How it happened:
- updated windows + restarted
- Windows explore was slow to open (3 seconds with win+e shortcut, but 0.1s while clicking explore desktop_shortcut)
- Noticed my computer created Public share folders (with nothing in them)
- Access denied to delete them.
- Thought I had a virus.
- Reboot to save mode + networking (using msconfig to check safemode box)
- installed mbam + scan = no detections
- Tried to uninstall mbam = access denied
- ran mbam clean utility + restart + installed mbam again + scan = no detections
- did not check rootkit box
- set chkdsk c: /r /f to run on reboot - boot hang while loading
To fix I have done:
- boot to windows7 installation cd
- error - windows not recognized
- boot to my own recovery cd i made with my windows 3 months ago
- successfully run chkdsk j:/ /r /f
- sfc /scannnow /offbootdir=j:\ /offwindir=j:\windows = failed (j was the OS disk randomly on this cd_boot)
- attempted startup repair by windows_recovery_cd
- error not possible
- read: https://forum.avast.com/index.php?topic=152627.0
- read: https://forum.avast.com/index.php?topic=53253.0
- Tried to follow instructions. Could not run FRST.exe from cd
[b]OS drive not C:[/b]
no matter what I do
OS drive = D:\ or other random letter
All SATA connections unplugged except for OS HDD & DVD/CD drive.
Pictures
http://i216.photobucket.com/albums/cc217/lalabby/aswRvrt_sys/2014-12-11021542_zps0b32f41d.jpg
http://i216.photobucket.com/albums/cc217/lalabby/aswRvrt_sys/2014-12-11142348_zpsb7ee6896.jpg
http://i216.photobucket.com/albums/cc217/lalabby/aswRvrt_sys/2014-12-11141658_zpsa7d521d8.jpg
http://i216.photobucket.com/albums/cc217/lalabby/aswRvrt_sys/2014-12-11142427_zpsf8a732e7.jpg
http://i216.photobucket.com/albums/cc217/lalabby/aswRvrt_sys/2014-12-11140824_zps4dec7811.jpg
http://i216.photobucket.com/albums/cc217/lalabby/aswRvrt_sys/2014-12-11132853_zpsece7770c.jpg
My opinion?
something wrote over all my windows drivers or the c:\windows folder
Thank you all in advance. Your tutorials have been very clear and excellent. I just wished my computer wasn’t so difficult.
We still have a few tricks. Hold on a while, I shall get someone for you
Are you able to use the command prompt from recovery console ?
Type in diskpart
At the DISKPART> prompt type: LIST DISK
Does this show all partitions ?
OK diskpart is seeing the system reserved partition (with boot data) as C
Are you able to see the USB drive with FRST on it ?
https://dl.dropbox.com/u/73555776/notepad.JPG
The notepad opens. Under File menu select Open.
Select “Computer” and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
https://dl.dropboxusercontent.com/u/73555776/frst.JPG
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
OK this fix will disable both ZoneAlarm and Avast as they use low level drivers
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Save the attached fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
Yes sir. Good test.
Ran fixlist.txt - attached & below (1week)
https://paste.kde.org/pgfrrnd53
FRST64.exe seemed to rename the file ‘fixlist.txt’ or delete the original as only Fixlog.txt remains.
EDIT:
Boot still hangs. Currently stops @ CLASSPNP.sys
image showing new boot_hang
Yes the fixlist is automatically deleted
OK this narrows it down now to possibly the atapi file
So lets initially try an SFR scan but this time use the c drive as it should recognise that
Go to command prompt and type the following command :
sfc /scannow /offbootdir=c:\ /offwindir=c:\windows
OMG VICTORY! You’re the best essexboy.
I let the boot just keep hanging through frustration & went down stairs to eat… It booted.
No idea how long it took (at least 5min)
safe_mode_boot_image
What should I do now? Still run sfc? Restart & see if it boots again? Boot to recovery_cd & run sfc?
As you are in the first job I would suggest is to run SFC from an elevated command prompt
Go Start > All Programs > Accessories
Right click command prompt and select run as administrator
In the box type :
sfc /scannow
Allow it to complete and then reboot
Once back in normal mode run a fresh FRST scan for me
Following all run from 1st safe_mode_boot:
-
sfc /scannow - fail @ 62%
jpg image showing sfc failure
-
frst64.exe - attached
frst64.exe all boxes checked
I was scared to restart because of sfc fail. If you say so, I will restart into “normal_mode” and run frst64.exe again. Part of me wants to do some malware scans.
Nothing much showing there, so I feel it was a software problem somewhere within the windows system rather than malware
At some stage you will need to reboot so it would be best to get that scary part over with now
Normal_Boot successful.
frst64.exe - attached
EDIT:
Ah, could be the old ssd. What’s the best way to uncorrupt windows?
Attached CBS log (1 week):
https://paste.kde.org/p2nirq7lr
CBS log old_version (1 week):
https://paste.kde.org/pxsdcykz4
Probably need to run some smart data from my OS_HDD:
- Shows good @ 20,200+ hours
- 106 bad blocks seems to be no big deal
- 94% still good
http://i216.photobucket.com/albums/cc217/lalabby/2014-12-12193618_zps8171a5fe.jpg
Logs look good, the errors in SFC are pretty normal
Remember you have no firewall or AV running at the moment. For avast do a clean install
Download Avast Uninstall Utility to your Desktop.
Download the correct version of Avast
Avast Free
Avast Pro
Avast Internet Security
Avast Premier
Disconnect from the net
Uninstall Avast via control panel
[]Run the uninstall tool and accept the reboot to safe mode
[]Once complete reboot your system
[*]Reinstall Avast
Clean uninstall ZA… http://download.zonelabs.com/bin/free/beta/cleanuninstall.txt
Thank you so much for the personal help essexboy. Will uninstall and re-install.
Will have to track down what gave my system so much corruption.
You could be chasing a needle in a haystack there, as there are a multitude of causes