Blue Screen Restart/Different Farbar Results [Solved]
Started by
Don54
, Oct 23 2013 08:26 AM
-
This topic is locked
#16
Posted 24 October 2013 - 08:13 PM
Don54
- Topic Starter
-
- Member
-
- 57 posts
Member
#17
Posted 24 October 2013 - 08:21 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Okay let's try a different approach.
Please download the attached fixlist.txt file to your flashdrive .
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
Please download the attached fixlist.txt file to your flashdrive .
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
#18
Posted 24 October 2013 - 09:07 PM
Don54
- Topic Starter
-
- Member
-
- 57 posts
Member
Having some trouble getting going on this... the "system recovery options" dialog asks me to install drivers for the hard disk... there is a button labeled "load drivers" that takes me to a an "open file" dialog that lists all the storage devices connected to the pc
So I clicked through and got to the standard recovery console menu... selected command prompt, ran Farbar... says it is setting up to read local disk. Still waiting...everything is moving really slowly. Will update in a few.
So I clicked through and got to the standard recovery console menu... selected command prompt, ran Farbar... says it is setting up to read local disk. Still waiting...everything is moving really slowly. Will update in a few.
Edited by Don54, 24 October 2013 - 09:13 PM.
#20
Posted 24 October 2013 - 09:41 PM
Don54
- Topic Starter
-
- Member
-
- 57 posts
Member
Ok, ran Farbar and applied fixlist. Ran really slow. Results below.
*************** Fixlog
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-10-2013
Ran by SYSTEM at 2013-10-24 23:33:42 Run:1
Running from M:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
HKLM-x32\...\Runonce: [181273A2-B37C-45A1-B0F9-3D1F632AC57D] - cmd.exe /C start /D "C:\Users\Don\AppData\Local\Temp" /B 181273A2-B37C-45A1-B0F9-3D1F632AC57D.exe -activeimages -postboot [x]
C:\Users\Don\AppData\Local\Temp" /B 181273A2-B37C-45A1-B0F9-3D1F632AC57D.exe
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\181273A2-B37C-45A1-B0F9-3D1F632AC57D => Value not found.
"C:\Users\Don\AppData\Local\Temp /B 181273A2-B37C-45A1-B0F9-3D1F632AC57D.exe" => File/Directory not found.
==== End of Fixlog ====
*************** Fixlog
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-10-2013
Ran by SYSTEM at 2013-10-24 23:33:42 Run:1
Running from M:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
HKLM-x32\...\Runonce: [181273A2-B37C-45A1-B0F9-3D1F632AC57D] - cmd.exe /C start /D "C:\Users\Don\AppData\Local\Temp" /B 181273A2-B37C-45A1-B0F9-3D1F632AC57D.exe -activeimages -postboot [x]
C:\Users\Don\AppData\Local\Temp" /B 181273A2-B37C-45A1-B0F9-3D1F632AC57D.exe
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\181273A2-B37C-45A1-B0F9-3D1F632AC57D => Value not found.
"C:\Users\Don\AppData\Local\Temp /B 181273A2-B37C-45A1-B0F9-3D1F632AC57D.exe" => File/Directory not found.
==== End of Fixlog ====
#21
Posted 24 October 2013 - 09:57 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
No luck there then.
FRST shows a System Restore point for the 22nd of October. Hopefully that is before your machines problem began.
Let's see whether you can carry out a System Restore to a point before the problem happened.
Go to this link scroll down to OPTION TWO and follow the instructions to carry out a System Restore through System Recovery.
FRST shows a System Restore point for the 22nd of October. Hopefully that is before your machines problem began.
Let's see whether you can carry out a System Restore to a point before the problem happened.
Go to this link scroll down to OPTION TWO and follow the instructions to carry out a System Restore through System Recovery.
#22
Posted 24 October 2013 - 10:05 PM
Don54
- Topic Starter
-
- Member
-
- 57 posts
Member
Tried to run system restore from the recovery console... got a dialog box that said "To use System Restore, you must specify which Windows installation to restore. Restart this computer, select an operating system, and then select System Restore."
Wonder if I should try 'startup repair' while I am still at the recovery console?
Wonder if I should try 'startup repair' while I am still at the recovery console?
#23
Posted 24 October 2013 - 10:10 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Good idea, that was going to be my next suggestion anyway. 
Here is where to go if you need some instructions.
Go to Win 7 Startup Repair for instructions on how to carry out a Startup Repair.
Here is where to go if you need some instructions.
Go to Win 7 Startup Repair for instructions on how to carry out a Startup Repair.
#24
Posted 24 October 2013 - 10:29 PM
Don54
- Topic Starter
-
- Member
-
- 57 posts
Member
Ok startup repair said it couldn't fix the problem... detail link said MBR is corrupted. Running startup repair again just to be sure...
#25
Posted 24 October 2013 - 10:40 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Okay these instructions were originally put together for Vista but they work for Windows 7 as well.
Do you have the windows CD ?
If not are you able to create a recovery disc as shown on this page
When you reboot you will see this although yours may say windows 7. Click repair my computer
Select your operating system
Select Command prompt
At the command prompt type the following
Reboot to normal windows and then come back and tell me how it went.
Do you have the windows CD ?
If not are you able to create a recovery disc as shown on this page
- Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
When you reboot you will see this although yours may say windows 7. Click repair my computer
Select your operating system
Select Command prompt
At the command prompt type the following
- Bootrec.exe /FixMbr
Note the gap... it should be there.
- Once finished type Exit
Reboot to normal windows and then come back and tell me how it went.
#26
Posted 24 October 2013 - 10:50 PM
Don54
- Topic Starter
-
- Member
-
- 57 posts
Member
I can make a recovery disk with another computer here running Win 7. Going to shut it down for now, get some shuteye and pick back up in the a.m.
Thanks so much for your time and attention to this, will let you know how the mbr recovery goes.
Thanks so much for your time and attention to this, will let you know how the mbr recovery goes.
#27
Posted 24 October 2013 - 10:57 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Catch you tomorrow.
Sleep well.
Sleep well.
#28
Posted 25 October 2013 - 01:33 PM
Don54
- Topic Starter
-
- Member
-
- 57 posts
Member
Ok, been at this for hours and to make a long story short I made a Win 7 system repair/boot disk on another pc and booted from it but couldn't get the mbr fixed. Using the boot disk took hours to execute... I can boot into the recovery console but can't really get much accomplished there... can get a command prompt and X:drive but my hard drive doesn't seem to be recognized. Was able to run Farbar again at the command prompt(took forever) and I post the results below. Not a pretty picture.
************* FARBAR Log
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2013
Ran by SYSTEM on MININT-3RJJL1F on 25-10-2013 12:55:47
Running from J:\
WIN_7 (X64) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.
==================== Registry (Whitelisted) ==================
Attention: Software hive is missing.
ATTENTION: Software hive is not loaded.
==================== Services (Whitelisted) =================
==================== Drivers (Whitelisted) ====================
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
==================== One Month Modified Files and Folders =======
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 8%
Total physical RAM: 8183.12 MB
Available physical RAM: 7468.95 MB
Total Pagefile: 8181.27 MB
Available Pagefile: 7444.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:916.82 GB) (Free:737.63 GB) NTFS
Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.17 GB) (Free:0 GB) UDF
Drive j: () (Removable) (Total:7.47 GB) (Free:2.35 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.41 GB) NTFS
==================== MBR & Partition Table ==================
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 0.
========================================================
Disk: 5 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)
==================== End Of Log ============================
************* FARBAR Log
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2013
Ran by SYSTEM on MININT-3RJJL1F on 25-10-2013 12:55:47
Running from J:\
WIN_7 (X64) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.
==================== Registry (Whitelisted) ==================
Attention: Software hive is missing.
ATTENTION: Software hive is not loaded.
==================== Services (Whitelisted) =================
==================== Drivers (Whitelisted) ====================
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
==================== One Month Modified Files and Folders =======
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 8%
Total physical RAM: 8183.12 MB
Available physical RAM: 7468.95 MB
Total Pagefile: 8181.27 MB
Available Pagefile: 7444.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:916.82 GB) (Free:737.63 GB) NTFS
Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.17 GB) (Free:0 GB) UDF
Drive j: () (Removable) (Total:7.47 GB) (Free:2.35 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.41 GB) NTFS
==================== MBR & Partition Table ==================
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 0.
========================================================
Disk: 5 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)
==================== End Of Log ============================
#29
Posted 25 October 2013 - 01:46 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Using the boot disk took hours to execute...
That happened when my hard drive was failing. Not conclusive but not good either.
The Farbar scan one looks bad but I guess it might be that it just didn't get the right drive.
I am think the hard drive is gone but we could have one last try at another option.
This is a way to access your computer using a disk we will create.
Before starting you might like to print these instruction out so that you know what you are doing
- Download OTLPE.iso and save it somewhere you can get it.
- Insert a writable blank CD/DVD in your CD drive and click on the OTPLE.iso to burn a CD. NOTE:
- Reboot your infected system using the boot CD you just created.
- The CD needs to detect your hardware and load the operating system...can take a bit of time, just be patient
- Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy - Double-click on the OTLPE icon.
- Select the Windows folder of the infected drive if it asks for a location
- If asked "Do you wish to load the remote registry", select Yes
- If asked "Do you wish to load remote user profile(s) for scanning", select Yes
- Ensure the box "Automatically Load All Remaining Users" is checked and press OK
- OTL should now start.
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\OTL.txt
- Copy this file to your USB drive if you do not have internet connection on this system.
- Right click the file and select send to : select the USB drive.
- Confirm that it has copied to the USB drive by selecting it
- You can backup any files that you wish from this OS
- Please post the contents of the C:\OTL.txt file in your reply.
#30
Posted 25 October 2013 - 01:58 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Further to my last post.
Just to tell you that I have to go out now and will be away until tomorrow.
I will try and check in from a friends house this evening NZ time but otherwise it will be late afternoon tomorrow.
Just to tell you that I have to go out now and will be away until tomorrow.
I will try and check in from a friends house this evening NZ time but otherwise it will be late afternoon tomorrow.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
