem Signature 1: 6.1.7600.16385
Problem Signature 2: 6.1.7600.16385
Problem Signature 3: Unknown
Problem Signature 4: 162
Problem Signature 5: AutoFailover
Problem Signature 6: 1
Problem Signature 7: 0x7f
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033

I've rebooted it several times, ran \sfc scannow, chkdsk, and nothing has changed.

Per JSntgRvr's guidance in the above thread, I downloaded and ran FRST. Log is below...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2012 (ATTENTION: FRST version is 9 days old)
Ran by SYSTEM at 02-12-2012 11:09:47
Running from E:\
Windows 7 Starter (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1021424 2009-10-16] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-10-26] (ASUSTeK Computer Inc.)
HKLM\...\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun [414384 2009-11-17] ()
HKLM\...\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto [803304 2009-08-27] ()
HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [x]
HKLM\...\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe [3058304 2010-01-06] (ASUS)
HKLM\...\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe [104960 2009-12-29] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [LivCam] "C:\Program Files\ASUS\LivCam\LivCam.exe" [284160 2009-11-19] (ASUSTek)
HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2010-01-06] (ASUSTek Computer Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2004-06-14] (InstallShield Software Corporation)
HKLM\...\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe /S [740736 2012-08-03] (ASUS Cloud Corporation)
HKLM\...\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [642856 2009-04-07] (Cisco Systems, Inc.)
HKLM\...\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash [467240 2009-04-07] (Cisco Systems, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Craig\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Craig\...\Run: [SansaDispatch] C:\Users\Craig\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2011-01-15] (SanDisk Corporation)
HKU\Craig\...\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2004-06-14] (InstallShield Software Corporation)
HKU\Craig\...\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex [692152 2012-10-08] (Adobe Systems Incorporated)
HKU\Craig\...\Winlogon: [Shell] C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe [115888 2009-12-09] (Oceanis)
HKU\Default\...\RunOnce: [Reboot] AsusSender.exe C:\Windows\AP\Reboot.exe 40 [x]
HKU\Default User\...\RunOnce: [Reboot] AsusSender.exe C:\Windows\AP\Reboot.exe 40 [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Craig\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ===================

2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] ()
3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [115168 2012-10-30] (Mozilla Foundation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [11736 2011-04-27] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [208944 2011-04-27] (Microsoft Corporation)
2 nmservice; "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" [642856 2009-04-07] (Cisco Systems, Inc.)
2 OberonGameConsoleService; "C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe" [44312 2009-09-14] ()
2 Viewpoint Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [30152 2008-04-04] (Viewpoint Corporation)

==================== Drivers (Whitelisted) ====================

1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-05] ()
3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [24880 2009-04-07] (Cisco Systems, Inc.)
2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26416 2009-04-07] (Cisco Systems, Inc.)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHDA.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-12-02 11:09 - 2012-12-02 11:09 - 00000000 ____D C:\FRST
2012-11-29 21:26 - 2012-11-29 21:26 - 00000000 ____D C:\Windows\System32\config\mybackup
2012-11-29 03:35 - 2012-12-01 18:09 - 00000000 ____D C:\Windows\Minidump
2012-11-18 17:53 - 2012-11-18 17:54 - 00000000 ____D C:\Users\Craig\Desktop\PointBlank
2012-11-18 16:16 - 2012-11-18 16:16 - 00061440 ____A (For Disney Interactive) C:\Users\Craig\Downloads\PBPatcher.exe
2012-11-14 08:34 - 2011-05-03 04:45 - 00153376 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-11-14 04:19 - 2011-05-03 04:45 - 00145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-11-14 04:19 - 2011-05-03 04:45 - 00145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-11-14 04:18 - 2012-11-14 04:19 - 00004107 ____A C:\Windows\System32\jupdate-1.7.0_09-b05.log
2012-11-14 04:09 - 2012-11-14 04:09 - 00000000 ____D C:\Users\Craig\AppData\Roaming\Apple Computer
2012-11-14 00:03 - 2012-07-25 19:39 - 00526952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-14 00:03 - 2012-07-25 19:39 - 00047720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-14 00:03 - 2012-07-25 18:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-14 00:03 - 2012-06-02 06:34 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-14 00:02 - 2012-07-25 19:21 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-14 00:02 - 2012-07-25 19:20 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-14 00:02 - 2012-07-25 19:20 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-14 00:02 - 2012-07-25 19:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-14 00:02 - 2012-07-25 19:20 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 00:02 - 2012-07-25 18:33 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-14 00:02 - 2012-07-25 18:32 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-14 00:02 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-14 00:01 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-14 00:01 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-14 00:01 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-14 00:01 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-14 00:01 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-14 00:01 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-14 00:01 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-14 00:01 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-14 00:01 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-14 00:01 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-14 00:01 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-14 00:01 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-14 00:01 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-14 00:01 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-14 00:01 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-14 00:01 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-13 23:43 - 2012-10-18 09:59 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-13 23:43 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-13 23:43 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-13 23:43 - 2012-10-03 08:58 - 01293680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-13 23:43 - 2012-10-03 08:42 - 00242176 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-13 23:43 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-13 23:43 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-13 23:43 - 2012-10-03 08:42 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-13 23:43 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-13 23:43 - 2012-10-03 08:40 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-13 23:43 - 2012-10-03 07:21 - 00035328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-13 23:43 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll

==================== One Month Modified Files and Folders ========

2012-12-01 23:38 - 2012-11-29 03:35 - 00000000 ____D C:\Windows\Minidump
2012-12-01 23:38 - 2010-04-04 17:06 - 00000000 ____D C:\Users\Craig\Desktop\Craig Misc
2012-12-01 23:38 - 2010-03-31 15:28 - 00000000 ____D C:\users\Craig
2012-12-01 23:38 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2012-12-01 23:38 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-12-01 23:38 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2012-12-01 23:37 - 2011-06-14 19:03 - 00000000 ____D C:\Users\All Users\InstallShield
2012-12-01 23:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\AppCompat
2012-12-01 20:39 - 2010-08-25 15:08 - 156587362 ____A C:\Windows\MEMORY.DMP
2012-11-29 21:26 - 2012-11-29 21:26 - 00000000 ____D C:\Windows\System32\config\mybackup
2012-11-28 00:00 - 2010-03-31 15:27 - 01565578 ____A C:\Windows\WindowsUpdate.log
2012-11-27 23:31 - 2012-07-31 16:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-27 23:30 - 2011-09-17 04:14 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-27 01:30 - 2011-09-17 04:14 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-18 17:54 - 2012-11-18 17:53 - 00000000 ____D C:\Users\Craig\Desktop\PointBlank
2012-11-18 16:16 - 2012-11-18 16:16 - 00061440 ____A (For Disney Interactive) C:\Users\Craig\Downloads\PBPatcher.exe
2012-11-18 14:04 - 2009-07-13 20:34 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-18 14:04 - 2009-07-13 20:34 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-17 12:54 - 2009-07-24 23:50 - 00729816 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-17 12:53 - 2010-04-22 03:57 - 00000000 ____D C:\Users\Craig\Desktop\Temp Pics
2012-11-14 08:28 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-14 08:28 - 2009-07-13 20:39 - 00080302 ____A C:\Windows\setupact.log
2012-11-14 04:19 - 2012-11-14 04:18 - 00004107 ____A C:\Windows\System32\jupdate-1.7.0_09-b05.log
2012-11-14 04:19 - 2010-05-22 07:52 - 00000000 ____D C:\Program Files\Java
2012-11-14 04:10 - 2010-03-31 15:28 - 00084880 ____A C:\Users\Craig\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-14 04:09 - 2012-11-14 04:09 - 00000000 ____D C:\Users\Craig\AppData\Roaming\Apple Computer
2012-11-14 03:28 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2012-11-14 00:59 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-11-14 00:39 - 2009-07-13 20:33 - 00351088 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-14 00:38 - 2012-10-13 16:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-11-14 00:05 - 2010-04-05 06:36 - 64010424 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-14 04:18:21
Restore point made on: 2012-11-14 04:40:35
Restore point made on: 2012-11-14 08:23:58
Restore point made on: 2012-11-14 08:33:28
Restore point made on: 2012-11-14 08:34:43
Restore point made on: 2012-11-20 05:06:13
Restore point made on: 2012-11-23 13:00:49
Restore point made on: 2012-11-27 02:48:43
Restore point made on: 2012-11-28 00:00:35

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 2038.18 MB
Available physical RAM: 1585.58 MB
Total Pagefile: 2038.18 MB
Available Pagefile: 1626.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.7 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:100 GB) (Free:59.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:122.87 GB) (Free:122.77 GB) NTFS
3 Drive e: (THUMBDRIVE2) (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 125 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 GB 1024 KB
Partition 2 Primary 122 GB 100 GB
Partition 3 Primary 10 GB 222 GB
Partition 4 Primary 16 MB 232 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 100 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D NTFS Partition 122 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 1B
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 4
Type : EF
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 124 MB 16 KB

=========================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E THUMBDRIVE2 FAT32 Removable 124 MB Healthy

=========================================================

Last Boot: 2012-11-24 21:34

==================== End Of Log ============================

This netbook is my only computer, and I'm in the middle of interviewing for a job; most of the correspondence has been via email. With these problems, I can't stay in touch with the folks I'm working with. These need to be resolved, and this forum is the only place I've seen that has provided a viable option.

Any and all help is GREATLY appreciated!
Thanks-
Craig

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:10 PM

Posted 07 December 2012 - 01:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/477172 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 MCKNBRD

MCKNBRD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:10 PM

Posted 07 December 2012 - 09:52 PM

1. See above...it should be pretty clear.
2.

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_22
Run by Craig at 21:39:25 on 2012-12-07
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2038.1231 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe
C:\windows\system32\ctfmon.exe
C:\windows\Explorer.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uWinlogon: Shell = c:\program files\oceanis\systemsetting\WallPaperAgent.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_22\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows 7 Starter Helper: {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - c:\program files\oceanis\systemsetting\StarterHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.6.0_22\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: <No Name>: - LocalServer32 - <no file>
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SansaDispatch] c:\users\craig\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe autorun
mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [EeeSplendidAgent] c:\program files\asus\epc\eeesplendid\AsAgent.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LivCam] "c:\program files\asus\livcam\LivCam.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [ASUSPRP] c:\program files\asus\aprp\APRP.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ASUSWebStorage] c:\program files\asus\asus webstorage\3.0.143.296\AsusWSPanel.exe /S
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\craig\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\asusvi~1.lnk - c:\program files\asus\asusvibe\AsusVibeLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 192.168.0.1 192.168.1.254
TCP: Interfaces\{21F91288-5C44-4459-9BC1-13328AF9A252} : DHCPNameServer = 192.168.0.1 192.168.1.254
TCP: Interfaces\{22E59B0F-D4C4-4D4D-993F-A4C79A6DF877} : DHCPNameServer = 192.168.0.1 192.168.1.254
TCP: Interfaces\{22E59B0F-D4C4-4D4D-993F-A4C79A6DF877}\24972746E6563747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{22E59B0F-D4C4-4D4D-993F-A4C79A6DF877}\5467562786162747370A2456C6B696E60A75962756C6563737 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{22E59B0F-D4C4-4D4D-993F-A4C79A6DF877}\C6F6F6B61626F65747 : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2012-1-5 69232]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-1-6 11448]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2010-1-6 219136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\asus\game park\gameconsole\OberonGameConsoleService.exe [2010-1-6 44312]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2012-10-14 30152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-1-6 29472]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2012-1-5 23456]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-22 52224]
.
=============== Created Last 30 ================
.
2012-12-03 08:02:06 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ab053b2f-abb8-4e26-be95-d923aa69f05b}\offreg.dll
2012-12-02 19:09:27 -------- d-----w- C:\FRST
2012-12-02 16:56:31 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ab053b2f-abb8-4e26-be95-d923aa69f05b}\mpengine.dll
2012-11-14 08:03:34 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 08:03:34 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 08:03:34 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 08:02:41 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 08:02:41 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 08:02:40 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 08:02:40 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 08:02:38 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 08:02:38 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 08:02:37 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 07:43:27 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 07:43:26 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 07:43:26 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 07:43:26 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 07:43:26 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 07:43:25 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 07:43:25 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 07:43:25 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 07:43:16 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 07:43:14 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 07:43:11 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 07:43:11 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
.
==================== Find3M ====================
.
2012-10-09 02:31:17 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 02:31:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-25 04:16:58 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-25 04:16:53 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 21:39:50.68 ===============

3. Yep, have the CD that shipped with the netbook.
4. Thanks!

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:10 AM

Posted 08 December 2012 - 10:08 AM

Hello MCKNBRD,

Apologies for the delay.

This is a different issue. The other thread you mention had the same error but was infected. The infection had hijacked one of the startup entries and restoring it resolved the issue.

We take this step by step. We want to prevent MSE from loading services and replace a custom winlogon entry. These changes all are easily reversible.

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

@echo off
sc config MsMpSvc start= disabled >log.txt 2>&1
sc config NisSrv start= disabled >>log.txt 2>&1
sc config MpFilter start= disabled >>log.txt 2>&1
sc config MpNWMon start= disabled >>log.txt 2>&1
reg add "hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d explorer.exe /f >>log.txt 2>&1
reg query "hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" >>log.txt 2>&1
notepad log.txt
  • Go to the File menu at the top of the Notepad and select Save as.
  • Select Save in: desktop
  • Fill in File name: look.bat
  • Save as type: All file types (*.*)
  • Click save.
  • Close the Notepad.
  • Locate look.bat on the desktop. Posted Image
  • Right-click and select "Run it as administrator".
  • A notepad opens, copy and paste the content (log.txt) to your reply.
Also boot normally and tell me if there is any difference.

#5 MCKNBRD

MCKNBRD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:10 PM

Posted 09 December 2012 - 08:43 AM

Well, thats what I get for thinking! These are computers, not cars! Usually, with most of the stuff I've worked on, if its doing 'A', then its usually 'B' that causes the problem...I guess its a little different with computer issues!

THAT is why I come to the experts!

[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
The operation completed successfully.


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
PreCreateKnownFolders REG_SZ {A520A1A4-1780-4FF6-BD18-167343C5AF16}
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VMApplet REG_SZ SystemPropertiesPerformance.exe /pagefile
AutoRestartShell REG_DWORD 0x1
Background REG_SZ 0 0 0
CachedLogonsCount REG_SZ 10
DebugServerCommand REG_SZ no
ForceUnlockLogon REG_DWORD 0x0
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PasswordExpiryWarning REG_DWORD 0x5
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 0x1
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 0x27
AutoAdminLogon REG_SZ 0
DefaultUserName REG_SZ Craig

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked


Thanks again for the help...I'll attempt a reboot now.

Wish me luck!
Craig

#6 MCKNBRD

MCKNBRD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:10 PM

Posted 09 December 2012 - 09:21 AM

Reboot failed. It dumped into Boot repair and system repair 3 or 4 times, I had to 'F8' to get to Safe Mode.

Next?

Thanks!
Craig

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:10 AM

Posted 09 December 2012 - 09:26 AM

We try to boot the computer to diagnostic startup.

Go to Start > Run (alternately press (Windows key+R)
  • In the run box type: msconfig to open up System Configuration Utility.
  • Click on "Startup" tab.
  • Press "Disable All".
  • Click on Services tab.
  • Important: Check Hide All Microsoft Services box.
  • Press "Disable All".
  • Press Apply and Close .
  • A Windows pops up select "Restart" and tell me how it went.


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:10 AM

Posted 09 December 2012 - 09:34 AM

Hi Craig,

Please don't miss my previous post.

FYI: When we are both online and you remain viewing the topic, to see my reply you have to use F5 key to refresh the web page otherwise you continue to see your own reply until you exit viewing the topic. The site doesn't automatically refreshes the page when a reply is posted.

#9 MCKNBRD

MCKNBRD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:10 PM

Posted 14 December 2012 - 08:20 PM

FarBar...I missed the post you put up before your last; I need to set it up to notify me on replies (I thought I had set it up for that...)

Anyway, I tried the changes, still failed to boot. Had to F8 to get to safe mode and try it again.

Thanks for the help...I hope we can hammer this one out!

Craig

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:10 AM

Posted 14 December 2012 - 08:32 PM

Hi Craig,

We have still no clue about the cause of the issue.

  • Please check and if needed set Windows to create mini crash dumps:
    • Go to Start => Right-click Computer and select Properties.
    • On the left pane select "Advanced system settings".
    • Under "startup and Recovery" press "Settings...".
    • Under "system failure":

      • "Write an event to the system log" should be selected.
      • "Automatically restart" should be unselected.
      • Under "Write debugging information" it should be set to "Small memory dump(256 KB)"
    • click "OK".
  • Set up Windows in order not to restart automatically by system failure:
    • Go to start and rightclick Computer and select Properties.
    • In the left pane select Advanced System Settings.
    • Under Advanced tab in the Startup and Recovery section press Setting.
      • The option "write an event to system log" should be checked.
      • The option "Automatically restart" should be unchecked.
    • Click OK twice and close the open window.
    • From now on if you get a notification error please note the exact error message and post it to your reply.
  • Now restart the computer and see if you get a Blue Screen Of Dead, in that case note down the error and let me know.

Edited by Farbar, 16 December 2012 - 02:16 PM.


#11 MCKNBRD

MCKNBRD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:10 PM

Posted 16 December 2012 - 02:15 PM

OK, Farbar...no dice. Didn't get the BSOD, but it locked up pretty good. Had to go into Startup Repair to get anything on it. Startup Repair for about 20 minutes, and finally gave me the problem details:

Problem Event Name: Startup Repair Offline
Problem Signature 1: 6.1.7600.16385
Problem Signature 2: 6.1.7600.16385
Problem Signature 3: Unknown
Problem Signature 4: 123
Problem Signature 5: AutoFailover
Problem Signature 6: 1
Problem Signature 7: 0x1000007f
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033

I went into Advanced System Settings, and am leaving it there until I have an idea where to go. At this point, I'm thinking I need to just start saving my sheckles and get a new one.

Thanks!
Craig

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:10 AM

Posted 16 December 2012 - 02:26 PM

At this point, I'm thinking I need to just start saving my sheckles and get a new one.

It might be eventually the case. But we have still a couple of options.

Either form Safe Mode or from System Recovery Options please run System Restore, then select the following restore point and let it complete:

2012-11-20 05:06:13

In case it failed you can try a couple of the restore points prior or after this restore point.

#13 MCKNBRD

MCKNBRD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:10 PM

Posted 16 December 2012 - 03:03 PM

Well, I got the box that said system restore failed. During the attempted reboot, I got F8 to work, and am back into Safe Mode w/networking.

Next?

By the way, thanks a million for your help. I'd have bricked this thing long ago if I hadn't stumbled onto you guys and this forum!

Craig

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:10 AM

Posted 16 December 2012 - 03:55 PM

You are most welcome.

This one the last attempt.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Last Boot: 2012-11-24 21:34
testsigning on:
nointegritychecks on:
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart, let it boot normally and tell me how it went.

#15 MCKNBRD

MCKNBRD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:10 PM

Posted 16 December 2012 - 11:56 PM

Ran FRST. See fixlog below.

Fixlog.txt:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2012
Ran by SYSTEM at 2012-12-16 17:26:15 Run:1
Running from E:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

The operation completed successfully.

The operation completed successfully.

==== End of Fixlog ====

Same thing on reboot...Startup Repair took over 20 minutes to do nothing, but I finally got the Problem Details info. See below!

Problem Event Name: Startup Repair Offline
Problem Signature 1: 6.1.7600.16385
Problem Signature 2: 6.1.7600.16385
Problem Signature 3: Unknown
Problem Signature 4: 21200924
Problem Signature 5: AutoFailover
Problem Signature 6: 2
Problem Signature 7: 0x7f
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033

Any idea what is going on?

Thx-
Craig

Edited by MCKNBRD, 16 December 2012 - 11:59 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users