Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cannot repair Windows


  • This topic is locked This topic is locked
45 replies to this topic

#1 ricbor

ricbor

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 07 September 2015 - 01:03 PM

Ok. so it seems that this is the place to get my answers.
 
First of all, thanks for reading and answering.
 
This i my problem since last thursday:
 
 
problem signature:
 
problem event name:   startuprepairoffline
problem signature 01:  6.1.7600.16385
problem signature 02:  6.1.7600.16385
problem signature 03:  unknown
problem signature 04:  21199703
problem signature 05:  autofailover
problem signature 06:  26
problem signature 07:  corruptfile
os version:                   6.1.7600.2.0.0.256.1
locale ID:                     1033
 
 
This is where I stand.  I'm no IT guy so I'll need step-by-step instructions please if anyone knows what to do.
 
Seems stupid but I think that it's my cats fault.  I left my wireless keyboard on and it might have pushed the wrong keys and this is what happened.  My girlfriend used my computer for work during the day.  Then, I used it around 4pm.  Around 8:30 pm, I browsed the Internet and it worked fine. Then, I saw a logged off screen which is not normal because it is disabled. My computer does not go into sleepmode, only the screensaver.  When I tried to use my computer later, nothing worked and I'm getting this screen since.  Only thing that changes is signature 06 that keeps going up every time it fails to repair.
 
please help.... can't work on my gf macbook. LOL
 
and also, if I can spare myself the trouble of reinstalling it would be great.
 
 
config:
dell xps 8500
win 7
i7 3770
gforce videocard
120 ssd for win files
2tb hhd for the rest of my files.
 
I might have files and/or programs installed on both drives (or some kind of shared installation) so this is why i'm not just reinstalling without asking here first.
 
thx a lot
 
ricci
 
 
p.s.
 
this is what I tried so far:
 
repair from windows files on the computer
repair from dvd
system restore to last week 
 
all of this no luck

Edited by Oh My!, 10 September 2015 - 04:46 PM.


BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:45 PM

Posted 10 September 2015 - 04:45 PM

Greetings ricbor and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I need some help understanding a couple of things:
 

repair from windows files on the computer

Did you run System File Checker or was it something else?
 

repair from dvd

Was this Startup Repair or a Repair Installation?


Please do this for me.

===================================================

Farbar's Recovery Scan Tool

--------------------

For this step you will need a USB flash drive and start on a clean computer.
  • From a working computer please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool
----------

Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:Option #2

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Option #3

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Response to questions
  • FRST log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:45 PM

Posted 13 September 2015 - 01:27 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 ricbor

ricbor
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 15 September 2015 - 11:02 PM

hi gary, my name is riccardo.  could not try things before.  sorry about it.  this saturday was my kid's bday.

 

 

1-  i tried to repair many times using this startup screen ( pic 1).  in order, this is what i was seeing: black screen with win7 logo and loading bar at bottom. then it would switch to a dos like screen with a "windows is loading files" and a large loading bar.  after that is the picture.

 

2-  i tried to repair using the win7 dvd like i would repair office for example.  i got a "windows was repaired successfully" message but on restart it would be just like before. ( p1c 1)

 

 

Last but not least:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015

Ran by SYSTEM on MININT-BAFH5R6 (15-09-2015 23:56:58)
Running from k:\
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe [1023104 2012-12-27] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe [801920 2012-12-27] (Atheros Commnucations)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-23] (NVIDIA Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-01-28] (ESET)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-12] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [Monitor] => "H:\Program Files\LeapFrog Connect\Monitor.exe"
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2015-05-25] (Microsoft Corporation)
HKU\HAHAmotherbleeper\...\Run: [MFP and Storage Server] => C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe [1925120 2010-03-26] (深圳市普联技术有限公司)
HKU\HAHAmotherbleeper\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] ()
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] ()
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2015-01-28] (ESET)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-23] (NVIDIA Corporation)
S3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-20] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-21] (Intel Corporation)
S2 MSSQL$QSRNVIVO8; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-23] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-23] (NVIDIA Corporation)
S3 RoxMediaDBVHS; C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [1112720 2012-07-30] (Corel Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-12-27] (Atheros)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-25] (Atheros)
S2 LeapFrog Connect Device Service; "H:\Program Files\LeapFrog Connect\CommandService.exe" [X]
S2 mitsijm2011; "H:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe" [X]
S2 WiseBootAssistant; H:\Program Files (x86)\Wise Care 365\BootTime.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-01-30] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241880 2015-01-30] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169792 2015-01-30] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [159480 2015-01-30] ()
S3 EST_BusEnum; C:\Windows\System32\DRIVERS\GenBus.sys [29696 2009-10-06] ( )
S3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [199168 2009-10-06] ( )
S3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368 2010-11-20] ()
S0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [568600 2012-02-01] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-23] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-02] (NVIDIA Corporation)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA64A.sys [736280 2011-12-28] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM64A.sys [1171992 2011-12-28] (eMPIA Technology, Inc.)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [11304 2015-03-26] (wisecleaner.com)
S1 WiseTDIFw; C:\Windows\WiseTDIFw64.sys [36904 2015-03-26] (WiseCleaner.com)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-15 23:56 - 2015-09-15 23:56 - 00000000 ____D C:\FRST
2015-09-03 23:36 - 2015-09-03 23:37 - 00000000 ____D C:\Windows\System32\config\mybackup
2015-08-31 19:04 - 2015-08-31 19:06 - 00000224 _____ C:\Windows\setupact.log
2015-08-31 19:04 - 2015-08-31 19:04 - 00004370 _____ C:\Windows\PFRO.log
2015-08-31 19:04 - 2015-08-31 19:04 - 00000000 _____ C:\Windows\setuperr.log
2015-08-31 18:55 - 2015-08-31 18:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-31 18:47 - 2015-08-31 18:48 - 00000000 ____D C:\Users\HAHAmotherbleeper\Documents\ccleaner
2015-08-31 18:45 - 2015-09-07 10:14 - 00000000 ____D C:\Program Files\CCleaner
2015-08-31 18:45 - 2015-08-31 18:45 - 00002826 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-08-31 18:45 - 2015-08-31 18:45 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-30 04:26 - 2015-08-30 04:26 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-30 04:26 - 2015-08-30 04:26 - 00000000 ____D C:\Program Files\iTunes
2015-08-30 04:26 - 2015-08-30 04:26 - 00000000 ____D C:\Program Files\iPod
2015-08-30 04:26 - 2015-08-30 04:26 - 00000000 ____D C:\Program Files (x86)\iTunes
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-07 10:14 - 2015-08-12 01:51 - 00000000 ____D C:\Program Files\Recuva
2015-09-07 10:14 - 2015-06-02 19:41 - 00000000 ___SD C:\Windows\System32\GWX
2015-09-07 10:14 - 2015-03-26 01:59 - 00000000 ____D C:\Users\HAHAmotherbleeper\AppData\Roaming\Wise Data Recovery
2015-09-07 10:14 - 2015-03-26 01:59 - 00000000 ____D C:\Program Files (x86)\Wise
2015-09-07 10:14 - 2015-03-26 01:58 - 00000000 ____D C:\Users\HAHAmotherbleeper\AppData\Roaming\Wise Care 365
2015-09-07 10:14 - 2013-08-12 19:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-07 10:14 - 2013-08-03 18:39 - 00000000 ____D C:\users\HAHAmotherbleeper
2015-09-07 10:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2015-09-03 21:48 - 2009-07-13 23:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-09-01 06:18 - 2013-08-03 19:55 - 00175784 _____ C:\Users\HAHAmotherbleeper\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-01 04:24 - 2013-08-03 20:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-01 02:42 - 2013-08-03 18:37 - 01049185 _____ C:\Windows\WindowsUpdate.log
2015-09-01 00:30 - 2009-07-13 20:45 - 00020704 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-01 00:30 - 2009-07-13 20:45 - 00020704 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-31 23:51 - 2013-08-03 19:41 - 00003998 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{33413D5A-7D80-42E8-B96E-79D4C0FBAB9F}
2015-08-31 19:08 - 2009-07-13 21:13 - 00849484 _____ C:\Windows\System32\PerfStringBackup.INI
2015-08-31 19:04 - 2013-08-03 19:53 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-31 19:04 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-31 19:04 - 2009-07-13 20:45 - 05123136 _____ C:\Windows\System32\FNTCACHE.DAT
2015-08-31 18:53 - 2013-09-02 06:13 - 00000000 ____D C:\Windows\Minidump
2015-08-31 18:53 - 2013-08-10 20:37 - 00000000 ____D C:\Users\HAHAmotherbleeper\AppData\Roaming\Azureus
2015-08-31 18:53 - 2013-08-04 06:38 - 00000000 ____D C:\Users\HAHAmotherbleeper\AppData\Local\CrashDumps
2015-08-31 18:53 - 2013-08-03 22:09 - 00000000 ____D C:\Windows\Panther
2015-08-30 10:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2015-08-30 04:26 - 2013-08-10 20:30 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-30 04:23 - 2013-08-10 20:31 - 00000000 ____D C:\Users\HAHAmotherbleeper\AppData\Roaming\Apple Computer
2015-08-23 18:17 - 2013-08-04 06:25 - 00000000 ____D C:\Users\HAHAmotherbleeper\AppData\Local\Deployment
 
==================== Known DLLs (Whitelisted) =========================
 
[2015-06-02 17:47] - [2015-02-12 21:22] - 14177280 ____A () C:\Windows\System32\SHELL32.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points =========================
 
Restore point date: 2015-09-01 00:23:14
Restore point date: 2015-09-01 05:04:08
 
==================== Memory info =========================== 
 
Percentage of memory in use: 7%
Total physical RAM: 16344.94 MB
Available physical RAM: 15112.29 MB
Total Virtual: 16343.09 MB
Available Virtual: 15153.76 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:9.91 GB) NTFS
Drive d: (Documents) (Fixed) (Total:1299.6 GB) (Free:299.39 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:1862.92 GB) (Free:1826.92 GB) NTFS
Drive g: (vuze temp) (Fixed) (Total:97.66 GB) (Free:33.55 GB) NTFS
Drive i: (CD_ROM) (CDROM) (Total:3.48 GB) (Free:0 GB) CDFS
Drive k: (Lexar) (Removable) (Total:7.45 GB) (Free:5.15 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C2232B89)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 484C50BA)
Partition 1: (Not Active) - (Size=1299.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 9DCC6697)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
 
LastRegBack: 2015-08-31 20:59
 
==================== End of FRST.txt ============================
 
 
 
 
thanks again. good night

 

 



#5 ricbor

ricbor
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 15 September 2015 - 11:04 PM

ok

 

no picture here.  basically it is the same as startup repair from the System Recovery Options menu.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:45 PM

Posted 16 September 2015 - 09:47 AM

Hi Riccardo and Happy Birthday to your child!

Thanks for the details, it does help.

Please consider and do this.

===================================================

Use of Registry Cleaner Not Recommended

--------------------

BleepingComputer DOES NOT recommend the use of registry cleaners/optimizers or the registry cleaner component of software for several reasons:
  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
    • The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
  • Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
If you persist in using a registry cleaner you should always backup the registry before doing so.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
LastRegBack: 2015-08-31 20:59
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode or, if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Are you able to boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 ricbor

ricbor
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 17 September 2015 - 11:08 PM

ok so this is what I'm getting out of the fix log file: 

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015

Ran by SYSTEM (2015-09-17 23:48:57) Run:1
Running from o:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
LastRegBack: 2015-08-31 20:59
*****************
 
DEFAULT => copied successfully to System32\config\HiveBackup
DEFAULT => restored successfully from registry back up
SAM => copied successfully to System32\config\HiveBackup
SAM => restored successfully from registry back up
SECURITY => copied successfully to System32\config\HiveBackup
SECURITY => restored successfully from registry back up
SOFTWARE => copied successfully to System32\config\HiveBackup
SOFTWARE => restored successfully from registry back up
SYSTEM => copied successfully to System32\config\HiveBackup
SYSTEM => restored successfully from registry back up
 
==== End of Fixlog 23:49:01 ====
 
 
also, I'm unable to boot in normal or safe mode.
 
thx
 


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:45 PM

Posted 18 September 2015 - 08:44 AM

Thank you, this is our next step.

===================================================

Running sfc /scannow in Windows 7/Vista Recovery Environment

-----------------
  • Restart the computer
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears
  • Use the arrow keys to select the Repair your computer menu item
  • Select English as the keyboard language settings, and then click Next
  • For Windows 8 hit the Windows Key + I at the same time, click the Power button, then hold down the Shift Key while clicking Restart
  • Once you are in the System Recovery Options menu you will get the following options

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • Type the following (there is a space before each "/") after the Command Prompt and hit Enter (if you receive an error replace C:\ with D:\)

SFC /SCANNOW /OFFBOOTDIR=C:\ /OFFWINDIR=C:\WINDOWS

  • Attempt to boot your computer in Normal or Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Can you boot your computer?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 ricbor

ricbor
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 20 September 2015 - 11:06 PM

ok done

 

tried it with c: and d: but what comes back is: windows resource protection could not start the repair service.

 

then i tried with h: since it seems that that is the letter for the win partition. I'm getting this:

 

beginning system scan.  this process will take some time.

 

windows resource protection could not perform the requested operation.

 

 

 

obviously, I can't start the pc in either normal or safe mode

 

thx



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:45 PM

Posted 21 September 2015 - 09:23 AM

Please do this.

===================================================

System Restore from System Recovery Options

--------------------

Use one of the following two ways to enter System Recovery Options from the Advanced Boot Options:

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Once you are in the System Recovery Options menu you will get the following options:


Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select System Restore (please be patient as it may take a minute or two to load)
  • Select Next
  • If necessary check Show restore points older than 5 days
  • Left click on the Restore Point dated 2015-09-01 05:04:08, then click Next
  • If you receive a caution screen, make sure your System Drive (C:) is checked, then click Next
  • Click Finish and allow System Restore to run.
  • Attempt to boot your computer into Normal Mode or, if unsuccessful, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 ricbor

ricbor
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 22 September 2015 - 10:06 PM

well... 

 

 

nothing new here.  I did what was asked but it didn't work.  Could it be because I'm not getting the same restore point you wanted me to select.  I had one dated 9-1-2015 12:something and a second one dated 9-1-2015 05:03:59, but not yours.

Find this odd because I see it in the frst log.

I tried with the 5 o'clock one and it didn't boot at all.

 

thx



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:45 PM

Posted 22 September 2015 - 10:36 PM

Thank you,

Please do this.

===================================================

Kaspersky Rescue Disk 10 CD

--------------

To complete this process you will need a USB device and a blank CD.
  • On a clean computer download Kaspersky Rescue Disk 10 and save it to your desktop
  • Now go to the ISO Recorder site and download the version for your operating system (do not download the command line version)
  • Save the file to your desktop
  • Double click the icon to start the program
  • Select Run, then continue to select Next until you receive a notification that the installation was complete
  • Close the installation window
  • Insert a blank CD into your CD ROM drive
  • Right click on the kav_rescue_10.iso file on your desktop and select Copy image to CD/DVD
  • Make sure Image File is selected and it shows the kavrescue_10.iso file
  • In the Recorder section make sure it shows your CD ROM drive
  • Select the lowest recording speed
  • Click Next
  • Click Finish on the Operation has been completed screen
  • Remove the CD and insert it, and your USB device into the infected computer
  • Reboot the infected computer
  • As the computer boots up gently tap F12 (you may need to tap a different key like Del, Esc, F2.....) and choose to boot from CD/DVD
  • When the Kaspersky Rescue Disk screen appears press any key within 10 seconds
  • Press Enter on English which should be highlighted by default
  • Press 1 to accept the agreement
  • Press Enter on Kaspersky Rescue Disk. Graphic Mode which should be highlighted by default
  • Allow the program to load and mount the disks
  • Select your operating system then click OK
  • Place a check mark in each box except for sda1
  • Click Start Objects Scan
  • Upon completion do not Quarantine any items yet, simply click Report, save it to your USB device, then from your clean computer copy and paste the results in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Kaspersky report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 ricbor

ricbor
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 23 September 2015 - 09:37 PM

ok thanks.  I'll try this tomorrow as I will have access to another pc.  can't run all this on a mac computer.  I'll keep u posted.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:45 PM

Posted 23 September 2015 - 09:58 PM

OK, thanks for letting me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 ricbor

ricbor
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 24 September 2015 - 10:25 PM

this might sound like a stupid question, but do I need to run the msi file on a win7 pc since this is what I have? And does the version of win7 or vista is important (not x86 or x64 but home, pro,...)

 

thanks






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users