notepad - refuses to open

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

kneidels

Thread Starter
Joined
Jan 12, 2013
Messages
6
hey folks

using Windows 7, 64 bit.
recently, my open notepad window seemed to have disappeared from my screen. couldn't bring it back, so "unpinned" from the application task bar.
but now - it refused to open at all - when i try open it from the start menu, or trying to open it with the actual exe file in windows32 folder, and even doing right-click and Run as Admin. nada...

any ideas?

thanks!
 
Joined
May 7, 2011
Messages
14,142
You may have an infection, some will cause this problem.

Please run these two scans and post the logs.



  • Windows 7 System File Checker
  • Click on Start and type cmd in the search box. Right click on cmd in the popup menu and select Run as Administrator.
  • Another box will open, at the Command Prompt, type sfc /scannow and press Enter. (Note the gap between the c and the /)
  • Let the check run to completion. DO NOT reboot the PC or close the cmd window.
  • Copy & Paste the following command at the Command Prompt and press Enter:

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt

  • This will place a file on your desktop called sfcdetails.txt which contains the results of the scan.
  • Zip up the file and attach it to your next post.



1. Download Malwarebytes Anti-Rootkit from this link mbar
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe



4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:



5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.



7. The following image opens, select Update



8. When the Update completes, select Next



9. In the following window ensure "Targets" are ticked. Then select "Scan"



10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:



11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:



12. Select "Yes" to close down the program. If NO infections were found you will see the following image:



13. Select "Exit" to close down.
14. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown

 
Joined
Nov 11, 2012
Messages
55
i guess it is better to restore the system to a previous state
press start > all programs > accessories > system tools > system restore
when it opens press next then choose the date that before the problem occurred
 

kneidels

Thread Starter
Joined
Jan 12, 2013
Messages
6
Thanks for the quick reply
for now. i have just run the first scan - i can already see there is something fishy - am uploading the file here.

pls let me know if you think i should proceed with the 2nd scan too.

Thanks again!
 

Attachments

Joined
May 7, 2011
Messages
14,142
Yes, please proceed with the second scan. There are four damaged files in the SFC log and no available replacements. We first need to find out what damaged the files.

Please don't be tempted to use System Restore as suggested by Thelionn, if you are infected it will probably achieve nothing and as it only restores a back up of the registry it will not fix the damaged files.
 

kneidels

Thread Starter
Joined
Jan 12, 2013
Messages
6
yeah, wasnt rushing ahead with the restore.
thanks - proceed with step 2... will report back.
 

kneidels

Thread Starter
Joined
Jan 12, 2013
Messages
6
ok, here we go.

thanks again!


mbar scan log: ===========================================================

Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.12.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
[user] :: I5-PC [administrator]

12/01/2013 22:35:33
mbar-log-2013-01-12 (22-35-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 37628
Time elapsed: 17 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\[user]\AppData\Local\Temp\Temp1_WinRAR.v4.01.x64.Incl.Keygen-FFF.zip\Keygen.exe (RiskWare.Tool.HCK) -> Delete on reboot.

(end)


system log: ===========================================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED
CPU speed: 3.093000 GHz
Memory total: 8492863488, free: 3949510656

------------ Kernel report ------------
01/12/2013 22:16:56
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\lmimirr.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
\??\C:\Windows\system32\drivers\LMIRfsDriver.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\comdlg32.dll
\Windows\System32\gdi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\advapi32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\urlmon.dll
\Windows\System32\wininet.dll
\Windows\System32\normaliz.dll
\Windows\System32\nsi.dll
\Windows\System32\iertutil.dll
\Windows\System32\kernel32.dll
\Windows\System32\user32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ole32.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\imm32.dll
\Windows\System32\lpk.dll
\Windows\System32\psapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\usp10.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msctf.dll
\Windows\System32\imagehlp.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80099973e0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000077\
Lower Device Object: 0xfffffa8009d29880
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80090d5060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa8007589050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80090d4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800757d050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Downloaded database version: v2013.01.12.08
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80090d4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80090d4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80090d4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800757d050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a022fe6640, 0xfffffa80090d4060, 0xfffffa800c4ca260
Lower DeviceData: 0xfffff8a022756160, 0xfffffa800757d050, 0xfffffa8006ba6e40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5964951D

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 997470208

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 997677056 Numsec = 955842560

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa80090d5060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80090d5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80090d5060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007589050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a007070690, 0xfffffa80090d5060, 0xfffffa80070eb790
Lower DeviceData: 0xfffff8a006524f70, 0xfffffa8007589050, 0xfffffa80096407a0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0

GPT Protective MBR Partition information:

Partition 0 type is Other (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GptHeader Signature 4546492050415254
GptHeader Revision 65536 Size 92 CRC 707521748
GptHeader CurrentLba = 1 BackupLba 1953525167
GptHeader FirstUsableLba 34 LastUsableLba 1953525134
GptHeader Guid d7fd2844-ffc0-4f77-9378-9224db8d925
GptHeader 128 Partitions starting at LBA 2
GptHeader Partition entry size = 128

Backup GptHeader Signature 4546492050415254
Backup GptHeader Revision 65536 Size 92 CRC 707521748
Backup GptHeader CurrentLba = 1953525167 BackupLba 1
Backup GptHeader FirstUsableLba 34 LastUsableLba 1953525134
Backup GptHeader Guid d7fd2844-ffc0-4f77-9378-9224db8d925
Backup GptHeader 128 Partitions starting at LBA 1953525135
Backup GptHeader Partition entry size = 128
Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID d2386706-4d1f-429b-b618-17c4c021adc
FirstLBA 34 Last LBA 262177
Attributes 0
Partition Name Microsoft reserved partition

Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID dc14df76-9b5d-4f67-b5c2-1e175a383965
FirstLBA 264192 Last LBA 1953523711
Attributes 0
Partition Name Basic data partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa80099973e0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009d4ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80099973e0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009d29880, DeviceName: \Device\00000077\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xfffff8a0037adf70, 0xfffffa80099973e0, 0xfffffa80093822a0
Lower DeviceData: 0xfffff8a013d20cc0, 0xfffffa8009d29880, 0xfffffa800bcc3400
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CC166CDA

Partition information:

Partition 0 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 976768002

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Infected: c:\Users\[user]\AppData\Local\Temp\Temp1_WinRAR.v4.01.x64.Incl.Keygen-FFF.zip\Keygen.exe --> [RiskWare.Tool.HCK]
Done!
Scan finished
=======================================
 
Joined
May 7, 2011
Messages
14,142
No sign of any infections from that scan only a Keygen for a pirated copy of WinRar.

Do you have a retail copy of Windows 7? if not you can download a copy from here Windows 7 ISO downloads Make sure you download the same version as you have installed on your PC.
Then you need to burn the ISO image to a DVD, if you don't have an ISO burner download this: ImgBurn

Install the program and start the application. Select the top left hand option to burn image file to disk and then on the next window click on the small yellow folder icon and browse to the ISO file you wish to burn. Then click on the two grey discs with the arrow in between (bottom left) and leave it to complete the operation.

Once that is done we can use the DVD to replace the missing files.

But first we need to run some more scans to try and find out what caused the file damage.

Please run the following three scans and post the logs.


SCAN 1
Disk Check

  • Click on Start then type cmd in the search box. A menu will pop up with cmd at the top, right click on it and select Run as Administrator. Another box will open, at the prompt type chkdsk /r and hit Enter. Note: you must include a space between the k and the /
  • You will then see the following message:
    chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)
  • Type Y for yes, and hit Enter. Then reboot the computer.
  • chkdsk will start when Windows begins loading again. Let all 5 phases run and don't use or turn off the computer. (The chkdsk process may take an hour or more to finish, if it appears to freeze this is normal so do not interrupt it. On drives above 500GB it can take several hours.)
  • When the Disk Check is done, it will finish loading Windows.


Then follow this guide to find the chkdsk log. NOTE: You need to do the search for wininit not chkdsk.
Windows 7 Disk Check log

Once the log is in view then click on Copy in the right hand pane and select "Copy details as text".
You can then right click on the message box on this forum and select Paste and the log will appear, add any further information asked for and then click on Submit/Post Quick Reply and your done.



SCAN 2
Click on this link to download : ADWCleaner and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and click on this icon on your desktop:


You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.





SCAN 3
Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page click on this:


  • Quit all running programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished.
  • Ensure all boxes are ticked under "Report" tab.
  • Click on Scan.
  • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
  • NOTE: DO NOT attempt to remove anything that the scan detects.

 

kneidels

Thread Starter
Joined
Jan 12, 2013
Messages
6
hey there

sorry for disappearing for a while!

I do indeed have an installation disk.

here is the log from the checkdisk. does this tell you anything?

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 15/01/2013 15:02:14
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: i5-PC
Description:


Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
456960 file records processed.

File verification completed.
2018 large file records processed.

0 bad file records processed.

2 EA records processed.

124 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
598498 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
456960 file SDs/SIDs processed.

Cleaning up 30 unused index entries from index $SII of file 0x9.
Cleaning up 30 unused index entries from index $SDH of file 0x9.
Cleaning up 30 unused security descriptors.
Security descriptor verification completed.
70770 data files processed.

CHKDSK is verifying Usn Journal...
36149752 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Windows replaced bad clusters in file 25475
of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\NOBC2E~1\Report.wer.
Windows replaced bad clusters in file 25497
of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\NO844C~1\Report.wer.
Windows replaced bad clusters in file 25503
of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\NO0AE0~1\Report.wer.
Windows replaced bad clusters in file 25599
of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\NO39B5~1\Report.wer.
Windows replaced bad clusters in file 25652
of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\NO73E4~1\Report.wer.
Read failure with status 0xc00000b5 at offset 0x1f4118c000 for 0x10000 bytes.
Read failure with status 0xc00000b5 at offset 0x1f41195000 for 0x1000 bytes.
Read failure with status 0xc00000b5 at offset 0x1f41196000 for 0x10000 bytes.
Read failure with status 0xc00000b5 at offset 0x1f41196000 for 0x1000 bytes.
Read failure with status 0xc00000b5 at offset 0x1f41197000 for 0x10000 bytes.
Read failure with status 0xc00000b5 at offset 0x1f41197000 for 0x1000 bytes.
Read failure with status 0xc00000b5 at offset 0x1f41198000 for 0x10000 bytes.
Read failure with status 0xc00000b5 at offset 0x1f41198000 for 0x1000 bytes.
Read failure with status 0xc00000b5 at offset 0x1f41199000 for 0x10000 bytes.
Read failure with status 0xc00000b5 at offset 0x1f41199000 for 0x1000 bytes.
Windows replaced bad clusters in file 395240
of name \oraclexe\oradata\XE\CONTROL.DBF.
456944 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
58836595 free clusters processed.

Free space verification is complete.
Adding 5 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

498735103 KB total disk space.
262617400 KB in 356500 files.
193584 KB in 70771 indexes.
20 KB in bad sectors.
577719 KB in use by the system.
65536 KB occupied by the log file.
235346380 KB available on disk.

4096 bytes in each allocation unit.
124683775 total allocation units on disk.
58836595 allocation units available on disk.

Internal Info:
00 f9 06 00 0e 85 06 00 98 99 0b 00 00 00 00 00 ................
2c 12 00 00 7c 00 00 00 00 00 00 00 00 00 00 00 ,...|...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-01-15T13:02:14.000000000Z" />
<EventRecordID>68224</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>i5-PC</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
456960 file records processed.

File verification completed.
2018 large file records processed.

0 bad file records processed.

2 EA records processed.

124 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
598498 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
456960 file SDs/SIDs processed.

Cleaning up 30 unused index entries from index $SII of file 0x9.
Cleaning up 30 unused index entries from index $SDH of file 0x9.
Cleaning up 30 unused security descriptors.
Security descriptor verification completed.
70770 data files processed.

CHKDSK is verifying Usn Journal...
36149752 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Windows replaced bad clusters in file 25475
of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\NOBC2E~1\Report.wer.
Windows replaced bad clusters in file 25497
of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\NO844C~1\Report.wer.
Windows replaced bad clusters in file 25503
of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\NO0AE0~1\Report.wer.
Windows replaced bad clusters in file 25599
of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\NO39B5~1\Report.wer.
Windows replaced bad clusters in file 25652
of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\NO73E4~1\Report.wer.
Read failure with status 0xc00000b5 at offset 0x1f4118c000 for 0x10000 bytes.
Read failure with status 0xc00000b5 at offset 0x1f41195000 for 0x1000 bytes.
Read failure with status 0xc00000b5 at offset 0x1f41196000 for 0x10000 bytes.
Read failure with status 0xc00000b5 at offset 0x1f41196000 for 0x1000 bytes.
Read failure with status 0xc00000b5 at offset 0x1f41197000 for 0x10000 bytes.
Read failure with status 0xc00000b5 at offset 0x1f41197000 for 0x1000 bytes.
Read failure with status 0xc00000b5 at offset 0x1f41198000 for 0x10000 bytes.
Read failure with status 0xc00000b5 at offset 0x1f41198000 for 0x1000 bytes.
Read failure with status 0xc00000b5 at offset 0x1f41199000 for 0x10000 bytes.
Read failure with status 0xc00000b5 at offset 0x1f41199000 for 0x1000 bytes.
Windows replaced bad clusters in file 395240
of name \oraclexe\oradata\XE\CONTROL.DBF.
456944 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
58836595 free clusters processed.

Free space verification is complete.
Adding 5 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

498735103 KB total disk space.
262617400 KB in 356500 files.
193584 KB in 70771 indexes.
20 KB in bad sectors.
577719 KB in use by the system.
65536 KB occupied by the log file.
235346380 KB available on disk.

4096 bytes in each allocation unit.
124683775 total allocation units on disk.
58836595 allocation units available on disk.

Internal Info:
00 f9 06 00 0e 85 06 00 98 99 0b 00 00 00 00 00 ................
2c 12 00 00 7c 00 00 00 00 00 00 00 00 00 00 00 ,...|...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>
 
Joined
May 7, 2011
Messages
14,142
The disc check shows that your hard drive has bad sectors which would explain the missing files. A bad sector is basically a microscopic spec on the drive surface that is defective and cannot hold data.

The bad sectors are now marked so they will not get used again and you could continue to use the drive, but the appearance of bad sectors is a sign the drive is wearing out and further bad sectors may soon appear, risking further file corruption and/or data loss.

If you wish to continue using the drive your easiest option would be to run a repair install which will replace any damaged system files. You will need a retail copy of Window 7 which you say you have but it must include Service Pack 1, you can get it from the link I gave earlier if your copy does not have SP1 included.

Follow this guide: Windows 7 Repair Install
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top