Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 CPU on automatic repair loop


  • This topic is locked This topic is locked
48 replies to this topic

#1 RashaadT83

RashaadT83

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 05 January 2018 - 02:30 PM

Good Afternoon and Happy New Year, hoping this is the right board lol, the issue I'm having is concerning my sister's Windows 10 cpu. It will not load Windows, but instead keep coming to the screen indicating preparing automatic repair where I then go to the repair/boot options screen. No matter what I do, I will continue to come back to this module. I've tried to restart in safe mode(fail), system restore and to even reset the cpu to no success. In thinking that it may be a virus, I tried boot recovery rescue programs from Norton and Bitdefender. Both scans yielded items that were low risk which were cleared. So with that not working, I am now here. Per your prep instructions here are logs from FRST....

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by SYSTEM on MININT-TF49PLP (05-01-2018 15:16:57)
Running from l:\
Platform: Windows 10 Home Version 1607 14393.1715 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-09-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [1193728 2017-02-15] (PDF Complete Inc)
HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\rstrui.exe [268288 2016-07-16] (Microsoft Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <==== ATTENTION
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\DefaultAppPool\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\Everyone Else\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [9649064 2015-12-28] (SlySoft, Inc.)
HKU\Everyone Else\...\Run: [Spotify] => C:\Users\Everyone Else\AppData\Roaming\Spotify\Spotify.exe [20644976 2017-09-25] (Spotify Ltd)
HKU\Everyone Else\...\Run: [Spotify Web Helper] => C:\Users\Everyone Else\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-25] (Spotify Ltd)
HKU\Shayla Barts\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-12-28] (SlySoft, Inc.)
HKU\Shayla Barts\...\Run: [CAHeadless] => c:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-14] (Adobe Systems Incorporated)
HKU\Shayla Barts\...\Run: [Spotify Web Helper] => C:\Users\Shayla Barts\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-06-27] (Spotify Ltd)
HKU\Shayla Barts\...\Run: [Spotify] => C:\Users\Shayla Barts\AppData\Roaming\Spotify\Spotify.exe [7047792 2017-06-27] (Spotify Ltd)
HKU\Shayla Barts\...\RunOnce: [Uninstall C:\Users\Shayla Barts\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shayla Barts\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\Shayla Barts\...\RunOnce: [Uninstall C:\Users\Shayla Barts\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shayla Barts\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\Shayla Barts\...\RunOnce: [Uninstall C:\Users\Shayla Barts\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shayla Barts\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1"
HKU\Shayla Barts\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\WLXPGSS.scr [302448 2011-05-13] (Microsoft Corporation)
Startup: C:\Users\Shayla Barts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk [2017-08-01]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Shayla Barts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-08-23]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeActiveFileMonitor10.0; c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-05-31] (HP Inc.)
S2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
S2 N360; C:\Program Files (x86)\Norton 360\Engine\22.10.1.10\N360.exe [326144 2017-08-24] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1719552 2017-02-15] (PDF Complete Inc)
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-07] (Microsoft Corporation)
S2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
S3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20170920.001\BHDrvx64.sys [1872032 2017-09-07] (Symantec Corporation)
S1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\160A010.00A\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-06-29] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-06-29] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20170925.001\IDSvia64.sys [1056920 2017-07-31] (Symantec Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
S3 S3XXx64; C:\Windows\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\160A010.00A\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\160A010.00A\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation)
S0 SymEFASI; C:\Windows\System32\drivers\N360x64\160A010.00A\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\160A010.00A\SymELAM.sys [24608 2017-05-11] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-07-20] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\160A010.00A\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\160A010.00A\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S1 ZAM; C:\windows\System32\drivers\zam64.sys [203680 2016-09-05] (Zemana Ltd.)
S1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [203680 2016-09-05] (Zemana Ltd.)
S3 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-05 15:16 - 2018-01-05 15:16 - 000000000 ____D C:\FRST
2018-01-03 00:26 - 2018-01-03 00:26 - 000000000 ____D C:\$WINDOWS.~BT
2018-01-03 00:23 - 2018-01-03 00:26 - 000000000 ___HD C:\$SysReset
2017-12-31 11:27 - 2018-01-04 18:48 - 000000000 ____D C:\RescueCD Logs
2017-12-31 09:48 - 2017-12-31 11:06 - 000000000 ____D C:\Symantec_NBRT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2017-07-12 07:24] - [2017-06-20 22:39] - 000673792 _____ (Microsoft Corporation) CB440E1C4EC9C369EC9DD07B48A83F36

C:\Windows\System32\wininit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 000304240 _____ (Microsoft Corporation) 99A19C9A74E2F9820E501DCE77F84F70

C:\Windows\explorer.exe
[2017-08-08 20:26] - [2017-07-11 21:55] - 004674872 _____ (Microsoft Corporation) 577119EC77525D3F80FFB03BFACC17D4

C:\Windows\SysWOW64\explorer.exe
[2017-08-08 20:28] - [2017-07-11 21:52] - 004312760 _____ (Microsoft Corporation) 54210509B3129D716D6C9C5775710598

C:\Windows\System32\svchost.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 000044496 _____ (Microsoft Corporation) 36F670D89040709013F6A460176767EC

C:\Windows\SysWOW64\svchost.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 000038792 _____ (Microsoft Corporation) 1F8434DD4907C832E6E90D6298EAB85B

C:\Windows\System32\services.exe
[2017-09-13 07:40] - [2017-08-07 21:45] - 000453544 _____ (Microsoft Corporation) 29C7C9F0FE9F048FB47DEE5F66134940

C:\Windows\System32\User32.dll
[2016-12-13 18:25] - [2016-12-09 02:10] - 001461200 _____ (Microsoft Corporation) C46EA86BF0E7C96235E9064CBAD6ED26

C:\Windows\SysWOW64\User32.dll
[2016-12-13 18:25] - [2016-12-09 01:52] - 001435896 _____ (Microsoft Corporation) 4BEC594A3D4AEAFAC400D88F7E328C7B

C:\Windows\System32\userinit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 000033280 _____ (Microsoft Corporation) C1B1FFC800BE2F31EB2CF8CB40629C69

C:\Windows\SysWOW64\userinit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 000027648 _____ (Microsoft Corporation) FA900E6CCCF0A429D5B720C6F0E2274B

C:\Windows\System32\rpcss.dll
[2017-05-16 14:21] - [2017-04-27 15:41] - 000890368 _____ (Microsoft Corporation) 4A7015195E49A3BA7DB967B277B21E9D

C:\Windows\System32\dnsapi.dll
[2017-08-08 20:26] - [2017-07-11 22:16] - 000646688 _____ (Microsoft Corporation) F35F81AC01BDD32A52563B4D39A5AE74

C:\Windows\SysWOW64\dnsapi.dll
[2017-08-08 20:28] - [2017-07-11 22:15] - 000496872 _____ (Microsoft Corporation) A62B6FEB177763BD7C312277C34C1027

C:\Windows\System32\Drivers\volsnap.sys
[2016-07-16 03:42] - [2016-07-16 03:42] - 000391520 _____ (Microsoft Corporation) BF2546583BB75F01DDA60A7921DFB230


==================== Association (Whitelisted) =============


==================== Restore Points  =========================

Restore point date: 2017-09-13 07:45
Restore point date: 2017-09-21 14:07
Restore point date: 2017-09-21 14:08
Restore point date: 2017-09-24 18:45
Restore point date: 2017-09-25 15:23
Restore point date: 2017-09-25 15:26
Restore point date: 2018-01-03 00:51

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 10197.41 MB
Available physical RAM: 9226 MB
Total Virtual: 10197.41 MB
Available Virtual: 9303.7 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:910.92 GB) (Free:594.93 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:19.93 GB) (Free:2.49 GB) NTFS
Drive j: (Bitdefender) (CDROM) (Total:0.65 GB) (Free:0 GB) CDFS
Drive k: () (Fixed) (Total:0.44 GB) (Free:0.11 GB) NTFS
Drive l: (USB-STICK) (Removable) (Total:1.85 GB) (Free:1.84 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 97E307EF)

Partition: GPT.

========================================================
Disk: 5 (Size: 1.9 GB) (Disk ID: 933A950F)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=0E)

LastRegBack: 2017-09-25 13:06

==================== End of FRST.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:39 PM

Posted 05 January 2018 - 03:01 PM

Greetings RashaadT83 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.
 

Both scans yielded items that were low risk which were cleared.

It would be helpful to know what these were. Do you have that information?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 RashaadT83

RashaadT83
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 05 January 2018 - 03:33 PM

Hi Gary, my name is Rashaad. Yes, first names are cool. As for the items that were scanned, unfortunately I do not have the list of those items. At the time I did the scan, I wasn't thinking about you guys and didn't keep that info. Sorry about that.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:39 PM

Posted 05 January 2018 - 05:02 PM

Greetings Rashaad, nice to work with you.

No problem on the detections.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • Using your USB containing FRST press the Windows Key + R on your keyboard at the same time. Type notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the USB device as fixlist.txt
cmd: bcdedit /set {current} disableelamdrivers yes
cmd: gpresult
ExportKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
ExportKey: HKLM\SOFTWARE\Policies
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options as you previously did then select Command Prompt.
  • Launch FRST again and press the Fix button
  • The tool will create a Fixlog.txt document on your USB device. Copy and paste that information in your reply.
  • Attempt to boot your computer in Normal or Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Can you boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 RashaadT83

RashaadT83
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 05 January 2018 - 06:13 PM

Here are the contents of the fixlog, also the cpu didn't boot in regular or safe mode.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by SYSTEM (05-01-2018 19:03:24) Run:1
Running from l:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
cmd: bcdedit /set {current} disableelamdrivers yes
cmd: gpresult
ExportKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
ExportKey: HKLM\SOFTWARE\Policies
*****************


========= bcdedit /set {current} disableelamdrivers yes =========

The operation completed successfully.

========= End of CMD: =========


========= gpresult =========

'gpresult' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

================== ExportKey: ===================

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"="1"
"NoComponents"="1"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"ScanWithAntiVirus"="3"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\BuildAndTel]
"EnableBuildPreview"="0"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection]
"AllowTelemetry"="3"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection\Users]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"="0"
"NoActiveDesktop"="1"
"NoActiveDesktopChanges"="1"
"NoRecentDocsHistory"="0"
"NoDrives"="0"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext]
"ListBox_Support_CLSID"="1"
"IgnoreFrameApprovalCheck"="1"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]
"{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}"="1"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum]
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="32"
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"="1073741857"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="1"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings]
".Default"="1"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"="5"
"ConsentPromptBehaviorUser"="3"
"DSCAutomationHostEnabled"="2"
"EnableCursorSuppression"="1"
"EnableInstallerDetection"="1"
"EnableLUA"="1"
"EnableSecureUIAPaths"="1"
"EnableUIADesktopToggle"="0"
"EnableVirtualization"="1"
"PromptOnSecureDesktop"="1"
"ValidateAdminCodeSignatures"="0"
"undockwithoutlogon"="1"
"dontdisplaylastusername"="0"
"legalnoticecaption"=""
"legalnoticetext"="*"
"scforceoption"="0"
"shutdownwithoutlogon"="1"
"DisableRegistryTools"="0"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_BITMAP"="2"
"CF_DIB"="8"
"CF_DIBV5"="17"
"CF_OEMTEXT"="7"
"CF_PALETTE"="9"
"CF_TEXT"="1"
"CF_UNICODETEXT"="13"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]

=== End of ExportKey ===
================== ExportKey: ===================

[HKLM\SOFTWARE\Policies]
[HKLM\Software\Policies\Adobe]
[HKLM\Software\Policies\Adobe\Acrobat Reader]
[HKLM\Software\Policies\Adobe\Acrobat Reader\DC]
[HKLM\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown]
[HKLM\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cDefaultExecMenuItems]
"tWhiteList"="Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreenMode|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForwardDoc|DocHelpUserGuide|HelpReader|rolReadPage|HandMenuItem|ZoomDragMenuItem|CollectionPreview|CollectionHome|CollectionDetails|CollectionShowRoot|&Pages|Co&ntent|&Forms|Action &Wizard|Recognize &Text|P&rotection|&Sign && Certify|Doc&ument Processing|Print Pro&duction|Ja&vaScript|&Accessibility|Analy&ze|&Annotations|D&rawing Markups|Revie&w"
[HKLM\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cDefaultFindAttachmentPerms]
"tSearchAttachmentsWhiteList"="3g2|3gp|3gpp|3gpp2|aac|ac3|aif|aiff|ani|asf|avi|bmp|cdr|cur|divx|djvu|doc|docx|dv|emf|eps|flv|f4v|gif|ico|iff|jbig2|jp2|jpeg|jpg|m2v|m4a|m4b|m4p|m4v|mid|mkv|mov|mpa|mp2|mp3|mp4|mts|nsv|ogg|ogm|ogv|pbm|pgm|png|ppm|ppt|pptx|ps|psd|qt|rtf|riff|svg|tif|ts|txt|ram|rm|rmvb|vob|wav|wma|wmf|wmv|xmb|xls|xlsx"
[HKLM\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cDefaultLaunchAttachmentPerms]
"tBuiltInPermList"="version:1|.ade:3|.adp:3|.app:3|.arc:3|.arj:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.cab:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.dll:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mdb:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.taz:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.z:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2|.jar:3|.pkg:3|.tool:3|.term:3|.acm:3|.asa:3|.aspx:3|.ax:3|.ad:3|.application:3|.asx:3|.cer:3|.cfg:3|.chi:3|.class:3|.clb:3|.cnt:3|.cnv:3|.cpx:3|.crx:3|.der:3|.drv:3|.fon:3|.gadget:3|.grp:3|.htt:3|.ime:3|.jnlp:3|.local:3|.manifest:3|.mmc:3|.mof:3|.msh:3|.msh1:3|.msh2:3|.mshxml:3|.msh1xml:3|.msh2xml:3|.mui:3|.nls:3|.pl:3|.perl:3|.plg:3|.ps1:3|.ps2:3|.ps1xml:3|.ps2xml:3|.psc1:3|.psc2:3|.py:3|.pyc:3|.pyo:3|.pyd:3|.rb:3|.sys:3|.tlb:3|.tsp:3|.xbap:3|.xnk:3|.xpi:3|.air:3|.appref-ms:3|.desklink:3|.glk:3|.library-ms:3|.mapimail:3|.mydocs:3|.sct:3|.search-ms:3|.searchConnector-ms:3|.vxd:3|.website:3|.zfsendtotarget:3"
[HKLM\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cDefaultLaunchURLPerms]
"tSchemePerms"="version:2|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1|rlogin:3|javascript:4|data:3|jar:3|vbscript:3"
"tSponsoredContentSchemeWhiteList"="http|https"
"tFlashContentSchemeWhiteList"="http|https|ftp|rtmp|rtmpe|rtmpt|rtmpte|rtmps|mailto"
[HKLM\Software\Policies\Hewlett-Packard]
[HKLM\Software\Policies\Hewlett-Packard\CASL 4.5 Plugins]
[HKLM\Software\Policies\Hewlett-Packard\CASL 4.5 Plugins\{4788DB03-CFA1-4eb2-9C53-81361E6BDBD3}]
"SupportedEvents"="LidSwitch.Changed,DockState.Changed"
[HKLM\Software\Policies\Hewlett-Packard\HP Common Access Service Library Plugins]
[HKLM\Software\Policies\Hewlett-Packard\HP Common Access Service Library Plugins\{4788DB03-CFA1-4eb2-9C53-81361E6BDBD3}]
"SupportedEvents"="LidSwitch.Changed,DockState.Changed"
[HKLM\Software\Policies\Hewlett-Packard\HP Software Framework]
[HKLM\Software\Policies\Hewlett-Packard\HP Software Framework\{41290DB4-0C21-46ad-9A12-C40FD90E1B0B}]
"NetworkDeviceCount"="3"
"Wireless.GlobalChanged.2.0"=""
[HKLM\Software\Policies\Hewlett-Packard\hpDrvMntSvc]
"HpToolsVolumeName"="*********************************************************************************************************************************"
[HKLM\Software\Policies\Microsoft]
[HKLM\Software\Policies\Microsoft\Cryptography]
[HKLM\Software\Policies\Microsoft\Cryptography\Configuration]
[HKLM\Software\Policies\Microsoft\Cryptography\Configuration\SSL]
[HKLM\Software\Policies\Microsoft\Cryptography\Configuration\SSL\00010002]
[HKLM\Software\Policies\Microsoft\Hardware]
[HKLM\Software\Policies\Microsoft\Hardware\Device Center]
[HKLM\Software\Policies\Microsoft\Internet Explorer]
[HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions]
[HKLM\Software\Policies\Microsoft\MRT]
[HKLM\Software\Policies\Microsoft\Peernet]
"Disabled"="0"
[HKLM\Software\Policies\Microsoft\SQMClient]
[HKLM\Software\Policies\Microsoft\SQMClient\Windows]
[HKLM\Software\Policies\Microsoft\SystemCertificates]
[HKLM\Software\Policies\Microsoft\SystemCertificates\CA]
[HKLM\Software\Policies\Microsoft\SystemCertificates\CA\Certificates]
[HKLM\Software\Policies\Microsoft\SystemCertificates\CA\CRLs]
[HKLM\Software\Policies\Microsoft\SystemCertificates\CA\CTLs]
[HKLM\Software\Policies\Microsoft\SystemCertificates\Disallowed]
[HKLM\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]
[HKLM\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs]
[HKLM\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs]
[HKLM\Software\Policies\Microsoft\SystemCertificates\Root]
[HKLM\Software\Policies\Microsoft\SystemCertificates\Root\Certificates]
[HKLM\Software\Policies\Microsoft\SystemCertificates\Root\CRLs]
[HKLM\Software\Policies\Microsoft\SystemCertificates\Root\CTLs]
[HKLM\Software\Policies\Microsoft\SystemCertificates\trust]
[HKLM\Software\Policies\Microsoft\SystemCertificates\trust\Certificates]
[HKLM\Software\Policies\Microsoft\SystemCertificates\trust\CRLs]
[HKLM\Software\Policies\Microsoft\SystemCertificates\trust\CTLs]
[HKLM\Software\Policies\Microsoft\SystemCertificates\TrustedPeople]
[HKLM\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates]
[HKLM\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs]
[HKLM\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs]
[HKLM\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher]
[HKLM\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates]
[HKLM\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs]
[HKLM\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs]
[HKLM\Software\Policies\Microsoft\TPM]
"OSManagedAuthLevel"="2"
[HKLM\Software\Policies\Microsoft\Windows]
[HKLM\Software\Policies\Microsoft\Windows\Appx]
"AllowAllTrustedApps"="65535"
"AllowDevelopmentWithoutDevLicense"="65535"
"RestrictAppDataToSystemVolume"="0"
"RestrictAppToSystemVolume"="0"
[HKLM\Software\Policies\Microsoft\Windows\BITS]
[HKLM\Software\Policies\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\AppModel]
[HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\AppModel\StateManager]
"AllowSharedUserAppData"="0"
[HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Identities]
""=""
"Locked Down"="0"
[HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
[HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
[HKLM\Software\Policies\Microsoft\Windows\DataCollection]
[HKLM\Software\Policies\Microsoft\Windows\DeliveryOptimization]
[HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices]
"TCGSecurityActivationDisabled"="0"
[HKLM\Software\Policies\Microsoft\Windows\Installer]
[HKLM\Software\Policies\Microsoft\Windows\IPSec]
[HKLM\Software\Policies\Microsoft\Windows\IPSec\Policy]
[HKLM\Software\Policies\Microsoft\Windows\IPSec\Policy\Local]
[HKLM\Software\Policies\Microsoft\Windows\Network Connections]
"NC_PersonalFirewallConfig"="0"
[HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator]
""=""
[HKLM\Software\Policies\Microsoft\Windows\NetworkProvider]
[HKLM\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths]
[HKLM\Software\Policies\Microsoft\Windows\safer]
[HKLM\Software\Policies\Microsoft\Windows\safer\codeidentifiers]
"authenticodeenabled"="0"
"TransparentEnabled"="1"
[HKLM\Software\Policies\Microsoft\Windows\safer\codeidentifiers\0]
[HKLM\Software\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths]
[HKLM\Software\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{C87AA453-6700-459A-811D-D55F027534D0}]
"ItemData"="C:\Documents and Settings\All Users\Application Data\Symantec"
"SaferFlags"="0"
[HKLM\Software\Policies\Microsoft\Windows\SettingSync]
"EnableBackupForWin8Apps"="1"
[HKLM\Software\Policies\Microsoft\Windows\System]
[HKLM\Software\Policies\Microsoft\Windows\WcmSvc]
[HKLM\Software\Policies\Microsoft\Windows\WcmSvc\Local]
"WCMPresent"="1"
[HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate]
[HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU]
[HKLM\Software\Policies\Microsoft\Windows\WorkplaceJoin]
""=""
[HKLM\Software\Policies\Microsoft\Windows\WSDAPI]
[HKLM\Software\Policies\Microsoft\Windows\WSDAPI\Discovery Proxies]
[HKLM\Software\Policies\Microsoft\Windows Defender]
[HKLM\Software\Policies\Microsoft\Windows Defender\Policy Manager]
[HKLM\Software\Policies\Microsoft\Windows NT]
[HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services]
[HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\Client]
"fEnableUsbBlockDeviceBySetupClass"="1"
"fEnableUsbNoAckIsochWriteToDevice"="80"
"fEnableUsbSelectDeviceByInterface"="1"
[HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbBlockDeviceBySetupClasses]
"1000"="{3376f4ce-ff8d-40a2-a80f-bb4359d1415c}"
[HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbSelectDeviceByInterfaces]
"1000"="{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
[HKLM\Software\Policies\Microsoft\Windows NT\Windows File Protection]
"KnownDllList"="nlhtml.dll"
"SFCDisable"="0"
[HKLM\Software\Policies\Microsoft\WindowsFirewall]
[HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKLM\Software\Policies\Microsoft\WindowsFirewall\StandardProfile]

=== End of ExportKey ===

==== End of Fixlog 19:03:52 ====



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:39 PM

Posted 05 January 2018 - 07:52 PM

Thank you.

Please follow Option Four and disable Automatic Restart. If you receive a Blue Screen please provide the following information highlighted in red.

bsod.jpg
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 RashaadT83

RashaadT83
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 05 January 2018 - 08:32 PM

Thanks again first for helping, I did as you asked, and it went straight to the "Preparing Automatic Repair" screen as it has been.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:39 PM

Posted 05 January 2018 - 09:08 PM

You are quite welcome.

Please attempt to run this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • Using your USB containing FRST press the Windows Key + R on your keyboard at the same time. Type notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the USB device as fixlist.txt
cmd: chkdsk c: /r /x
cmd: sfc /scannow /offbootdir=c:\ /offwindir=c:\windows
cmd: bcdedit /set {current} disableelamdrivers no
DeleteKey: HKLM\Software\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{C87AA453-6700-459A-811D-D55F027534D0}
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options as you previously did then select Command Prompt.
  • Launch FRST again and press the Fix button
  • The tool will create a Fixlog.txt document on your USB device. Copy and paste that information in your reply.
  • Attempt to boot your computer in Normal or Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 RashaadT83

RashaadT83
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 05 January 2018 - 10:05 PM

Here are the fixlog contents, still no luck with rebooting.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by SYSTEM (05-01-2018 22:31:34) Run:2
Running from l:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
cmd: chkdsk c: /r /x
cmd: sfc /scannow /offbootdir=c:\ /offwindir=c:\windows
cmd: bcdedit /set {current} disableelamdrivers no
DeleteKey: HKLM\Software\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{C87AA453-6700-459A-811D-D55F027534D0}
*****************


========= chkdsk c: /r /x =========

The type of the file system is NTFS.

========= End of CMD: =========


========= sfc /scannow /offbootdir=c:\ /offwindir=c:\windows =========



Beginning system scan.  This process will take some time.




Windows Resource Protection could not perform the requested operation.


========= End of CMD: =========


========= bcdedit /set {current} disableelamdrivers no =========

The operation completed successfully.

========= End of CMD: =========

"HKLM\Software\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{C87AA453-6700-459A-811D-D55F027534D0}" => removed successfully

==== End of Fixlog 22:40:21 ====



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:39 PM

Posted 05 January 2018 - 10:11 PM

Thank you, not uncommon to get those results.

Please boot to the Recovery Environment Command Prompt and manually try to run the below command and tell me what happens:

chkdsk c: /r /x


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 RashaadT83

RashaadT83
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 06 January 2018 - 01:28 AM

Here you go, results from chkdsk

 

X:\windows\system32>chkdsk c:/r/x
The type of the file system is NTFS.
Volume label is OS.

Stage 1: Examining basic file system structure ...
Deleting corrupt attribute record (0xA0, $I30)
from file record segment 0x6562A.
Deleted corrupt attribute list entry
with type code 128 in file 627364.
Deleting corrupt attribute record (0x80, "")
from file record segment 0xA3989.
Deleting corrupt attribute record (0x80, "")
from file record segment 0xA3D37.
Deleting corrupt attribute record (0x80, "")
from file record segment 0x992EF.
Deleting corrupt attribute record (0x80, "")
from file record segment 0x99322.
Deleting corrupt attribute record (0x80, "")
from file record segment 0xA45E2.
  733952 file records processed.
File verification completed.
  53653 large file records processed.
  0 bad file records processed.

Stage 2: Examining file name linkage ...
Removing corrupt index $I30 in file 415274.
Recreating deleted index $I30 in file 415274.
  914170 index entries processed.
Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file GTUHQ3~1.CO~ (672) into directory file 415274.
Recovering orphaned file GTUHQ3FQ.cookie (672) into directory file 415274.
Recovering orphaned file MKBGFL~1.CO~ (6078) into directory file 415274.
Recovering orphaned file MKBGFL22.cookie (6078) into directory file 415274.
Recovering orphaned file ONII4R~1.CO~ (6320) into directory file 415274.
Recovering orphaned file ONII4R6E.cookie (6320) into directory file 415274.
Recovering orphaned file Z85QMS~1.CO~ (6804) into directory file 415274.
Recovering orphaned file Z85QMS9P.cookie (6804) into directory file 415274.
Recovering orphaned file LLRKBB~1.CO~ (8732) into directory file 415274.
Recovering orphaned file LLRKBBGW.cookie (8732) into directory file 415274.
Skipping further messages about recovering orphans.
  541 unindexed files scanned.
  541 unindexed files recovered to original directory.
  0 unindexed files recovered to lost and found.

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
Inserting data attribute into file 627364.
Inserting data attribute into file 627439.
Inserting data attribute into file 627490.
Inserting data attribute into file 673250.
  90114 data files processed.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
Windows replaced bad clusters in file 316127
of name \$WINDOWS.~BT\NewOS\Windows\WinSxS\AMA68E~1.447\TSpkg.dll.
Windows replaced bad clusters in file 406362
of name \Windows\WinSxS\AM954D~1.0_N\mrt100.dll.
  733936 files processed.
File data verification completed.
An unspecified error occurred (75736e6a726e6c2e 4f8).
Failed to transfer logged messages to the event log with status 50.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:39 PM

Posted 06 January 2018 - 01:02 PM

Greetings.

I would like you to back up all of the data files to an external drive if you have not done so already. If you need instructions about saving the documents, music, photos, etc. while in the recovery environment please let me know.

Let me know when you have finished or have questions.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 RashaadT83

RashaadT83
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 06 January 2018 - 01:26 PM

Ok, I will do so. Is this done by going thru notepad and sending folders to hard drive?



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:39 PM

Posted 06 January 2018 - 01:28 PM

Exactly. :thumbsup2:
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 RashaadT83

RashaadT83
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 06 January 2018 - 01:37 PM

Ok, I have a Seagate FreeAgent external drive. When I tried to transfer i get error 0x80004005: Unspecified error.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users