Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't start windows 7 - acpi.sys is corrupt


  • This topic is locked This topic is locked
39 replies to this topic

#1 princess153

princess153

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:54 AM

Posted 04 October 2015 - 08:26 PM

hello! i have a windows 7 computer (i did not originally own the computer, it used to be my brother's and he's a computer genius but he's moved out) and i don't know much else about the computer itself. i noticed a while ago i was having problems with adblock blocking way more ads than what should have been on general sites like youtube, but a simple mbam scan wiped that away (some adware and a trojan). then it came back, but scans turned up nothing. then as i scanned more, i noticed google chrome became unable to load any pages. i closed it out to test something (to see if i could get it to open back up) but upon clicking the chrome icon, the little wheel spun but no window opened. then i tried opening IE, which would open as a white box and close without an error. more scans brought up nothing. i restarted the computer and opened it in safe mode with networking, where i was able to access both chrome and IE, and looked for solutions. (i had both avg and mbam versions installes and dumb me decided downloading superantispyware and avast! on top of those were a good idea.) i performed more scans and all there was to delete were harmless internet cookies. i deleted a couple of old video games my brother had downloaded, too. i was able to restart into normal mode but still had no success in opening the internet. i left another scan open and became too busy to try to come back and repair the computer for a while, but today i finally was able to try again (only to discover the computer had been turned off, likely by a power outage as those happen sometimes) i performed a quick scan with superantispyware which produced no results besides more internet cookies. i decided maybe i'll uninstall avast because i have heard both good and bad things about it, and upon trying to do that through the windows uninstaller, it told me i had a conflictiing antivirus (avg free 2015) and had me restart. ever since then i have only been able to access system repair. that has only failed me and says it cannot repair automatically. the "diagnosis and repair details" only lists one problem: "Root cause found: Boot critical file d:\windows\system32\drivers\acpi.sys is corrupt. Repair action: file repair Result: Failed. Error code = 0x2" after that, I restarted again to see if maybe it was a one time thing, but restarting brought me the same results, and this time i chose to look at the problem details that shows up in the prompt asking me whether or not to send details to microsoft. This says:
Problem Event Name: StartupRepairOffline
Problem Signature 01: 6.1.7600.16385
Problem Signature 02: 6.1.7600.16385
Problem Signature 03: unknown
Problem Signature 04: 21200908
Problem Signature 05: AutoFailover
Problem Signature 06: 8
Problem Signature 07: CorruptFile
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033


Also, I cannot give you a log that you request i give before you help because i cannot access any version of windows besides startup repair, sorry. My apologies that some of my replies may take a bit, as I lead a busy life. i also do not believe i have the installation disc. thank you in advance!

BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:10:54 AM

Posted 08 October 2015 - 03:54 AM

Hello and welcome to the Malware Removal Logs area :)

My name is Alexstrasza and I will assist you with your problem. You can call me Alex :)

Before we begin, there are a few things I want to make sure you know:
  • I am currently in training, so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.
  • Please do not run any tools without being instructed to, as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the Follow this topic button, and make sure a tick is in the receive notifications and is set to Instantly. Any replies should be made in this topic by clicking the Reply to this topic button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. Please inform me if you need more time.
  • Please stay with me until I have confirmed that you are clean. Absence of symptoms does not mean that the computer is clean.
Shall we begin then?

===

Since you cannot boot into Windows, please try this.

Do you have another computer and a flash drive?

Farbar Recovery Scan Tool in Recovery Environment

On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========

Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for 64-bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
If you cannot create the log for any reason, please let me know.

Regards,
Alex

Edited by Alexstrasza, 08 October 2015 - 03:55 AM.


#3 princess153

princess153
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:54 AM

Posted 08 October 2015 - 07:17 AM

Hello, Alex! You can call me Hollie if you'd like. I will try this as soon as I get home, thank you. Will post logs asap after.

#4 princess153

princess153
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:54 AM

Posted 08 October 2015 - 08:32 PM

Will post the logs in a bit. I'll be honest I used to browse these forums when I was younger and remember a lot about ZeroAccess and I remember a huge sign was the volsnap.sys missing or corrupted and well, that appeared in the log. I have to move the log to a really old XP computer, which is generally slow, so I apologize for the time it's taking to get the logs. Also, frst64 was the application to work, so it's a 64 bit computer running windows 7. I also found what I believe to be the installation disk, but it's not solely for installing the OS - the disk also says it installs vista or XP but has windows 7 support, so I don't really know what that means. ... It would help if I could figure out how to open the disk drive, though. It won't open ever after pressing the reset button with a paperclip. But I'd prefer to deal with that only if we have to. Thank you for your assistance so far, I will have the logs in a bit

#5 princess153

princess153
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:54 AM

Posted 08 October 2015 - 09:52 PM

Okay, here's the log.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-10-2015
Ran by SYSTEM on MININT-OKV9TP7 (08-10-2015 20:18:53)
Running from e:\
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 10
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.)
HKU\Hollie\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\Hollie\...\Run: [GoogleChromeAutoLaunch_A20037CAD13599D3E3991F58814A22CF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-23] (Google Inc.)
HKU\Rick\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\Rick\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-30] (SUPERAntiSpyware)
HKU\user\...\Run: [Steam] => c:\program files (x86)\steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\user\...\Run: [Octoshape Streaming Services] => "C:\Users\Rick\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
HKU\user\...\Run: [HydraVisionDesktopManager] => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-02-21]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-02-21]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk [2012-10-21]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-26] (Wacom Technology, Corp.)
S4 TabletServicePen; C:\Windows\system32\Pen_Tablet.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313264 2015-08-19] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
S1 GizmoDrv; no ImagePath
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-09-13] ()
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 secdrv; no ImagePath
S3 1394ohci; \SystemRoot\system32\drivers\1394ohci.sys [X]
S0 ACPI; system32\drivers\ACPI.sys [X]
S3 AcpiPmi; \SystemRoot\system32\drivers\acpipmi.sys [X]
S3 adp94xx; \SystemRoot\system32\DRIVERS\adp94xx.sys [X]
S3 adpahci; \SystemRoot\system32\DRIVERS\adpahci.sys [X]
S3 adpu320; \SystemRoot\system32\DRIVERS\adpu320.sys [X]
S3 agp440; \SystemRoot\system32\drivers\agp440.sys [X]
S3 aliide; \SystemRoot\system32\drivers\aliide.sys [X]
S3 amdide; \SystemRoot\system32\drivers\amdide.sys [X]
S3 AmdK8; \SystemRoot\system32\DRIVERS\amdk8.sys [X]
S3 amdkmdag; system32\DRIVERS\atikmdag.sys [X]
S3 amdkmdap; system32\DRIVERS\atikmpag.sys [X]
S3 AmdPPM; \SystemRoot\system32\DRIVERS\amdppm.sys [X]
S3 amdsata; \SystemRoot\system32\drivers\amdsata.sys [X]
S3 amdsbs; \SystemRoot\system32\DRIVERS\amdsbs.sys [X]
S0 amdxata; system32\drivers\amdxata.sys [X]
S3 arc; \SystemRoot\system32\DRIVERS\arc.sys [X]
S3 arcsas; \SystemRoot\system32\DRIVERS\arcsas.sys [X]
S0 atapi; system32\drivers\atapi.sys [X]
S3 AtiHDAudioService; system32\drivers\AtihdW76.sys [X]
S3 AtiHdmiService; system32\drivers\AtiHdmi.sys [X]
S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbda.sys [X]
S3 b57nd60a; system32\DRIVERS\b57nd60a.sys [X]
S1 blbdrive; system32\DRIVERS\blbdrive.sys [X]
S3 BrFiltLo; \SystemRoot\system32\DRIVERS\BrFiltLo.sys [X]
S3 BrFiltUp; \SystemRoot\system32\DRIVERS\BrFiltUp.sys [X]
S3 Brserid; \SystemRoot\System32\Drivers\Brserid.sys [X]
S3 BrSerWdm; \SystemRoot\System32\Drivers\BrSerWdm.sys [X]
S3 BrUsbMdm; \SystemRoot\System32\Drivers\BrUsbMdm.sys [X]
S3 BrUsbSer; \SystemRoot\System32\Drivers\BrUsbSer.sys [X]
S3 BTHMODEM; \SystemRoot\system32\DRIVERS\bthmodem.sys [X]
S1 cdrom; system32\DRIVERS\cdrom.sys [X]
S3 circlass; \SystemRoot\system32\DRIVERS\circlass.sys [X]
S3 CmBatt; \SystemRoot\system32\DRIVERS\CmBatt.sys [X]
S3 cmdide; \SystemRoot\system32\drivers\cmdide.sys [X]
S3 Compbatt; \SystemRoot\system32\DRIVERS\compbatt.sys [X]
S3 CompositeBus; \SystemRoot\system32\drivers\CompositeBus.sys [X]
S4 crcdisk; \SystemRoot\system32\DRIVERS\crcdisk.sys [X]
S0 Disk; system32\DRIVERS\disk.sys [X]
S3 drmkaud; system32\drivers\drmkaud.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ebdrv; \SystemRoot\system32\DRIVERS\evbda.sys [X]
S1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [X]
S3 elxstor; \SystemRoot\system32\DRIVERS\elxstor.sys [X]
S3 ErrDev; \SystemRoot\system32\drivers\errdev.sys [X]
S3 fdc; \SystemRoot\system32\DRIVERS\fdc.sys [X]
S3 flpydisk; \SystemRoot\system32\DRIVERS\flpydisk.sys [X]
S3 gagp30kx; \SystemRoot\system32\DRIVERS\gagp30kx.sys [X]
S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [X]
S3 hamachi; system32\DRIVERS\hamachi.sys [X]
S3 hcw85cir; \SystemRoot\system32\drivers\hcw85cir.sys [X]
S3 HdAudAddService; \SystemRoot\system32\drivers\HdAudio.sys [X]
S3 HDAudBus; \SystemRoot\system32\drivers\HDAudBus.sys [X]
S3 HidBatt; \SystemRoot\system32\DRIVERS\HidBatt.sys [X]
S3 HidBth; \SystemRoot\system32\DRIVERS\hidbth.sys [X]
S3 HidIr; \SystemRoot\system32\DRIVERS\hidir.sys [X]
S3 hidkmdf; system32\DRIVERS\hidkmdf.sys [X]
S3 HidUsb; system32\DRIVERS\hidusb.sys [X]
S3 HpSAMD; \SystemRoot\system32\drivers\HpSAMD.sys [X]
S3 i8042prt; \SystemRoot\system32\drivers\i8042prt.sys [X]
S3 iaStorV; \SystemRoot\system32\drivers\iaStorV.sys [X]
S3 iirsp; \SystemRoot\system32\DRIVERS\iirsp.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 intelide; \SystemRoot\system32\drivers\intelide.sys [X]
S3 intelppm; system32\DRIVERS\intelppm.sys [X]
S3 IPMIDRV; \SystemRoot\system32\drivers\IPMIDrv.sys [X]
S3 isapnp; \SystemRoot\system32\drivers\isapnp.sys [X]
S3 iScsiPrt; \SystemRoot\system32\drivers\msiscsi.sys [X]
S0 JRAID; system32\DRIVERS\jraid.sys [X]
S3 kbdclass; system32\DRIVERS\kbdclass.sys [X]
S3 kbdhid; system32\DRIVERS\kbdhid.sys [X]
S3 LADF_DHP2; system32\DRIVERS\ladfDHP2amd64.sys [X]
S3 LADF_SBVM; system32\DRIVERS\ladfSBVMamd64.sys [X]
S3 LGBusEnum; system32\drivers\LGBusEnum.sys [X]
S3 LGSHidFilt; system32\DRIVERS\LGSHidFilt.Sys [X]
S3 LGSUsbFilt; system32\DRIVERS\LGSUsbFilt.Sys [X]
S3 LGVirHid; system32\drivers\LGVirHid.sys [X]
S3 LSI_FC; \SystemRoot\system32\DRIVERS\lsi_fc.sys [X]
S3 LSI_SAS; \SystemRoot\system32\DRIVERS\lsi_sas.sys [X]
S3 LSI_SAS2; \SystemRoot\system32\DRIVERS\lsi_sas2.sys [X]
S3 LSI_SCSI; \SystemRoot\system32\DRIVERS\lsi_scsi.sys [X]
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]
S3 megasas; \SystemRoot\system32\DRIVERS\megasas.sys [X]
S3 MegaSR; \SystemRoot\system32\DRIVERS\MegaSR.sys [X]
S3 monitor; system32\DRIVERS\monitor.sys [X]
S3 mouclass; system32\DRIVERS\mouclass.sys [X]
S3 mouhid; system32\DRIVERS\mouhid.sys [X]
S3 mpio; \SystemRoot\system32\drivers\mpio.sys [X]
S3 msahci; \SystemRoot\system32\drivers\msahci.sys [X]
S3 msdsm; \SystemRoot\system32\drivers\msdsm.sys [X]
S0 msisadrv; system32\drivers\msisadrv.sys [X]
S1 mssmbios; \SystemRoot\system32\drivers\mssmbios.sys [X]
S3 MTConfig; \SystemRoot\system32\DRIVERS\MTConfig.sys [X]
S3 nfrd960; \SystemRoot\system32\DRIVERS\nfrd960.sys [X]
S3 NVENETFD; system32\DRIVERS\nvm62x64.sys [X]
S3 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 nvraid; \SystemRoot\system32\drivers\nvraid.sys [X]
S3 nvstor; \SystemRoot\system32\drivers\nvstor.sys [X]
S3 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 nv_agp; \SystemRoot\system32\drivers\nv_agp.sys [X]
S3 ohci1394; \SystemRoot\system32\drivers\ohci1394.sys [X]
S3 Parport; \SystemRoot\system32\DRIVERS\parport.sys [X]
S0 pci; system32\drivers\pci.sys [X]
S0 pciide; system32\drivers\pciide.sys [X]
S3 pcmcia; \SystemRoot\system32\DRIVERS\pcmcia.sys [X]
S3 Processor; \SystemRoot\system32\DRIVERS\processr.sys [X]
S3 ql2300; \SystemRoot\system32\DRIVERS\ql2300.sys [X]
S3 ql40xx; \SystemRoot\system32\DRIVERS\ql40xx.sys [X]
S3 rdpbus; \SystemRoot\system32\DRIVERS\rdpbus.sys [X]
S3 RTL8167; system32\DRIVERS\Rt64win7.sys [X]
S3 sbp2port; \SystemRoot\system32\drivers\sbp2port.sys [X]
S3 Serenum; system32\DRIVERS\serenum.sys [X]
S1 Serial; system32\DRIVERS\serial.sys [X]
S3 sermouse; \SystemRoot\system32\DRIVERS\sermouse.sys [X]
S3 sffdisk; \SystemRoot\system32\drivers\sffdisk.sys [X]
S3 sffp_mmc; \SystemRoot\system32\drivers\sffp_mmc.sys [X]
S3 sffp_sd; \SystemRoot\system32\drivers\sffp_sd.sys [X]
S3 sfloppy; \SystemRoot\system32\DRIVERS\sfloppy.sys [X]
S3 SiSRaid2; \SystemRoot\system32\DRIVERS\SiSRaid2.sys [X]
S3 SiSRaid4; \SystemRoot\system32\DRIVERS\sisraid4.sys [X]
S3 stexstor; \SystemRoot\system32\DRIVERS\stexstor.sys [X]
S3 swenum; \SystemRoot\system32\drivers\swenum.sys [X]
S1 TermDD; \SystemRoot\system32\drivers\termdd.sys [X]
S2 TurboB; system32\DRIVERS\TurboB.sys [X]
S3 uagp35; \SystemRoot\system32\DRIVERS\uagp35.sys [X]
S3 uliagpkx; \SystemRoot\system32\drivers\uliagpkx.sys [X]
S3 umbus; \SystemRoot\system32\drivers\umbus.sys [X]
S3 UmPass; system32\DRIVERS\umpass.sys [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
S3 usbaudio; \SystemRoot\system32\drivers\usbaudio.sys [X]
S3 usbccgp; system32\DRIVERS\usbccgp.sys [X]
S3 usbcir; \SystemRoot\system32\drivers\usbcir.sys [X]
S3 usbehci; \SystemRoot\system32\drivers\usbehci.sys [X]
S3 usbhub; system32\DRIVERS\usbhub.sys [X]
S3 usbohci; \SystemRoot\system32\drivers\usbohci.sys [X]
S3 usbprint; \SystemRoot\system32\DRIVERS\usbprint.sys [X]
S3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [X]
S3 usbuhci; \SystemRoot\system32\drivers\usbuhci.sys [X]
S3 VBoxNetAdp; system32\DRIVERS\VBoxNetAdp.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VClone; system32\DRIVERS\VClone.sys [X]
S0 vdrvroot; system32\drivers\vdrvroot.sys [X]
S3 vga; system32\DRIVERS\vgapnp.sys [X]
S3 vhdmp; \SystemRoot\system32\drivers\vhdmp.sys [X]
S3 viaide; \SystemRoot\system32\drivers\viaide.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S0 volmgr; system32\drivers\volmgr.sys [X]
S0 volsnap; system32\drivers\volsnap.sys [X]
S3 vsmraid; \SystemRoot\system32\DRIVERS\vsmraid.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 WacomPen; \SystemRoot\system32\DRIVERS\wacompen.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
S3 Wd; \SystemRoot\system32\DRIVERS\wd.sys [X]
S3 WinUsb; system32\DRIVERS\WinUsb.sys [X]
S3 WmiAcpi; \SystemRoot\system32\drivers\wmiacpi.sys [X]
S3 X6va005; \??\C:\Users\Rick\AppData\Local\Temp\005743F.tmp [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 xusb21; system32\DRIVERS\xusb21.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-08 20:18 - 2015-10-08 20:18 - 00000000 ____D C:\FRST
2015-10-04 14:56 - 2015-10-04 14:56 - 00000000 ____D C:\Windows\System32\ias
2015-10-04 11:49 - 2015-10-04 11:49 - 00000000 ____D C:\Windows\System32\NgBase
2015-10-04 10:43 - 2015-10-04 10:43 - 01247112 _____ (Mojang) C:\Users\Hollie\Desktop\Minecraft.exe
2015-10-04 10:43 - 2015-10-04 10:43 - 00000000 ____D C:\Users\Hollie\Desktop\tools
2015-10-04 10:35 - 2015-10-04 10:35 - 00000000 ____D C:\Users\Hollie\AppData\Local\Adobe
2015-10-04 10:23 - 2015-10-04 10:23 - 00000000 ____D C:\Users\Hollie\AppData\Roaming\SUPERAntiSpyware.com
2015-10-04 10:15 - 2015-10-04 10:15 - 00000000 ____D C:\Users\Hollie\AppData\Local\VirtualStore
2015-09-17 02:05 - 2015-09-17 02:05 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-09-17 02:05 - 2015-09-17 02:05 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-09-17 02:04 - 2015-09-17 02:04 - 00000000 ____D C:\Users\Rick\AppData\Local\Avg
2015-09-17 02:04 - 2015-09-17 02:04 - 00000000 ____D C:\Users\Hollie\AppData\Local\Avg
2015-09-17 02:03 - 2015-09-17 02:03 - 00000000 ____D C:\Users\Rick\AppData\Local\Wacom
2015-09-17 02:03 - 2015-09-17 02:03 - 00000000 ____D C:\Users\Rick\.android
2015-09-13 16:32 - 2015-09-13 16:32 - 00000000 ____D C:\SUPERDelete
2015-09-13 16:24 - 2015-09-13 16:24 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-09-13 16:24 - 2015-09-13 16:24 - 00000000 ____D C:\Users\Rick\AppData\Roaming\SUPERAntiSpyware.com
2015-09-13 16:24 - 2015-09-13 16:24 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-09-13 16:24 - 2015-09-13 16:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-13 16:22 - 2015-09-13 16:23 - 23312376 _____ (SUPERAntiSpyware) C:\Users\Rick\Downloads\SUPERAntiSpyware.exe
2015-09-13 15:50 - 2015-09-13 15:50 - 00000000 ____D C:\Users\Rick\AppData\Local\openvr
2015-09-13 15:46 - 2015-09-13 15:46 - 00000000 ____D C:\Users\Rick\AppData\Local\CEF
2015-09-13 15:45 - 2015-09-13 15:45 - 00000000 ____D C:\Users\Rick\AppData\Roaming\AVAST Software
2015-09-13 11:20 - 2015-09-13 11:20 - 00000000 ____D C:\Users\Hollie\AppData\Roaming\AVAST Software
2015-09-13 11:06 - 2015-09-13 11:17 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-09-13 11:03 - 2015-09-13 11:03 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-09-13 10:57 - 2015-09-13 10:57 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-13 10:56 - 2015-09-13 10:56 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-13 10:54 - 2015-09-13 10:54 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-13 10:53 - 2015-09-13 10:53 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Hollie\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-09-13 09:58 - 2015-09-13 09:58 - 00000864 _____ C:\Users\Hollie\Downloads\Downloads - Shortcut.lnk
2015-09-12 20:27 - 2015-09-12 20:27 - 00000000 ____D C:\Users\Hollie\AppData\Roaming\Sun
2015-09-12 20:27 - 2015-09-12 20:27 - 00000000 ____D C:\Users\Hollie\.oracle_jre_usage
2015-09-12 20:25 - 2015-09-12 20:25 - 00000000 ____D C:\Users\Hollie\AppData\LocalLow\Oracle

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-04 11:50 - 2010-02-25 22:30 - 01739667 _____ C:\Windows\WindowsUpdate.log
2015-10-04 11:49 - 2015-06-28 17:33 - 00000000 ____D C:\Users\Hollie\AppData\Local\TSVNCache
2015-10-04 11:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\winevt
2015-10-04 11:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2015-10-04 11:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spool
2015-10-04 11:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\SMI
2015-10-04 11:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup
2015-10-04 11:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\MUI
2015-10-04 11:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Msdtc
2015-10-04 11:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\com
2015-10-04 11:46 - 2012-04-20 21:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-04 11:35 - 2009-08-07 10:33 - 00000000 ____D C:\Windows\Panther
2015-10-04 11:05 - 2015-08-02 16:03 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-04 10:43 - 2015-07-09 12:30 - 00000000 ____D C:\Users\Hollie\Desktop\game
2015-10-04 10:36 - 2015-06-28 17:32 - 00000000 ____D C:\Users\Hollie\AppData\Roaming\Adobe
2015-10-04 10:33 - 2012-04-20 21:09 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-04 10:33 - 2011-07-03 12:17 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-04 10:25 - 2015-08-02 16:09 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-04 10:23 - 2010-04-16 04:46 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-04 10:22 - 2015-08-02 16:03 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-04 10:18 - 2015-08-02 14:47 - 00000000 ____D C:\ProgramData\MFAData
2015-10-04 10:13 - 2014-06-14 22:00 - 00022670 _____ C:\Windows\setupact.log
2015-10-04 10:13 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-04 10:12 - 2012-12-27 15:14 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-17 02:05 - 2015-08-02 14:52 - 00000925 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-09-17 02:03 - 2010-06-27 18:34 - 00000000 ____D C:\Users\Rick\AppData\Roaming\WTablet
2015-09-17 02:03 - 2010-04-16 03:56 - 00000000 ____D C:\users\Rick
2015-09-17 01:57 - 2015-07-20 15:45 - 00000354 _____ C:\Windows\Tasks\TicketScout.job
2015-09-17 01:57 - 2015-07-14 09:45 - 00000340 _____ C:\Windows\Tasks\K9Help.job
2015-09-13 18:15 - 2012-02-23 15:41 - 00000000 ____D C:\Users\Rick\AppData\Local\TSVNCache
2015-09-13 18:13 - 2014-06-23 21:52 - 00364750 _____ C:\Windows\PFRO.log
2015-09-13 17:45 - 2012-02-21 21:34 - 00000000 ____D C:\Users\Rick\AppData\Local\Deployment
2015-09-13 17:42 - 2012-02-21 21:34 - 00000000 ____D C:\ProgramData\Best Buy pc app
2015-09-13 17:01 - 2012-07-12 17:03 - 00000000 ____D C:\Users\Rick\AppData\Local\eSupport.com
2015-09-13 16:34 - 2012-02-21 21:34 - 00000000 __HDC C:\ProgramData\{D4CB8369-0FB3-4FA6-ABE8-791DF7C67A71}
2015-09-13 16:34 - 2011-02-02 14:11 - 00000000 ____D C:\Users\Rick\AppData\LocalLow\Sony Online Entertainment
2015-09-13 16:02 - 2015-06-29 15:10 - 00018815 _____ C:\Windows\DirectX.log
2015-09-13 15:50 - 2010-08-30 10:57 - 00000000 ____D C:\Users\Rick\Documents\My Games
2015-09-13 15:45 - 2013-06-02 10:11 - 00000004 _____ C:\Windows\SysWOW64\GVTunner.ref
2015-09-13 15:45 - 2012-07-12 15:09 - 00030528 _____ C:\Windows\GVTDrv64.sys
2015-09-13 15:45 - 2012-07-12 15:07 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-09-13 15:29 - 2010-04-18 04:07 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-13 15:28 - 2014-11-21 08:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-13 12:14 - 2015-08-02 15:22 - 00002789 _____ C:\Windows\SysWOW64\debug.log
2015-09-13 10:45 - 2012-02-18 14:38 - 00046592 ___SH C:\Users\Rick\Thumbs.db
2015-09-12 20:28 - 2013-10-25 18:40 - 00000000 ____D C:\ProgramData\Oracle
2015-09-12 20:27 - 2015-06-28 17:32 - 00000000 ____D C:\users\Hollie
2015-09-12 15:06 - 2015-06-28 17:42 - 00000000 ____D C:\Users\Hollie\AppData\Local\Google

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Hollie\AMIDST-3.7.exe
C:\Users\Hollie\avg_free_stb_all_6086p1_177.exe
C:\Users\Hollie\contribManager.exe
C:\Users\Hollie\overviewer.exe
C:\Users\Hollie\RPGXP_E.exe
C:\Users\Hollie\SteamSetup.exe


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION
C:\Windows\System32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION

==================== Restore Points =========================

Restore point date: 2015-09-13 15:23:09
Restore point date: 2015-09-13 15:27:58
Restore point date: 2015-09-13 15:35:25
Restore point date: 2015-09-13 15:56:19
Restore point date: 2015-10-04 11:35:18
Restore point date: 2015-10-04 11:36:17
Restore point date: 2015-10-04 11:45:38

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8187.49 MB
Available physical RAM: 7330.61 MB
Total Virtual: 8185.64 MB
Available Virtual: 7321.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:118.28 GB) NTFS
Drive e: () (Removable) (Total:1.91 GB) (Free:0.01 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D916D74A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 73696D20)
No partition Table on disk 1.


LastRegBack: 2015-09-10 21:14

==================== End of FRST.txt ============================

i just found the edit button on posts: i wanted to also add that this began occuring in july or so as that is around the time when i first was given the computer (the computer is a couple years old. Likely anythung under the name rick is my brother's. and began experiencing problems. july 1st or so was probably the last estimate i have of when the computer was definitely clean. also that best buy pc app is really stubborn and will not remove, but i cannot find whether it is harmless or not.) . I simply lead a busy life so I cannot get to fixing the computer or being on it as often as i would like to, so i think some of the problems would go past the 30 day period that the logs appear to check. at first this began as simple adware popups, which eventually seemed to disappear until i came back after august and they had returned and only became more and more stubborn and that is where the problem began escalating quickly. if there is any information you need about what i have been experiencing i will be glad to give it. again, thank you for your help and patience

Edited by princess153, 08 October 2015 - 11:19 PM.


#6 princess153

princess153
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:54 AM

Posted 09 October 2015 - 10:19 AM

Sorry for another comment, but I would like to add that everytime I tried system restore before coming here when I couldn't boot, Windows would tell me I have no system restore points, even though I knew I had some (they were still infected points but it was when I could boot into Windows normally but with no access to the internet normally- those are the september restore points). It would then create one if I didn't have one (which it said i didn't), so I would reboot and yet again it would tell me there are none.
Sorry for another comment, but I would like to add that everytime I tried system restore before coming here when I couldn't boot, Windows would tell me I have no system restore points, even though I knew I had some (they were still infected points but it was when I could boot into Windows normally but with no access to the internet normally- those are the september restore points). It would then create one if I didn't have one (which it said i didn't), so I would reboot and yet again it would tell me there are none.

#7 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:10:54 AM

Posted 10 October 2015 - 05:30 AM

Hello Hollie,

Please try this.

Please read the steps carefully before attempting

Since this procedure takes place outside of Windows, it is best that you print out the instructions or have it open on another media while following the steps.

Fix with Farbar Recovery Scan Tool in Recovery Environment
  • On a clean machine, please download the attached fixlist.txt and save it to your flash drive.
  • Plug the flash drive into the infected PC.
To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html




To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========

Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer", find the letters of your flash drive and your Windows partition (where Windows is installed). Please note this down for future use.
  • Navigate to the fixlist in your flash drive, and double click to open it.
  • You will see this line: cmd: sfc /scannow /offbootdir=c:\ /offwindir=c:\windows. Please replace c: with the letter of your Windows partition, then save the fixlist and close Notepad when done.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • Press Fix just once and wait.
  • A log named Fixlog.txt will be created in the flash drive. Please post that into your next reply - if it is too large, you can upload it to a hosting service such as Google Drive or Dropbox and share the link here.
Regards,
Alex

Edited by Alexstrasza, 10 October 2015 - 05:30 AM.


#8 princess153

princess153
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:54 AM

Posted 11 October 2015 - 10:42 AM

About to post the fixlog. One question, was I also supposed to change the "c:" in the second line to my windows partition drive? That was not in your instructions, just thr first line was, so I assumed not. The log is full of things that failed to do whatever, and I noticed after I ran the fix, my "local disk" (the one with windows installed) changed letters and different drives showed up than last time. My local disk is now the C: drive. Was that intentional?

Edited by princess153, 11 October 2015 - 10:43 AM.


#9 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:10:54 AM

Posted 11 October 2015 - 10:46 AM

Hi there,

Are you able to boot into Windows after finishing running the fix?

#10 princess153

princess153
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:54 AM

Posted 11 October 2015 - 11:18 AM

Hi Alex. No, I cannot start into Windows yet. Should I rerun the tool with the fixlist changed to what my current drive letters are? Last time my c: drive was some System backup or storage or something (and if I clicked on it it said it was empty but it's probably because I was still trying to look for .txt files)

#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:10:54 AM

Posted 11 October 2015 - 11:21 AM

Hi there,

Please post the fixlog instead, it will help me in knowing what has been done before we proceed.

#12 princess153

princess153
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:54 AM

Posted 11 October 2015 - 11:34 AM

Hello Alex,

 

I'm still on that. This old XP computer is pretty slow and I had to update the browser to access Google Drive (this machine is rarely used). I'm still trying to figure out how I can get the text pasted without a program to stop responding. Thank you for your patience.

 

Actually, I just uploaded the .txt file to Google. Here's the link: https://drive.google.com/file/d/0B8vk7rR7izeQWEJwczQycE1PMnM/view?usp=sharing



#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:10:54 AM

Posted 11 October 2015 - 12:49 PM

Hello Hollie,

Please follow the instructions below to search for a file.

Search with Farbar Recovery Scan Tool in Recovery Environment
  • Plug the flash drive containing Farbar Recovery Scan Tool into the infected PC.
  • Enter the Recovery Environment via System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========


Once in the Command Prompt:
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • FRST will launch. In the Search box, type in the contents of the box below:
    sfc.exe
    
  • Press Search File button.
  • It will make a log (Search.txt) on the flash drive. Please copy and paste it to your reply.
Regards,
Alex

#14 princess153

princess153
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:54 AM

Posted 11 October 2015 - 01:11 PM

My drive letters are now back to the same letters they were before they switched, I hope that's normal/intentional.

 

Farbar Recovery Scan Tool (x64) Version:08-10-2015
Ran by SYSTEM (2015-10-11 12:53:07)
Running from e:\
Boot Mode: Recovery

================== Search Files: "sfc.exe" =============

C:\Windows\winsxs\x86_microsoft-windows-wrp-integrity-client_31bf3856ad364e35_6.1.7600.16385_none_2b1523604c99c736\sfc.exe
[2009-07-13 15:15][2009-07-13 17:14] 0035328 ____A (Microsoft Corporation) CDFB49D4628F3822B2335C7A35BF69CD

C:\Windows\winsxs\amd64_microsoft-windows-wrp-integrity-client_31bf3856ad364e35_6.1.7600.16385_none_8733bee404f7386c\sfc.exe
[2009-07-13 15:26][2009-07-13 17:39] 0039424 ____A (Microsoft Corporation) D0A69BB24BC6B50A7ADBE2F11408E3F0

C:\Windows\SysWOW64\sfc.exe
[2009-07-13 15:15][2009-07-13 17:14] 0035328 ____A (Microsoft Corporation) CDFB49D4628F3822B2335C7A35BF69CD

C:\Windows\System32\sfc.exe
[2009-07-13 15:26][2009-07-13 17:39] 0039424 ____A (Microsoft Corporation) D0A69BB24BC6B50A7ADBE2F11408E3F0

X:\Windows\winsxs\amd64_microsoft-windows-wrp-integrity-client_31bf3856ad364e35_6.1.7600.16385_none_8733bee404f7386c\sfc.exe
[2009-07-13 15:26][2009-07-13 17:39] 0039424 ____A (Microsoft Corporation) D0A69BB24BC6B50A7ADBE2F11408E3F0

X:\Windows\System32\sfc.exe
[2009-07-13 15:26][2009-07-13 17:39] 0039424 ____A (Microsoft Corporation) D0A69BB24BC6B50A7ADBE2F11408E3F0

====== End of Search ======



#15 princess153

princess153
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:54 AM

Posted 11 October 2015 - 01:43 PM

I have attempted to run sfc /scannow before my initial post, and it gave me the message that Windows had a pending repair and I had to reboot. When I did reboot, System Repair would start, fail to fix automatically, I'd go to command prompt again, try sfc /scannow again and it would give me the same message. Just a piece of info that seems related. I appreciate your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users