Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Blue screen - can't restore Image


  • This topic is locked This topic is locked
3 replies to this topic

#1 KovaZg

KovaZg

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 PM

Posted 24 April 2014 - 07:07 AM

Hello,

first of all greetings to all, I'm IT guy and usually I get around problems and solve them, but from time to time, I get to new challenges that I can't solve easy way.

 

My friend reported problem with Acer 5920 ZD1, no Operating System after boot screen.

Checked Disk, maybe it was connection problem, after my check, it worked till Windows Boot Logo, then blue screen.

 

In System Repair I got something similar to this, :

The Windows Repair Problem Signature

Problem Event Name: Startup Repair Offline

Problem Signature 1: 6.1.7600.16385

Problem Signature 2: 6.1.7600.16385

Problem Signature 3: Unknown

Problem Signature 4: 21199824

Problem Signature 5: AutoFailover

Problem Signature 6: 3

Problem Signature 7: NoRootCause

Version: 6.1.7600.2.0.0.256.1

Locale ID: 1033

 

As I found this error in other post here, I ran some diagnostic up front.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by SYSTEM on MININT-HFUVASU on 24-04-2014 13:42:44
Running from G:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b]


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-15] (Apple Inc.)
HKLM-x32\...\Run: [CancelAutoPlay] => C:\Program Files (x86)\Vip mobilni internet\CancelAutoPlay.exe [414544 2012-03-12] ()
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Vip mobilni internet\UIExec.exe [156448 2012-05-11] ()
HKU\Admin\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)

==================== Services (Whitelisted) =================

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 UI Assistant Service; C:\Program Files (x86)\Vip mobilni internet\AssistantServices.exe [274760 2012-07-18] ()

==================== Drivers (Whitelisted) ====================

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-06-24] (Nuvoton Technology Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-24 13:29 - 2014-04-24 13:42 - 00000000 ____D () C:\FRST

==================== One Month Modified Files and Folders =======

2014-04-24 13:42 - 2014-04-24 13:29 - 00000000 ____D () C:\FRST
2014-04-24 11:56 - 2014-02-23 07:55 - 00000000 ____D () C:\Program Files (x86)\Vip mobilni internet
2014-04-24 11:56 - 2013-04-04 07:52 - 00000000 ____D () C:\users\Admin
2014-04-24 11:56 - 2010-11-20 23:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-24 11:56 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-04-24 11:55 - 2013-04-25 12:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-04-24 02:31 - 2013-04-24 03:53 - 00000000 ____D () C:\Users\Admin\Desktop\New Folder
2014-04-06 10:47 - 2013-04-04 07:49 - 01785016 _____ () C:\Windows\WindowsUpdate.log
2014-04-06 10:46 - 2009-07-13 21:13 - 00713888 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-06 10:43 - 2009-07-13 20:45 - 00021472 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 10:43 - 2009-07-13 20:45 - 00021472 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 10:36 - 2013-04-24 03:43 - 00000942 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-06 10:36 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-06 10:36 - 2009-07-13 20:51 - 00068248 _____ () C:\Windows\setupact.log
2014-04-04 23:33 - 2013-04-24 03:43 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-04 23:31 - 2013-04-12 03:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-02 13:28 - 2013-04-24 03:43 - 00003942 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-02 13:28 - 2013-04-24 03:43 - 00003690 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\ose00000.exe
C:\Users\Admin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Admin\AppData\Local\Temp\Uninstaller.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-02-23 07:41:54
Restore point made on: 2014-02-23 07:53:14
Restore point made on: 2014-03-02 09:35:53
Restore point made on: 2014-03-06 08:42:53
Restore point made on: 2014-03-16 11:43:14
Restore point made on: 2014-03-20 14:20:44
Restore point made on: 2014-03-24 04:16:42
Restore point made on: 2014-03-28 10:10:15
Restore point made on: 2014-04-01 10:43:45
Restore point made on: 2014-04-06 10:47:36

==================== Memory info =========================== 

Percentage of memory in use: 17%
Total physical RAM: 3070.43 MB
Available physical RAM: 2526.38 MB
Total Pagefile: 3068.63 MB
Available Pagefile: 2512.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:65.56 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:200.43 GB) (Free:193.32 GB) NTFS
Drive g: (GRMCULXFRER) (Removable) (Total:30.22 GB) (Free:30.22 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 400427B8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 000A0D74)
Partition 4: (Active) - (Size=30 GB) - (Type=0C)


LastRegBack: 2014-03-30 12:45

==================== End Of Log ============================

I removed this ATTENTION, Boot cache, found on some instructions to remove it. No luck.

From what I can see, among last operations it was Windows Update. I'm not sure what is wrong, but I can't run System Restore, and above you can see that there are couple of restore points. 

EDIT:

Oh, I wasn't able to run system restore when FRST was ran. But by default Repair, I got to system restore, and there I can see Critical updates and dates, and I put system restore to first date before updates.

Maybe that solves issue, will edit this post.

EDIT 2:

No, system restore got to some error: 0x800700b7 or similar, trying Windows Critical Update, system restore, that is one before latest, after that no matter if it works I will reboot to check. 

EDIT 3:

System restore Successful but, still blue screen, same error 0x00000007b (and some other code in brackets)

 

I could just install new OS, but I really want to get to this one, as I have some spare time.

 

Thank you very much in advance.

Tommy.


Edited by hamluis, 24 April 2014 - 11:09 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 KovaZg

KovaZg
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 PM

Posted 25 April 2014 - 09:24 AM

Moved to Malwer, how you know it's malware? Help.



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:19 PM

Posted 29 April 2014 - 07:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/532152 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:19 PM

Posted 04 May 2014 - 07:15 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users