[BrianDrab]

I installed RougeKiller and Combofix but I never ran them

 

Good.

 

What do I do with the MBR.dat file?

 

That's just a backup of your Master Boot Record. Leave for now until we are done. Then we'll clean it up.

 

Let's uninstall both AVs for now to see if that's preventing you from booting into Normal mode.

 

1. Please uninstall Avast Free Antivirus and AVG 2015.

2. Once they are both uninstalled, let's also run the removal tool. Download and run the AVG 2015 removal tool from here.

3. Then download the Avast removal tool from here and run it.

 

Let me know if you are able to boot normally after these are uninstalled.

 

Thanks.

 

 

 

 

[Advertisements]

PS. The program tried to restart my computer back into normal windows, but it became froze on the log in screen once again. So I had to restart it back into safe mode with networking.

 

 

Understood.

[BrianDrab]

PS. The program tried to restart my computer back into normal windows, but it became froze on the log in screen once again. So I had to restart it back into safe mode with networking.

 

 

Understood.

[Jdailey91]

I uninstalled AVG first and then I ran its removal tool. Then it had me restart and I was able to boot back into normal mode, though really slowly. Once the removal tool started up after the restart it froze. Then I uninstalled Avast and used it's tool without any problems.  I'm currently still in normal mode.

Edited by Jdailey91, 15 January 2015 - 11:24 PM.

[BrianDrab]

Good. So at this point you are in normal mode?

[Jdailey91]

Yes. I am.

[BrianDrab]

Perfect. Now, let's do this. Thanks.

 

Step#1 - Fresh Set of Logs
 1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well. Go ahead and post these before running the next step.

 

 

Step#2 - ChkDsk Scan
1. Right-Click on your Start Screen button in the lower left of your computer and click on Command Prompt (Admin)

2. Answer Yes to allow if you get the User Account Control prompt.
3. You should now have a black window open that you can type in to.
4. Please type chkdsk /R and then press enter. Note: There is a space after the k and before the forward slash.
5. Chkdsk will start to run. Please allow it to finish. You will know it is running when you see text as follows.

 
6. Download ListChkdskResult.exe by SleepyDude and save it on your desktop.

7. Right-click this file and select Run as administrator (Allow if prompted) and a text file will open (and also be saved on the desktop as ListChkdskResult.txt).
    Please copy the contents of this file and paste into your next post.

 

 

 

Items for your next post

1. FRST and Addition logs

2. Chkdsk results

[Jdailey91]

Farbar froze on NvStreamSvc and windows explorer also froze at the same time. Chkdsk says "Chkdsk cannot runs because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts?"

 

I tried to restart Farbar and it froze on the same file again.

Edited by Jdailey91, 15 January 2015 - 11:48 PM.

[BrianDrab]

Go ahead and answer Yes to restart so chkdsk can run.

[Jdailey91]

Checkdisk stopped at 11% I've let it run since you last posted. I don't think it's going to work. ):

[BrianDrab]

This actually may take awhile to run. It could take several hours if there is damage on the drive that needs fixed. If you are able I would let it go. I'm not sure of your time zone but I'm on Eastern time and it's getting a little late. I'm going to turn in and I'll check back in the morning.

 

I've seen chkdsk take up to 12 hours on some machines. So if possible let it go for awhile.

 

Thanks and talk to you soon.

[Jdailey91]

All right. I'll let it run all night and get back with you in the morning. Thank you so much for all of this help.

[Jdailey91]

All right. Looks like it worked. What's the next step?

[BrianDrab]

Cool.

 

Here are the steps from the previous post.

6. Download ListChkdskResult.exe by SleepyDude and save it on your desktop.

7. Right-click this file and select Run as administrator (Allow if prompted) and a text file will open (and also be saved on the desktop as ListChkdskResult.txt).
    Please copy the contents of this file and paste into your next post.

 

[Jdailey91]

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

 

------< Log generate on 1/16/2015 2:50:25 PM >------

Category: 0

Computer Name: Envy

Event Code: 1001

Record Number: 12198

Source Name: Microsoft-Windows-Wininit

Time Written: 01-16-2015 @ 11:56:02

Event Type: Information

User: 

Message: 

 

Checking file system on C:

The type of the file system is NTFS.

Volume label is Windows.

 

A disk check has been scheduled.

Windows will now check the disk.                         

 

Stage 1: Examining basic file system structure ...

  486400 file records processed.                                                        

 

File verification completed.

  4681 large file records processed.                                   

 

  0 bad file records processed.                                     

 

 

Stage 2: Examining file name linkage ...

  667326 index entries processed.                                                       

 

Index verification completed.

  0 unindexed files scanned.                                        

 

  0 unindexed files recovered.                                      

 

 

Stage 3: Examining security descriptors ...

Cleaning up 15 unused index entries from index $SII of file 0x9.

Cleaning up 15 unused index entries from index $SDH of file 0x9.

Cleaning up 15 unused security descriptors.

Security descriptor verification completed.

  90464 data files processed.                                           

 

CHKDSK is verifying Usn Journal...

  37295912 USN bytes processed.                                                           

 

Usn Journal verification completed.

 

Stage 4: Looking for bad clusters in user file data ...

Read failure with status 0xc000009c at offset 0xd28c6000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd28d2000 for 0x1000 bytes.

Read failure with status 0xc000009c at offset 0xd28e3000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd28e9000 for 0x1000 bytes.

Read failure with status 0xc000009c at offset 0xd2d9a000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd2da9000 for 0x1000 bytes.

Read failure with status 0xc000009c at offset 0xd2daa000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd2dac000 for 0x1000 bytes.

Read failure with status 0xc000009c at offset 0xd2dad000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd2db1000 for 0x1000 bytes.

Read failure with status 0xc000009c at offset 0xd2fc2000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd2fcc000 for 0x1000 bytes.

Read failure with status 0xc000009c at offset 0xd2fed000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd2ffc000 for 0x1000 bytes.

Read failure with status 0xc000009c at offset 0xd3ccd000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd3cce000 for 0x1000 bytes.

Windows replaced bad clusters in file 163633

of name \Windows\System32\sru\SRUDB.dat.

Read failure with status 0xc000009c at offset 0x90e179000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0x90e183000 for 0x1000 bytes.

Windows replaced bad clusters in file 189948

of name \PROGRA~2\Steam\STEAMA~1\common\SIDMEI~1\Assets\DLC\DLC_01\Sounds\Streamed\Music\LEADER~1\GENGHI~2.OGG.

Read failure with status 0xc000009c at offset 0xd5258000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd5263000 for 0x1000 bytes.

Read failure with status 0xc000009c at offset 0xd5804000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd5806000 for 0x1000 bytes.

Read failure with status 0xc000009c at offset 0xd5ba7000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd5bac000 for 0x1000 bytes.

Windows replaced bad clusters in file 214448

of name \PROGRA~2\Google\Chrome\APPLIC~1\380212~1.111\RESOUR~1.PAK.

Read failure with status 0xc000009c at offset 0xd184a000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd184f000 for 0x1000 bytes.

Read failure with status 0xc000009c at offset 0xd1d00000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd1d04000 for 0x1000 bytes.

Read failure with status 0xc000009c at offset 0xd21a5000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd21a8000 for 0x1000 bytes.

Read failure with status 0xc000009c at offset 0xd21c9000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd21cf000 for 0x1000 bytes.

Windows replaced bad clusters in file 289200

of name \Windows\System32\nvd3dumx.dll.

Read failure with status 0xc000009c at offset 0xd5df7000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd5e03000 for 0x1000 bytes.

Read failure with status 0xc000009c at offset 0xd6054000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd6054000 for 0x1000 bytes.

Read failure with status 0xc000009c at offset 0xd6055000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd6055000 for 0x1000 bytes.

Windows replaced bad clusters in file 289206

of name \Windows\System32\nvoglv64.dll.

Read failure with status 0xc000009c at offset 0xd48d1000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd48dd000 for 0x1000 bytes.

Read failure with status 0xc000009c at offset 0xd4d5e000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd4d65000 for 0x1000 bytes.

Read failure with status 0xc000009c at offset 0xd4d76000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd4d78000 for 0x1000 bytes.

Read failure with status 0xc000009c at offset 0xd4d79000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd4d7f000 for 0x1000 bytes.

Read failure with status 0xc000009c at offset 0xd4d80000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd4d8d000 for 0x1000 bytes.

Windows replaced bad clusters in file 290272

of name \Windows\SysWOW64\NVCOMP~1.DLL.

Read failure with status 0xc000009c at offset 0xcd855000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xcd862000 for 0x1000 bytes.

Windows replaced bad clusters in file 349017

of name \PROGRA~2\Steam\STEAMA~1\common\BATMAN~2\Binaries\BMLAUN~1.EXE.

Read failure with status 0xc000009c at offset 0xd0ecc000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xd0ed4000 for 0x1000 bytes.

Windows replaced bad clusters in file 356030

of name \PROGRA~1\WINDOW~1\MICROS~1.253\MICROS~1.MET\Autogen\JSBYTE~1.

Read failure with status 0xc000009c at offset 0xce0ac000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xce0ae000 for 0x1000 bytes.

Read failure with status 0xc000009c at offset 0xce68f000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xce69c000 for 0x1000 bytes.

Read failure with status 0xc000009c at offset 0xce6bd000 for 0x10000 bytes.

Read failure with status 0xc000009c at offset 0xce6c2000 for 0x1000 bytes.

Windows replaced bad clusters in file 358138

of name \PROGRA~1\NVIDIA~1\NVSTRE~1\NVSTRE~2.EXE.

  486384 files processed.                                                               

 

File data verification completed.

 

Stage 5: Looking for bad, free clusters ...

  93472260 free clusters processed.                                                       

 

Free space verification is complete.

Adding 29 bad clusters to the Bad Clusters File.

Correcting errors in the Volume Bitmap.

 

Windows has made corrections to the file system.

No further action is required.

 

 709810175 KB total disk space.

 335112556 KB in 376487 files.

    231952 KB in 90465 indexes.

       140 KB in bad sectors.

    576483 KB in use by the system.

     65536 KB occupied by the log file.

 373889044 KB available on disk.

 

      4096 bytes in each allocation unit.

 177452543 total allocation units on disk.

  93472261 allocation units available on disk.

 

Internal Info:

00 6c 07 00 14 20 07 00 26 52 0d 00 00 00 00 00  .l... ..&R......

21 ac 00 00 61 00 00 00 00 00 00 00 00 00 00 00  !...a...........

 

Windows has finished checking your disk.

Please wait while your computer restarts.

 

-----------------------------------------------------------------------

[BrianDrab]

Unfortunately that's kind of what I was expecting. It looks like the hard drive in this computer is going bad. Bad Clusters were replaced which is OK if it only happens occasionally and as a result of a crash or power issue, etc. The biggest concern is all of the Read failure with status 0xc000009c.  

 

First and foremost, please ensure all of the important data on this machine is backed up!

 

Is the machine still under warranty? If so a Hard Drive replacement can be obtained.

 

A couple things here. If you need assistance with obtaining a hard drive and reloading Windows I can guide you through that process. Just let me know.

 

Also you may want to get a second opinion from our Hardware experts. You can post a topic there and reference this topic if you wish.

 

Let me know what your intentions are. Thank you.