Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rootkit scan ruined starting Windows 7 Ultimate [Solved]

Rootkit scan Win 7 sign-in screen

  • This topic is locked This topic is locked

#1
mtnester

mtnester

    Member

  • Member
  • PipPip
  • 81 posts

Hello,

 

I use Avast! as my anti-virus program. The last time I did a full scan I also set Avast! to do a rootkit scan on the next bootup, which it did. As part of that scan it alerted me to a PUP with the only choices to ignore or delete--no choice to quarantine. I chose to delete. The scan finished and Windows started up as usual. It stopped at the sign-in screen, except that the screen is blank. There is nothing on it--not even the power button to shut down. I can go to Safe Mode, which is where I am now.

 

Another unfortunate effect of this problem is that Avast cannot be started. I can open the control desk, but can only either download a new free program or buy the premium edition, which I have already in effect until July 2015. When I tried to update the current program there is an RPC error which prevents the license information from being inserted. When I attempted to download a new version, I get a popup saying, "The AAVM subsystem detected a RPC error."

 

How do I get around these problems to get Avast! working and to be able to sign in to my laptop?

 

Thanks for any suggestions.

 

 

system info.jpg

 

 


  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I see you have a on-going topic here also, is the assistance you are requesting for a another machine that is your property I take it ?

If so proceed to the below...If not please inform myself who does actually own the machine before proceeding any further, thank you.

Next:

Regarding this you mentioned:-

How do I get around these problems to get Avast! working and to be able to sign in to my laptop?

Lets proceed as follows outside of the actual Windows environment to check if anything else pertinent is revealed...

Scan with Farbar Recovery Scan Tool:

Please download and save the Farbar Recovery Scan Tool 64-Bit to a Flash/USB drive.

Then insert the Flash/USB drive into your problem machine....

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click on Yes at the disclaimer.
  • Then click on the Scan button.
  • It will create a log (FRST.txt) on the flash drive. Please copy and paste the contents of the aforementioned notepad file in your next reply.

  • 0

#3
mtnester

mtnester

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

I'm on my way out the door for a trip, but to answer your question: this is a different machine. This is an HP; the other one is Asus.

To answer your next possible question, I am taking both laptops with me so that I can work on whatever repairs are necessary. This one, the HP, is one that I hoped to be able to connect to a TV where we are staying for the next 3 weeks, where there is no cable/dish service.

 

I will read the rest of your message this evening when we have reached our temporary stop and then respond.

 

Thank you so much.

 

One other thing.  I have committed the cardinal sin of no backup. Will I be losing any files in the above process?

 

Thanks again,


Edited by mtnester, 06 March 2015 - 01:20 PM.

  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I'm on my way out the door for a trip, but to answer your question: this is a different machine. This is an HP; the other one is Asus.
To answer your next possible question, I am taking both laptops with me so that I can work on whatever repairs are necessary.
This one, the HP, is one that I hoped to be able to connect to a TV where we are staying for the next 3 weeks, where there is no cable/dish service.

Acknowledged and thank you for the clarification.

I will read the rest of your message this evening when we have reached our temporary stop and then respond.

Thank you so much.

Fair play and you're welcome!

One other thing. I have committed the cardinal sin of no backup. Will I be losing any files in the above process?

No this should not occur as for the time being I am only requesting a scan and no actual proactive measures will be taken just yet...

However depending on the size of your flash/usb drive it may be advisable to save some pertinent files etc whilst in the Advanced Boot Options/Command Prompt. As in use that to navigate around much the same way as described in the FRST instructions for example.
  • 0

#5
mtnester

mtnester

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Dakeyras, 

 

Thank you for your willingness to help. Since arrival I have been kept much busier than I expected.

 

After numerous unsuccessful attempts to F8 my HP, I was able to get into repair mode. (Whatever happened to the Pause key that used to be on keyboards? Something kept popping up very briefly about operating system and insert disk.) 

 

The requested info:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by SYSTEM on MININT-R8TQ28Q on 07-03-2015 20:09:42
Running from E:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [WSE_Taplika] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\DV7\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat"
HKU\DV7\...\RunOnce: [WSE_Taplika] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\DV7\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat"
HKU\DV7\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_296_ActiveX.exe [960688 2015-01-27] (Adobe Systems Incorporated)
AppInit_DLLs-x32: C:/ProgramData/{5C5BB498-0CD9-651E-BD5F-159C6DDDC612}/1.7.1.0/sodo.dll => C:\ProgramData\{5C5BB498-0CD9-651E-BD5F-159C6DDDC612}\1.7.1.0\sodo.dll [649216 2015-02-02] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-15] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-15] (Avast Software)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-18] (CyberLink)
S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-12-03] (Coupons.com Inc.)
S2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
S2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
S2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [1142768 2014-03-26] (Paramount Software UK Ltd)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
S2 Update Clock Hand; C:\Program Files (x86)\Clock Hand\updateClockHand.exe [358640 2015-02-03] ()
S2 Util Clock Hand; C:\Program Files (x86)\Clock Hand\bin\utilClockHand.exe [399088 2015-02-13] ()
S2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-12] (Validity Sensors, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-15] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-15] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-15] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-15] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-15] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-15] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-15] ()
S1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2009-10-07] (Cyberlink Co.,Ltd.)
S2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [376304 2009-10-07] (CyberLink Corporation.)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S1 {60b4ca60-5c76-463e-8bce-058498c2450d}w64; C:\Windows\System32\drivers\{60b4ca60-5c76-463e-8bce-058498c2450d}w64.sys [48784 2015-02-02] (StdLib)
S1 {f4191bb0-3007-4fbd-b83f-cc45648f3845}w64; C:\Windows\System32\drivers\{f4191bb0-3007-4fbd-b83f-cc45648f3845}w64.sys [48784 2015-02-13] (StdLib)
S3 ALSysIO; \??\C:\Users\DV7\AppData\Local\Temp\ALSysIO64.sys [X]
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh664.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 20:09 - 2015-03-07 20:09 - 00000000 ____D () C:\FRST
2015-03-07 16:52 - 2015-03-07 16:52 - 00007168 ____N () C:\bootex.log
2015-03-07 16:52 - 2015-03-07 16:52 - 00003432 ____N () C:\bootsqm.dat
2015-03-07 16:40 - 2015-03-07 16:40 - 06103040 _____ () C:\Program Files (x86)\GUTB470.tmp
2015-03-07 16:40 - 2015-03-07 16:40 - 00000000 ____D () C:\Program Files (x86)\GUMB46F.tmp
2015-02-23 16:49 - 2015-02-23 16:49 - 00025965 _____ () C:\Users\Public\Documents\pinterest notes.odt
2015-02-16 22:52 - 2015-02-16 22:52 - 00314288 _____ () C:\Users\Public\Documents\Wire Sculpture beaded jewelry.odt
2015-02-16 22:41 - 2015-02-16 22:41 - 00257410 _____ () C:\Users\Public\Documents\Double Pretzel Earrings.odt
2015-02-16 19:52 - 2015-02-16 19:52 - 00143108 _____ () C:\Users\Public\Documents\Ear Pillows, an Earring Design.odt
2015-02-16 19:11 - 2015-02-16 19:31 - 01908644 _____ () C:\Users\Public\Documents\Burst of Glory Pendant.odt
2015-02-13 21:39 - 2015-02-13 09:28 - 00048784 _____ (StdLib) C:\Windows\System32\Drivers\{f4191bb0-3007-4fbd-b83f-cc45648f3845}w64.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 16:41 - 2014-02-19 10:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-07 16:41 - 2009-07-13 20:45 - 00026544 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-07 16:41 - 2009-07-13 20:45 - 00026544 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 16:40 - 2014-02-16 12:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 16:38 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-07 16:37 - 2014-04-09 21:25 - 00007986 _____ () C:\Windows\setupact.log
2015-03-07 16:13 - 2014-02-16 12:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-06 01:38 - 2014-02-16 15:36 - 01938682 _____ () C:\Windows\WindowsUpdate.log
2015-03-05 16:16 - 2014-11-15 09:01 - 00002186 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-15 23:42 - 2014-02-19 10:03 - 00000000 ____D () C:\Users\DV7\AppData\Local\Adobe
2015-02-15 23:42 - 2014-02-17 01:48 - 00000000 ____D () C:\Users\DV7\AppData\Roaming\Adobe
2015-02-15 23:41 - 2014-11-15 09:09 - 00657408 ___SH () C:\Users\DV7\Documents\Thumbs.db
2015-02-13 21:46 - 2015-02-02 13:53 - 00000000 ____D () C:\Program Files (x86)\Clock Hand
2015-02-13 21:46 - 2009-07-13 18:34 - 00000505 _____ () C:\Windows\win.ini
2015-02-13 21:44 - 2014-05-13 08:33 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

Some content of TEMP:
====================
C:\Users\DV7\AppData\Local\Temp\69017uninstall.exe
C:\Users\DV7\AppData\Local\Temp\APNSetup.exe
C:\Users\DV7\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1ofyvj.dll
C:\Users\DV7\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\DV7\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\DV7\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\DV7\AppData\Local\Temp\install_flashplayer16x32au_gtbd_chrd_dn_aaa_aih.exe
C:\Users\DV7\AppData\Local\Temp\Sqlite3.dll

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-11-05 22:11:34
Restore point made on: 2014-11-06 13:28:24
Restore point made on: 2014-11-07 18:40:25
Restore point made on: 2014-11-13 17:09:49
Restore point made on: 2014-11-13 17:18:56
Restore point made on: 2014-11-13 18:50:19
Restore point made on: 2014-11-13 19:02:01
Restore point made on: 2014-11-15 08:59:10
Restore point made on: 2014-12-12 12:01:30
Restore point made on: 2014-12-12 12:55:18
Restore point made on: 2014-12-24 23:05:27
Restore point made on: 2014-12-24 23:10:52
Restore point made on: 2014-12-28 20:05:38
Restore point made on: 2015-01-04 21:24:26
Restore point made on: 2015-01-09 11:01:39
Restore point made on: 2015-01-14 01:58:33
Restore point made on: 2015-01-20 11:44:25
Restore point made on: 2015-01-27 14:21:50
Restore point made on: 2015-01-30 23:15:28
Restore point made on: 2015-02-02 13:56:58

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 7930.9 MB
Available physical RAM: 7188.45 MB
Total Pagefile: 7929.1 MB
Available Pagefile: 7168.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (250 GB) (Fixed) (Total:232.88 GB) (Free:143.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 91A8F0FC)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 124.9 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

LastRegBack: 2015-01-27 14:23

==================== End Of Log ============================

 

One thing I should mention: ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

 

I am able to operate in Safe Mode. Should I rerun FRST again from Safe Mode rather than the command prompt?

 

 

Ready for next . . .


Edited by mtnester, 07 March 2015 - 08:04 PM.

  • 0

#6
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)
 

Thank you for your willingness to help. Since arrival I have been kept much busier than I expected.

Acknowledged and you're most welcome!

After numerous unsuccessful attempts to F8 my HP, I was able to get into repair mode. (Whatever happened to the Pause key that used to be on keyboards? Something kept popping up very briefly about operating system and insert disk.)

Sometimes HP machines can be problematic regarding this, more of a idiosyncrasy than a actual problem though. Regarding the pause key query this may be of assistance.

I am able to operate in Safe Mode. Should I rerun FRST again from Safe Mode rather than the command prompt?

No need at this time.

Ready for next . . .

After completing the below please check if your machine will now boot up successfully into Normal Mode.

Custom FRST Script:

Please download the attached fixlist(below) and save to your usb/flash drive.

  • Now please enter System Recovery Options then select Command Prompt.
  • Run FRST64 again as outlined in my prior post and then press the Fix button just once and wait.
  • The tool will make a log on the usb/flash drive (Fixlog.txt). Please copy and paste the contents of the aforementioned notepad file in your next reply
  • Reboot your machine back into Normal Mode.

  • 0

#7
mtnester

mtnester

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Hi Dakeyras,

 

I've managed the download part, but my "office" is currently occupied by a 90-lb 90-yr-old and her accoutrements, so the laptop you are helping with is waaaay beyond reach at the current time. Sometime after arrival this evening and whatever family meal has taken place and the excitement of grandchildren has abated (whew--love 'em to death) I will be eagerly anticipating taking a big step forward. My previous attempt at system restoration was not successful, but it looks like you are able to get me back farther than I anticipated.

 

Until later--and thanks again.


  • 0

#8
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Acknowledged. :)
  • 0

#9
mtnester

mtnester

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Hi,

 

The results of the fixlog.txt are as follows:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-03-2015 01
Ran by DV7 at 2015-03-10 02:58:32 Run:1
Running from e:\
Loaded Profiles: DV7 (Available profiles: DV7)
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
LastRegBack: 2015-01-27 14:23
*****************

Error: The restore operation should be done in the recovery mode.

==== End of Fixlog 02:58:32 ====

 

The problem seems to be that there is nothing titled System Recovery Options. Instead, after hitting the F8 key the first thing I see is

"Invalid system disk

Replace the disk, and then press any key"

 

There is no "disk" to replace so I just tap a key which takes me to some options, but I don't know how to take a screen shot and save it so that you can see exactly what I am seeing, which basically is an option to repair, go to Safe Mode, Safe Mode with Networking, and Safe Mode with Command Prompt. I'm stymied at this point as to how to give you the results for which you are asking. I still cannot boot into regular mode. Booting stops at the point after the word Welcome appears but before my user/Admin account so that I can sign in. There simply is nothing on the screen.


  • 0

#10
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

The problem seems to be that there is nothing titled System Recovery Options. Instead, after hitting the F8 key the first thing I see is

"Invalid system disk Replace the disk, and then press any key"

Ok try booting into the Advanced Boot Options again but this time do not have your usb/flash drive connected...

Select Repair your computer >> attach your usb/flash drive >> select Command Prompt and run the the custom frst script as outlined in post #6

In the event still a problem accessing the Advanced Boot Options use your other W7 64 bit machine to create a bootable disk:-

How to create a Windows 7 Startup Repair Disk

Once created use that to boot up the machine we are working on and once the System Recovery Options has loaded, attach your usb/flash drive >> run the custom frst script etc.
  • 0

Advertisements


#11
mtnester

mtnester

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Hi,

 

Unfortunately the DV7 doesn't want to cooperate with the stick now. I had been looking at the incorrect previous post and typed notepaid, which opened but of course FRST wasn't there, exited the prompt screen, removed the stick and put it in the ASUS and noticed that the .exe wasn't on the stick at all. Odd. I don't know what happened that FRST disappeared from the stick, but I copied the previously downloaded file from the ASUS to the stick and reinserted it and selected Command Prompt again. Then I'm told the device isn't ready, so I started all over again; rebooting, F8, Repair, insert stick, Command Prompt, etc. Then when I typed the command line I see the device isn't ready again. I tried to list the files on the stick, but it wasn't ready for that either.  I tried changing the directory to the stick and it actually flashed to E: before immediately returning me to the previous command prompt line. Curses.

 

Of course this trip I'm using the computer case for the DV7 and neglected to pack some blank CDs (which I always have in my ASUS case, but opted to put the ASUS in a sleeve since it's the smaller machine). So I'll be off to beg one from a family member and make another attempt later tonight when I return to my temporary home. (I use *I* loosely, since there are actually 3 of us visiting.)

 

Till later!


Edited by mtnester, 10 March 2015 - 03:09 PM.

  • 0

#12
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Acknowledged...

Does the usb flash drive work correctly in the other machine ? If so try it in a different port on the machine we are working on. :)
  • 0

#13
mtnester

mtnester

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Hi Dakeyras,

 

 

Does the usb flash drive work correctly in the other machine ? If so try it in a different port on the machine we are working on.

 

Unfortunately, no. It will read the files on the usb drive, but when I F8 and chose Repair then insert the usb then select command prompt and try to run FRST64, I get the same error message. This is the same stick I used successfully for all the other downloads and commands previously.

 

The next chance I get I will go to your other suggestion and create a bootable disk and see how successfully that will work for me.

 

Thanks.

 


  • 0

#14
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Acknowledged. :)
  • 0

#15
mtnester

mtnester

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Dakeyras, 

 

Allow the UAC(User Account Control) prompt via selecting Yes. You should now see a menu like the below:-

 

I selected Yes for the UAC prompt. After that there was a quick flash of something that looked like a box but it disappeared so quickly I cannot be sure. In any case there was no box labeled Create a system repair disc. That is as far as I was able to get in creating a repair disk, which means “I got nothing,” so now I'm lost as to what to do next. Please help. I have an ASUS OEM for my other 64-bit machine, if that tells you anything.

 

Added:

I also attempted to make a system repair disk through Control Panel with the same result. I used my phone camera to video what was happening at the time. At 30 fps there were actually two frames on which a box appeared that said "Create a system repair disc/ Select a DC/DVD drive and insert a blank disc into the drive."  

 

Question: Since I am able to access the screen that gives repair options, including repairing startup files when I start into Safe Mode should I try that? In the meantime I am going to attempt a system disk from someone else's computer. They have Windows 7 home, whereas my DV7 has Win 7 Ultimate, but maybe it will take care of the tricky part.

 

In case the information is of any use, I also notice that when starting into Safe Mode on the DV7 the logging screen "sticks" for awhile at the same line. The last line that appears onscreen says "Loaded: \Windows\System32\Drivers\aswRvt.sys"


Edited by mtnester, 12 March 2015 - 03:22 PM.

  • 0






Similar Topics


Also tagged with one or more of these keywords: Rootkit scan, Win 7, sign-in screen

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP