Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Inncorect Fix Using Farbar Recovery scan tool.


  • This topic is locked This topic is locked
30 replies to this topic

#1 PhilipMoore1953

PhilipMoore1953

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bend Oregon
  • Local time:12:20 PM

Posted 10 August 2015 - 02:35 PM

Hello,

I want to extend a warm THANK YOU for AlexStraza and Luis showing professionalism during a rather embarrasing time.

To the others of you that found extreme satisfaction in commenting on my obvious lack of expertise I would suggest to you either leave your attitude at the door or stop doing this as your comments were totally without merit.

 

My problem is that after running Farbar and prepairing a Fixlist this resuled in my Windows 10 now becoming non-bootable.

 

I believe this occurred due to my errors made when attempting a fixlist.

 

Alex asked that I prepare a Fixlist of the Windows 10 OS and submit it in this post. That is what I'm entering now:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-08-2015
Ran by SYSTEM on MININT-IMD0ES0 (10-08-2015 11:56:04)
Running from G:\
Platform: WIN_81 (X64) Language: English (United States)
Boot Mode: Recovery
ATTENTION: Could not load system hive.
ATTENTION: System hive is missing.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

ATTENTION: Software hive is missing.

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


========================== Drivers MD5 =======================


==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)


==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION
C:\Windows\explorer.exe IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION
C:\Windows\System32\dnsapi.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION
C:\Windows\System32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3977.7 MB
Available physical RAM: 3317.09 MB
Total Virtual: 3977.7 MB
Available Virtual: 3349.79 MB

==================== Drives ================================

Drive d: (Recovery) (Fixed) (Total:0.59 GB) (Free:0.3 GB) NTFS
Drive e: (Push Button Reset) (Fixed) (Total:14.89 GB) (Free:1.08 GB) NTFS
Drive g: (RECOVERY) (Removable) (Total:29.1 GB) (Free:29.09 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
Drive y: (Local Disk ) (Fixed) (Total:449.87 GB) (Free:437.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E9E577D2)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of log ============================

 

 



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:20 PM

Posted 10 August 2015 - 03:10 PM

Hello and welcome to the Malware Removal Logs area :)

My name is Alexstrasza and I will assist you with your problem. You can call me Alex :)

Please allow me some time to consult with my instructor and I will be back with more information.

#3 PhilipMoore1953

PhilipMoore1953
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bend Oregon
  • Local time:12:20 PM

Posted 10 August 2015 - 03:17 PM

Thanks Alex, I'm pleased that you are the one that will be helping me. I'm not in any rush, I look forward to hearing from you.

You can call me Philip.



#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:20 PM

Posted 11 August 2015 - 05:58 AM

Hello Philip,

Before we begin, there are a few things I want to make sure you know:
  • I am currently in training, so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.
  • Please do not run any tools without being instructed to, as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the Follow this topic button, and make sure a tick is in the receive notifications and is set to Instantly. Any replies should be made in this topic by clicking the Reply to this topic button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. Please inform me if you need more time.
Shall we begin then?

===

Search with Farbar Recovery Scan Tool in Recovery Environment
  • Plug the flash drive containing FRST into the sick computer.
  • Enter the Recovery Environment in Windows 10 using these instructions.
  • At Advanced Options select Command Prompt.
Once in the Command Prompt:
  • Start FRST from the flash drive.
  • In the Search box, type in the following: fixlog.txt.
  • Press Search Files.
  • It will make a log (Search.txt) in the flash drive. Please copy and paste it to your reply.
Regards,
Alex 

#5 PhilipMoore1953

PhilipMoore1953
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bend Oregon
  • Local time:12:20 PM

Posted 11 August 2015 - 03:25 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-08-2015 02
Ran by SYSTEM on MININT-D215FGG (11-08-2015 13:10:38)
Running from D:\
Platform: WIN_81 (X64) Language: English (United States)
Boot Mode: Recovery
ATTENTION: Could not load system hive.
ATTENTION: System hive is missing.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

ATTENTION: Software hive is missing.

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)


==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION
C:\Windows\explorer.exe IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION
C:\Windows\System32\dnsapi.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION
C:\Windows\System32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3977.7 MB
Available physical RAM: 3319.3 MB
Total Virtual: 3977.7 MB
Available Virtual: 3352.78 MB

==================== Drives ================================

Drive d: (RECOVERY) (Removable) (Total:29.1 GB) (Free:29.08 GB) FAT32
Drive e: (Recovery) (Fixed) (Total:0.59 GB) (Free:0.3 GB) NTFS
Drive f: (Push Button Reset) (Fixed) (Total:14.89 GB) (Free:1.08 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
Drive y: (Local Disk ) (Fixed) (Total:449.87 GB) (Free:446.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E9E577D2)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.1 GB) (Disk ID: 98529852)
Partition 1: (Active) - (Size=29.1 GB) - (Type=0C)

==================== End of log ============================


Farbar Recovery Scan Tool (x64) Version:11-08-2015 02
Ran by SYSTEM (2015-08-11 13:09:46)
Running from D:\
Boot Mode: Recovery

================== Search Files: "fixlog.txt" =============

====== End of Search ======

 

This is the extent of the search log.

I look forward to hearing from you.



#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:20 PM

Posted 12 August 2015 - 05:15 AM

Hello Philip,

We will search for the folder where FRST stores the files that it moved to quarantine.

Fix with Farbar Recovery Scan Tool in Recovery Environment
  • On the clean computer, press the Windows key + R to bring up the Run box. Type notepad into it and press Enter.
  • Copy the contents of the following codebox into Notepad:
    FindFolder: FRST
    
  • Save the file as fixlist.txt to your flash drive. Once done, close Notepad and eject the flash drive.
  • Delete the existing copy of FRST and download the latest version of FRST from here to your flash drive.
  • Plug the flash drive containing FRST and the fixlist into the sick computer.
  • Enter the Recovery Environment in Windows 10 using these instructions.
  • At Advanced Options select Command Prompt.
Once in the Command Prompt:
  • Launch FRST from the flash drive.
  • Press Fix just once and wait.
  • FRST will produces a log named fixlog.txt in your flash drive. Please copy and paste the contents of that log in your next reply.
Regards,
Alex

Edited by Alexstrasza, 12 August 2015 - 05:16 AM.


#7 PhilipMoore1953

PhilipMoore1953
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bend Oregon
  • Local time:12:20 PM

Posted 12 August 2015 - 11:02 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:11-08-2015 02

Ran by SYSTEM (2015-08-12 08:55:05) Run:1
Running from D:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
findfolder:frst
*****************
 
================== FindFolder: "findfolder:frst" ===================
 
folder not found
 
=== End of FindFolder ===
 
==== End of Fixlog 08:55:05 ====
 
This to me doesn't look terribly promising. 
My ACER computer shows a drive partition named "One Button Reset"
Is that a possibility?
I haven't done anything with it yet, just thought I would bring it to your attention. 
Thanks
Philip


#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:20 PM

Posted 12 August 2015 - 11:40 AM

Hello Philip,

Please download the fixlist I have attached for you at the bottom of this post, then use it with FRST in Recovery Environment using the instructions above.

Regards,
Alex

#9 PhilipMoore1953

PhilipMoore1953
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bend Oregon
  • Local time:12:20 PM

Posted 12 August 2015 - 12:13 PM

Hi Alex, 

This log is the result of running the fixlist.txt in which you attached to your last Post. 

 

** ATTENTION** Please read my question/comments after posted log. Thank you. 

 
Fix result of Farbar Recovery Scan Tool (x64) Version:11-08-2015 02
Ran by SYSTEM (2015-08-12 10:00:02) Run:1
Running from G:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
FindFolder: FRST
*****************
 
================== FindFolder: "FRST" ===================
 
folder not found
 
=== End of FindFolder ===
 
==== End of Fixlog 10:00:02 ====

While waiting on your reply, I tried restarting the computer while holding down the 

ALT button and the F10 key. This brought me to screen asking me to choose which language

I wanted. After choosing it first attempted to reset the system and then provided me a message 

which reads: Unable to reset your PC a required drive partition is missing.

I know better than trying other things in the middle of a helpers instruction.

I apologize in advance if this messed things up. 



#10 PhilipMoore1953

PhilipMoore1953
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bend Oregon
  • Local time:12:20 PM

Posted 12 August 2015 - 12:47 PM

Last tid bit I promise

When I try going to sfc /scannow 
I get a message in which it reads:
There is a system repair pending which requires a reboot to complete. 
Restart Windows and run sfc again. 
 
After running windows again it takes me back just as before and when I 
run SFC again the message is repeated 


#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:20 PM

Posted 13 August 2015 - 12:32 PM

Hello Philip,

I'm afraid I have some bad news.

Since the search for the folder containing files that FRST moved to proved fruitless, your operating system is most likely ruined at this point. It's faster and less frustrating for you to do a reinstallation of Windows 10 rather than trying to fix it.

Let me know what you decide to do.

Regards,
Alex



#12 PhilipMoore1953

PhilipMoore1953
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bend Oregon
  • Local time:12:20 PM

Posted 13 August 2015 - 01:45 PM

Hi Alex
I understand what you are saying
Can you give me direction in doing this?
Thank you!

#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:20 PM

Posted 13 August 2015 - 04:09 PM

Hello Philip,

Do you have any data on the drive that needed to be recovered? We need to make sure of that before reinstalling Windows.

Regards,
Alex

#14 PhilipMoore1953

PhilipMoore1953
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bend Oregon
  • Local time:12:20 PM

Posted 13 August 2015 - 04:25 PM

I have nothing from system that I need. I understand we will erase all data. Thanks for asking

#15 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:20 PM

Posted 14 August 2015 - 04:56 AM

Hello Philip,

This article details how to use the Media Creation Tool to create and perform a clean Windows 10 installation.

You will need your license key at the ready - if your machine was upgraded from OEM Windows (that comes with the computer when it is bought) to Windows 10 then the license key should be on a sticker somewhere on the machine.

Regards,
Alex 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users