[Fixit101]

I am trying to repair a friends dell laptop. First problem was could not get onto internet. I scanned with mbam and found various trojans, rootkits, and a few other viruses... After mbam cleaned those, I ran avast which was installed. It found a few things and I moved those to the chest. I then could get on the net in safe mode but not in regular boot. in safe mode I ran kasperskey's virus removal tool. It found a few things and I told it to fix or delete the files it found. Normal boot ceased to load after that. I also ran rouge killer and combofix...A few times I was able to get into safe mode and tried to use the cmd prompt to check/repair files to no avail. now I cannot boot in any mode. I only get a nanosecond blue screen now.

I tried farbar, but repair computer option opens windows to "other user" account and nothing I have tried will let me log in to use farbar on my flash drive.

thx in advance,

[Advertisements]

Hi there and sorry for the delay, what is your operating system ? I.e. Windows XP, Vista, 7 or 8, and is it 32 or 64 bit

[Essexboy]

Hi there and sorry for the delay, what is your operating system ? I.e. Windows XP, Vista, 7 or 8, and is it 32 or 64 bit

[Fixit101]

No problem on the delay, I am thankful for your reply.
Vista; do not know if 32 or 64 bit version.

[Essexboy]

You may need to make both a 32 and 64 bit USB

Download the following three programmes to your desktop :


1. Rufus

For 64bit systems
2. Windows Vista 64bit RC
3. Farbar Recovery Scan Tool x64

For 32bit systems
2. Windows Vista RC
3. Farbar Recovery Scan Tool


Insert the USB stick Then run Rufus

Select the ISO file on the desktop via the ISO icon.

Press Start Burn

Then copy FRST to the same USB





Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this.
Click repair my computer


Select your operating system


Select Command prompt


At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.

Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[Fixit101]

I have to go to work for now...I was going to to some this and take laptop to work, but I do not have time.
I will get back with you tomorrow. Thanks so much for helping me!

[Fixit101]

I brought the laptop to work and will try to run as requested...

[Fixit101]

Ok, after I clicked repair computer and before the vista operating system was listed, I received a popup that says "windows found problems with your computers startup options. do you want to apply repairs and restart your computer?" then it gives a choice to repair and restart or no.
What should I do?

[Essexboy]

Allow windows to conduct a repair then reboot to run FRST

[Fixit101]

Repair was unsuccessful. frst made a log and is posted. the addition txt was not on the drive. I had ran frst once b4 when going through the no boot guide using the avg disc listed on the forum. I'm guessing that is why it didn't make the addition txt.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-05-2013
Ran by SYSTEM on 24-05-2013 10:11:43
Running from F:\
Windows ™ Code Name "Longhorn" Preinstallation Environment (X86) OS Language: English(US)
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Winlogon: [Shell] cmd.exe /k start cmd.exe [x ] ()
BootExecute:

========================== Services (Whitelisted) =================

S3 sacsvr; C:\Windows\system32\sacsvr.dll [13312 2008-01-18] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 FBWF; C:\Windows\System32\DRIVERS\fbwf.sys [69632 2008-01-18] (Microsoft Corporation)
S0 Ramdisk; C:\Windows\System32\DRIVERS\ramdisk.sys [22528 2008-01-18] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [88632 2008-01-18] (Microsoft Corporation)
S0 WimFsf; C:\Windows\System32\Drivers\WimFsf.sys [52224 2008-01-18] (Microsoft Corporation)
S3 BTHMODEM; \SystemRoot\system32\drivers\bthmodem.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-05-24 10:11 - 2013-05-24 10:11 - 00000000 ____D C:\FRST
2013-05-13 11:34 - 2013-05-13 21:43 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-05-11 08:16 - 2013-05-17 19:42 - 268435456 __ASH C:\Windows\System32\temppf.sys

==================== One Month Modified Files and Folders ========

2013-05-24 10:11 - 2013-05-24 10:11 - 00000000 ____D C:\FRST
2013-05-17 19:42 - 2013-05-11 08:16 - 268435456 __ASH C:\Windows\System32\temppf.sys
2013-05-17 19:42 - 2009-01-05 12:47 - 00060048 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-13 21:43 - 2013-05-13 11:34 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-05-11 03:04 - 2011-07-15 07:21 - 00000187 __ASH C:\Master.log

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 3061.43 MB
Available physical RAM: 2688.05 MB
Total Pagefile: 2844.67 MB
Available Pagefile: 2684.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.72 MB

==================== Drives ================================

Drive c: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:4.12 GB) NTFS
Drive e: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Drive f: (ReatogoPE) (Removable) (Total:29.82 GB) (Free:29.61 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 92CD386F)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=137 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 02B3F6F1)
Partition 1: (Active) - (Size=30 GB) - (Type=07 NTFS)


Last Boot: 2013-05-11 06:51

==================== End Of Log ============================

[Essexboy]

Could you run FRST again as previously

In the Search box type in the following :

explorer.exe;Bootcat.cache

Then press Search

Once it has completed a search.txt file will be located on the USB please post that

[Fixit101]

looks like no data?

Farbar Recovery Scan Tool (x86) Version: 23-05-2013
Ran by SYSTEM at 2013-05-24 16:53:34
Running from F:\
Boot Mode: Recovery

================== Search: "explorer.exe;Bootcat.cache" ===================

=== End Of Search ===

[Essexboy]

We have two options left, the first is sfc and the second would be to try a restore point

Boot from the USB and select Command Prompt

Select Command prompt


At the command prompt type the following :

SFC /scannow
Hit Enter

and after that runs

chkdsk /f /r
Hit Enter
( Spaces between C and / k and / and f and / )

Retry Startup Repair after Chkdsk.


If that fails then again from the USB select System Restore

[Fixit101]

ok, this is what have when I boot
x :\sources>
I typed in this:
x :\sources> SFC /scannow
beginning scan
windows resource protection could not perform the requested action


I also tried this:
x :\sources> chkdsk /f /r

It could not lock the current drive
and could not run disk checking on this volume because it is write protected.

I also tried system restore and no restore points were found...

Edited by Fixit101, 24 May 2013 - 05:40 PM.

[Essexboy]

OK for the SFC scan
At the X prompt type C:\
Then type SFC /scannow

[Fixit101]

x:\Sources>c:\sfc /scannow

Reads:

the file or directory is corrupted and unreadable

reads the same thing for chkdsk...

ain't looking good!!