Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Desktop is gone


  • Please log in to reply

#136
noahdfear

noahdfear

    Malware Expert

  • Expert
  • 1,316 posts
  • MVP
Thanks - just making sure sfc.exe is present.

Please restart the computer and immediately begin tapping the F8 key to enable the Advanced start menu.
If 'Repair your computer' is an option, please select it.
If the option is not there, you will need to boot from the Vista dvd, then select the Repair your computer option at the Install Windows screen as shown below.

Posted Image

Once you get to the System Recovery Options screen, let me know what drive letter is shown for the operating system, as illustrated below.

Posted Image
  • 0

Advertisements


#137
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
It shows (C:) SQ008696V02. Noah, I have to leave for a couple of hours I'll fallow up on whatever instructions you send when I came back. Thanks!
  • 0

#138
noahdfear

noahdfear

    Malware Expert

  • Expert
  • 1,316 posts
  • MVP
No hurry :)

From the System Recovery Options menu, select Command Prompt
Type the following command then hit Enter.

sfc /scannow /offbootdir=c:\ /offwindir=c:\windows

Please note the spaces in the command. There is a space just before each command switch, eg;

/scannow is a switch
/offbootdir=c:\ is a switch
/offwindir=c:\windows is a switch

You should see a 'Beginning system scan' message as shown below.

Posted Image

When the scan completes you will be notified, at which time you can close the command prompt and restart back to normal mode. Let me know what happens and if there's any change.
  • 0

#139
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
I did the command, restared the computer, it gets to the loggin screen, if I choose either Administrator or Tony it goes to a dark screen and I'm not able to log in. By the way when the scan finished it did show that some files were corrupted and it had fix them.

Edited by jllaz, 19 December 2009 - 06:42 PM.

  • 0

#140
noahdfear

noahdfear

    Malware Expert

  • Expert
  • 1,316 posts
  • MVP
Dark screen? Please be more descriptive.

If sfc named any files, do you recall any of the filenames?
  • 0

#141
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
When I start the computer it goes thru the usual bootup motion. It gets to the login screen and it gives me the acct. choice. Admin. or Tony. I tried both ways allready and it starts the proccess but within seconds the screen darkens a little and all I can see is the cursor or pointing arrow all this time there still is activity on the disk until a few seconds later the activity stops and the screen still the same, no desktop or any other message. The scan only said that some files were found to be corrupted it did not list any names, only gave an exemple of where the log could be found on the C: dr.
  • 0

#142
noahdfear

noahdfear

    Malware Expert

  • Expert
  • 1,316 posts
  • MVP
Lets see if we can determine what files were replaced. Go back to Repair your computer command prompt and execute the following commands.

c:\windows\system32\findstr.exe /c:"[SR]" c:\windows\logs\cbs\cbs.log >temp.txt

c:\windows\system32\findstr.exe /i "corrupted" temp.txt >temp1.txt

notepad temp1.txt


The log will show the time and date as well as any files affected. Please let me know what you find.
You can also at this time type notepad temp.txt to view the entire log, then match corresponding entries and check the events around each file to see which of the replacements failed or succeeded.
  • 0

#143
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Result: Four statements FINDSTR= Can not open /i,corrupted, temp.txt, notepad
  • 0

#144
noahdfear

noahdfear

    Malware Expert

  • Expert
  • 1,316 posts
  • MVP
Sounds like you didn't get the spacing in the commands correct. Highlight and copy those commands then paste them into notepad.
Use the left/right arrow keys to determine the exact spacing in the commands.
  • 0

#145
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Sorry, do I execute each statement separate?
  • 0

Advertisements


#146
noahdfear

noahdfear

    Malware Expert

  • Expert
  • 1,316 posts
  • MVP
Yes. Hit Enter after each line.

You can also try this.
Connect your flash drive to the computer and restart, then go to the Recovery Environment command prompt.
Type diskpart then hit enter.
At the diskpart> prompt type list volume then hit Enter.
This should allow you to see the drive letter assigned to the flash drive - lets say for the following example it is E
Type exit to leave the diskpart tool and return to the command prompt.
Type the following commands.

c:\windows\system32\findstr.exe /c:"[SR]" c:\windows\logs\cbs\cbs.log >temp.txt

copy temp.txt e:\

You should see 1 file copied.
If you do not, type copy temp.txt e:\temp.txt
Shut down and remove the flash drive then use it in your other computer to attach temp.txt to a reply here (attach it rather than copy/paste)
  • 0

#147
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
edit - Log attached

Attached Files

  • Attached File  temp.txt   21.43KB   64 downloads

  • 0

#148
noahdfear

noahdfear

    Malware Expert

  • Expert
  • 1,316 posts
  • MVP
There are no events there corresponding to today. Please type the following at the command prompt then hit Enter.

notepad c:\windows\logs\cbs\cbs.log

Look for events about the time you ran sfc in the Recovery Environment.
  • 0

#149
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
This should be the continuation.

edit - log attached -

Attached Files

  • Attached File  cbs.txt   101.2KB   73 downloads

  • 0

#150
noahdfear

noahdfear

    Malware Expert

  • Expert
  • 1,316 posts
  • MVP
There are no events for that sfc session. :)

Lets try a system restore.
Close the command window and select System Restore from the System Recovery Options menu.
Select the newest restore point shown - should be a ComboFix created restore point from one of the last CF sessions.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP