Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lots of ntdll.dll!dbgUiRemoteBreakin+0x50 threads - possible rootkit?


  • Please log in to reply
24 replies to this topic

#16 Android8888

Android8888

  • Malware Response Team
  • 153 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:55 PM

Posted 09 November 2018 - 07:09 PM

The guide you linked suggests it can take up to three consecutive attempts for a startup repair to be successful in some cases. Should I proceed with a second attempt?

Yes, perform the three attempts please.

 

Let me know each result.


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


BC AdBot (Login to Remove)

 


#17 NF2K_

NF2K_
  • Topic Starter

  • Members
  • 13 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:55 PM

Posted 09 November 2018 - 08:03 PM

Automatic startup repair attempt #2 completed.
Same results in same order except times to complete individual tests a little different:
 

Startup Repair cannot repair this computer automatically.
 
Problem details:
 
Problem Event Name: StartupRepairOffline
Problem Signature 01: 0.0.0.0
Problem Signature 02: 0.0.0.0
Problem Signature 03: unknown
Problem Signature 04: 0
Problem Signature 05: unknown
Problem Signature 06: 1
Problem Signature 07: unknown
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033

 
Diagnostic and repair details:
  

Startup Repair diagnosis and repair log:
---
Number of repair attempts: 1
 
Session details
---
System Disk \Device\Harddisk1
Windows directory = 
AutoChk Run = 0
Number of root causes = 1
 
Test performed:
---
Name: Check for updates
Results: Completed successfully. Error code = 0x0
Time taken = 0ms
 
Test performed:
---
Name: System disk test
Results: Completed successfully. Error code = 0x0
Time taken = 0ms
 
Test performed:
---
Name: Disk failure diagnosis
Results: Completed successfully. Error code = 0x0
Time taken = 32ms
 
Test performed:
---
Name: Disk metadata test
Results: Completed successfully. Error code = 0x0
Time taken = 0ms
 
Root cause found:
---
Partition table is corrupt on disk \Device\Harddisk1.
 
Repair action: Partition table repair
Result: Failed. Error code = 0x490
Time taken = 1926566 ms
 
---
---


Running third attempt now.

#18 Android8888

Android8888

  • Malware Response Team
  • 153 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:55 PM

Posted 09 November 2018 - 08:23 PM

NF2K_

 

I'm off to bed now. It's 1:24h here and I have to wake up early tomorrow.

 

Please post the result of the third attempt and we'll continue tomorrow.

 

Thank you for your patience. Have a goodnight.

 

Android8888


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#19 NF2K_

NF2K_
  • Topic Starter

  • Members
  • 13 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:55 PM

Posted 09 November 2018 - 08:55 PM

Ok so the third attempt failed also after the same amount of time. Unfortunately I'm tired and accidentally clicked out of startup repair without investigating the Diagnostic and repair details.

I only saw the initial dialog which matched the previous two outcomes:

Startup Repair cannot repair this computer automatically.

Problem details:

Problem Event Name: StartupRepairOffline
Problem Signature 01: 0.0.0.0
Problem Signature 02: 0.0.0.0
Problem Signature 03: unknown
Problem Signature 04: 0
Problem Signature 05: unknown
Problem Signature 06: 1
Problem Signature 07: unknown
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033


I did have a look for the logfile in x:\windows\system32\logfiles\ but no srt folder was present, nor on my data drive. I suspect it writes the log file to the windows drive, which of course is unavailable.

The disk layout is the same as it has been since the boot failure issue appeared. That is:
c: "MASSIF"
d: "Local disk" (unpartitioned)
e: DVD drive
x: "boot"

I can run the automatic startup repair a 4th time if you need to see the repair details(?)

I too am going to bed now, we're in the same time zone.
I won't be available from 1pm tomorrow until Sunday evening.

Thanks again. Goodnight

#20 Android8888

Android8888

  • Malware Response Team
  • 153 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:55 PM

Posted 11 November 2018 - 11:19 AM

Hi NF2K_

Please proceed with this:

Boot your computer from the System Repair disc;
Select your preferred language, time and keyboard;
Click Next;
Click Repair your computer at the Install Windows screen;
Select the operating system from the list and click Next;
Select Command Prompt;
At the Command Prompt window type diskpart and press Enter;
At the DISKPART> prompt, type: list disk to display all the drives on your computer. Each drive will have a disk number, starting with 0 (zero) as shown in the example below.

 

list-disk.png

 

 

Please note and post that information in your reply.

 

 

Thank you.

 

Android8888


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#21 NF2K_

NF2K_
  • Topic Starter

  • Members
  • 13 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:55 PM

Posted Yesterday, 10:46 AM

Hi Android8888,

 

Sorry for the delay.

 

Here are the diskpart details:

Microsoft DiskPart version 6.1.7601

Copyright © 1999-2008 Microsoft Corporation.

On computer: MININT-DBP808I

 

DISKPART> list disk

 

  Disk ###  Status        Size     Free     Dyn  Gpt

  --------  ------------- -------  -------  ---  ---

  Disk 0    Online        1863 GB  1024 KB

  Disk 1    Online         223 GB      0 B

 

"Disk 0" is my HDD that I use for data, and some portable applications.

"Disk 1" is my SSD that I run Windows and installed programs from (when it's working).


Edited by NF2K_, Yesterday, 01:44 PM.


#22 Android8888

Android8888

  • Malware Response Team
  • 153 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:55 PM

Posted Yesterday, 05:00 PM

Hello NF2K_

 

Thank you for the information.

 

Let's get back to the Recovery Environment. Please proceed with this:

Boot your computer from the System Repair disc;
Follow the instructions to reach the Command Prompt window, then type diskpart and press Enter;
At the DISKPART> prompt, type the following commands (one at a time) and press Enter after each command:
select disk 1
list volume


Likewise, each volume has a volume number, starting with 0 (zero).

Please note and post that information in your reply.


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#23 NF2K_

NF2K_
  • Topic Starter

  • Members
  • 13 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:55 PM

Posted Yesterday, 06:02 PM

Here are the results:

DISKPART> select disk 1

 

Disk 1 is now the selected disk.

 

DISKPART> list volume

 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

  Volume 0     E   Repair Disc  UDF    DVD-ROM      166 MB  Healthy

  Volume 1     D   MASSIF       NTFS   Partition   1807 GB  Healthy

  Volume 2     C                RAW    Partition    233 GB  Healthy

"list volume" seems to list all available volumes. Is that what was expected?

 

Likewise, each volume has a volume number, starting with 0 (zero).

Are you asking me to repeat the commands for disk 0 here i.e. "select disk 0" and then "list volume" ?


Edited by NF2K_, Yesterday, 06:03 PM.


#24 Android8888

Android8888

  • Malware Response Team
  • 153 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:55 PM

Posted Today, 07:27 AM

NF2K_

Thank you for the information.

 

"list volume" seems to list all available volumes. Is that what was expected?

Yes that's what it does.

 

Are you asking me to repeat the commands for disk 0 here i.e. "select disk 0" and then "list volume" ?

No, disk 0 is the HDD where fortunately (I hope) you store your data and seems to be healthy at this time.


As I suspected the file system in your SSD is labeled as RAW. RAW is not a file system but an error of a partition on the disk. Is a state of the disk which has no known Windows file system, such as FAT32 or NTFS. It is as if the data were all shuffled and with no structure to be accessed or read. As a result, you can’t access files on the drive although physically they are still there.

A RAW drive can be caused by a number of reasons such as virus infection, format failure, reading errors and bad blocks in large numbers, damaged file system structure, accidentally shut down operating system, power outages, etc.

Unless recovering data (if you have any to recover on the SSD) and then reinstall Windows, there is not much we can do now.

Fortunately it appears you have your data stored on another physical drive (the HDD) which was a very good option.

 

 

At this time, do you have any questions or do you need any further assistance?

Please let me know what you decide to do.


Thank you.

Android8888


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#25 NF2K_

NF2K_
  • Topic Starter

  • Members
  • 13 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:55 PM

Posted Today, 03:21 PM

Android8888,

 

Thanks for your help.

I did have a look around for the web for some free bootable partition recovery software but couldn't find anything I trusted, and it wasn't worth it to buy the licensed versions of the more reputable ones, so I decided I'd just reinstall Windows from the installation disc instead.

I'm not sure if I'm forgetting to do something, but the SSD is not listed in the "Where do you want to install Windows?" selection screen. My HDD is listed (two partitions in fact as there is also an old XP install on there which is inactive), but not the SSD.

I then used diskpart to format the SSD to NTFS, restarted the machine, and it's still not listed in the "Where do you want to install Windows?".

I can read and write files to the new NTFS partition on the SSD from the recovery environment (using notepad accessed via the recovery command prompt).

 

I have also considered that I might need to load drivers from an external source for the disk to show on the install screen, although I'm 95% sure I didn't have to do that last time I installed Windows 7 on this SSD a few month ago.

 

Any ideas?

Thanks


Edited by NF2K_, Today, 03:23 PM.





4 user(s) are reading this topic

0 members, 4 guests, 0 anonymous users