1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

notepad - refuses to open

Discussion in 'Windows 7' started by kneidels, Jan 12, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. kneidels

    kneidels Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    6
    hey folks

    using Windows 7, 64 bit.
    recently, my open notepad window seemed to have disappeared from my screen. couldn't bring it back, so "unpinned" from the application task bar.
    but now - it refused to open at all - when i try open it from the start menu, or trying to open it with the actual exe file in windows32 folder, and even doing right-click and Run as Admin. nada...

    any ideas?

    thanks!
     
  2. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    You may have an infection, some will cause this problem.

    Please run these two scans and post the logs.



    • Windows 7 System File Checker
    • Click on Start and type cmd in the search box. Right click on cmd in the popup menu and select Run as Administrator.
    • Another box will open, at the Command Prompt, type sfc /scannow and press Enter. (Note the gap between the c and the /)
    • Let the check run to completion. DO NOT reboot the PC or close the cmd window.
    • Copy & Paste the following command at the Command Prompt and press Enter:

    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt

    • This will place a file on your desktop called sfcdetails.txt which contains the results of the scan.
    • Zip up the file and attach it to your next post.



    1. Download Malwarebytes Anti-Rootkit from this link mbar
    2. Unzip the File to a convenient location. (Recommend the Desktop)
    3. Open the folder where the contents were unzipped to run mbar.exe

    [​IMG]

    4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

    [​IMG]

    5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

    6. The following image opens, select Next.

    [​IMG]

    7. The following image opens, select Update

    [​IMG]

    8. When the Update completes, select Next

    [​IMG]

    9. In the following window ensure "Targets" are ticked. Then select "Scan"

    [​IMG]

    10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

    [​IMG]

    11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

    [​IMG]

    12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

    [​IMG]

    13. Select "Exit" to close down.
    14. Copy and paste the two following logs from the mbar folder:

    System - log
    Mbar - log Date and time of scan will also be shown

    [​IMG]
     
  3. thelionn

    thelionn

    Joined:
    Nov 11, 2012
    Messages:
    55
    i guess it is better to restore the system to a previous state
    press start > all programs > accessories > system tools > system restore
    when it opens press next then choose the date that before the problem occurred
     
  4. kneidels

    kneidels Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    6
    Thanks for the quick reply
    for now. i have just run the first scan - i can already see there is something fishy - am uploading the file here.

    pls let me know if you think i should proceed with the 2nd scan too.

    Thanks again!
     

    Attached Files:

  5. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Yes, please proceed with the second scan. There are four damaged files in the SFC log and no available replacements. We first need to find out what damaged the files.

    Please don't be tempted to use System Restore as suggested by Thelionn, if you are infected it will probably achieve nothing and as it only restores a back up of the registry it will not fix the damaged files.
     
  6. kneidels

    kneidels Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    6
    yeah, wasnt rushing ahead with the restore.
    thanks - proceed with step 2... will report back.
     
  7. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
  8. kneidels

    kneidels Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    6
    ok, here we go.

    thanks again!


    mbar scan log: ===========================================================

    Malwarebytes Anti-Rootkit BETA 1.01.0.1016
    www.malwarebytes.org

    Database version: v2013.01.12.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    [user] :: I5-PC [administrator]

    12/01/2013 22:35:33
    mbar-log-2013-01-12 (22-35-33).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 37628
    Time elapsed: 17 minute(s), 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    c:\Users\[user]\AppData\Local\Temp\Temp1_WinRAR.v4.01.x64.Incl.Keygen-FFF.zip\Keygen.exe (RiskWare.Tool.HCK) -> Delete on reboot.

    (end)


    system log: ===========================================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1016

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED
    CPU speed: 3.093000 GHz
    Memory total: 8492863488, free: 3949510656

    ------------ Kernel report ------------
    01/12/2013 22:16:56
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\vmbus.sys
    \SystemRoot\system32\drivers\winhv.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\DRIVERS\e1c62x64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\drivers\1394ohci.sys
    \SystemRoot\system32\DRIVERS\nusb3xhc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\lmimirr.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\serscan.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\system32\DRIVERS\nusb3hub.sys
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
    \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
    \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\comdlg32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\wininet.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\nsi.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\user32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\ole32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\imm32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\psapi.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\msctf.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\devobj.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xfffffa80099973e0
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000077\
    Lower Device Object: 0xfffffa8009d29880
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    Initialization returned 0x0
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa80090d5060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-2\
    Lower Device Object: 0xfffffa8007589050
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    Initialization returned 0x0
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa80090d4060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa800757d050
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    Downloaded database version: v2013.01.12.08
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa80090d4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80090d4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80090d4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800757d050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Upper DeviceData: 0xfffff8a022fe6640, 0xfffffa80090d4060, 0xfffffa800c4ca260
    Lower DeviceData: 0xfffff8a022756160, 0xfffffa800757d050, 0xfffffa8006ba6e40
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 5964951D

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 997470208

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 997677056 Numsec = 955842560

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa80090d5060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80090d5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80090d5060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007589050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Upper DeviceData: 0xfffff8a007070690, 0xfffffa80090d5060, 0xfffffa80070eb790
    Lower DeviceData: 0xfffff8a006524f70, 0xfffffa8007589050, 0xfffffa80096407a0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    This drive is a GPT Drive.
    MBR Signature: 55AA
    Disk Signature: 0

    GPT Protective MBR Partition information:

    Partition 0 type is Other (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    GPT Partition information:

    GptHeader Signature 4546492050415254
    GptHeader Revision 65536 Size 92 CRC 707521748
    GptHeader CurrentLba = 1 BackupLba 1953525167
    GptHeader FirstUsableLba 34 LastUsableLba 1953525134
    GptHeader Guid d7fd2844-ffc0-4f77-9378-9224db8d925
    GptHeader 128 Partitions starting at LBA 2
    GptHeader Partition entry size = 128

    Backup GptHeader Signature 4546492050415254
    Backup GptHeader Revision 65536 Size 92 CRC 707521748
    Backup GptHeader CurrentLba = 1953525167 BackupLba 1
    Backup GptHeader FirstUsableLba 34 LastUsableLba 1953525134
    Backup GptHeader Guid d7fd2844-ffc0-4f77-9378-9224db8d925
    Backup GptHeader 128 Partitions starting at LBA 1953525135
    Backup GptHeader Partition entry size = 128
    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID d2386706-4d1f-429b-b618-17c4c021adc
    FirstLBA 34 Last LBA 262177
    Attributes 0
    Partition Name Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID dc14df76-9b5d-4f67-b5c2-1e175a383965
    FirstLBA 264192 Last LBA 1953523711
    Attributes 0
    Partition Name Basic data partition

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xfffffa80099973e0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8009d4ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80099973e0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8009d29880, DeviceName: \Device\00000077\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Upper DeviceData: 0xfffff8a0037adf70, 0xfffffa80099973e0, 0xfffffa80093822a0
    Lower DeviceData: 0xfffff8a013d20cc0, 0xfffffa8009d29880, 0xfffffa800bcc3400
    Drive 2
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: CC166CDA

    Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 976768002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Done!
    Performing system, memory and registry scan...
    Infected: c:\Users\[user]\AppData\Local\Temp\Temp1_WinRAR.v4.01.x64.Incl.Keygen-FFF.zip\Keygen.exe --> [RiskWare.Tool.HCK]
    Done!
    Scan finished
    =======================================
     
  9. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    No sign of any infections from that scan only a Keygen for a pirated copy of WinRar.

    Do you have a retail copy of Windows 7? if not you can download a copy from here Windows 7 ISO downloads Make sure you download the same version as you have installed on your PC.
    Then you need to burn the ISO image to a DVD, if you don't have an ISO burner download this: ImgBurn

    Install the program and start the application. Select the top left hand option to burn image file to disk and then on the next window click on the small yellow folder icon and browse to the ISO file you wish to burn. Then click on the two grey discs with the arrow in between (bottom left) and leave it to complete the operation.

    Once that is done we can use the DVD to replace the missing files.

    But first we need to run some more scans to try and find out what caused the file damage.

    Please run the following three scans and post the logs.


    SCAN 1
    Disk Check

    • Click on Start then type cmd in the search box. A menu will pop up with cmd at the top, right click on it and select Run as Administrator. Another box will open, at the prompt type chkdsk /r and hit Enter. Note: you must include a space between the k and the /
    • You will then see the following message:
      chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)
    • Type Y for yes, and hit Enter. Then reboot the computer.
    • chkdsk will start when Windows begins loading again. Let all 5 phases run and don't use or turn off the computer. (The chkdsk process may take an hour or more to finish, if it appears to freeze this is normal so do not interrupt it. On drives above 500GB it can take several hours.)
    • When the Disk Check is done, it will finish loading Windows.


    Then follow this guide to find the chkdsk log. NOTE: You need to do the search for wininit not chkdsk.
    Windows 7 Disk Check log

    Once the log is in view then click on Copy in the right hand pane and select "Copy details as text".
    You can then right click on the message box on this forum and select Paste and the log will appear, add any further information asked for and then click on Submit/Post Quick Reply and your done.



    SCAN 2
    Click on this link to download : ADWCleaner and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.

    [​IMG]



    SCAN 3
    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page click on this: [​IMG]

    • Quit all running programs
    • Start RogueKiller.exe
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.

    [​IMG]
     
  10. kneidels

    kneidels Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    6
    hey there

    sorry for disappearing for a while!

    I do indeed have an installation disk.

    here is the log from the checkdisk. does this tell you anything?

    Log Name: Application
    Source: Microsoft-Windows-Wininit
    Date: 15/01/2013 15:02:14
    Event ID: 1001
    Task Category: None
    Level: Information
    Keywords: Classic
    User: N/A
    Computer: i5-PC
    Description:


    Checking file system on C:
    The type of the file system is NTFS.

    A disk check has been scheduled.
    Windows will now check the disk.

    CHKDSK is verifying files (stage 1 of 5)...
    456960 file records processed.

    File verification completed.
    2018 large file records processed.

    0 bad file records processed.

    2 EA records processed.

    124 reparse records processed.

    CHKDSK is verifying indexes (stage 2 of 5)...
    598498 index entries processed.

    Index verification completed.
    0 unindexed files scanned.

    0 unindexed files recovered.

    CHKDSK is verifying security descriptors (stage 3 of 5)...
    456960 file SDs/SIDs processed.

    Cleaning up 30 unused index entries from index $SII of file 0x9.
    Cleaning up 30 unused index entries from index $SDH of file 0x9.
    Cleaning up 30 unused security descriptors.
    Security descriptor verification completed.
    70770 data files processed.

    CHKDSK is verifying Usn Journal...
    36149752 USN bytes processed.

    Usn Journal verification completed.
    CHKDSK is verifying file data (stage 4 of 5)...
    Windows replaced bad clusters in file 25475
    of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\NOBC2E~1\Report.wer.
    Windows replaced bad clusters in file 25497
    of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\NO844C~1\Report.wer.
    Windows replaced bad clusters in file 25503
    of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\NO0AE0~1\Report.wer.
    Windows replaced bad clusters in file 25599
    of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\NO39B5~1\Report.wer.
    Windows replaced bad clusters in file 25652
    of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\NO73E4~1\Report.wer.
    Read failure with status 0xc00000b5 at offset 0x1f4118c000 for 0x10000 bytes.
    Read failure with status 0xc00000b5 at offset 0x1f41195000 for 0x1000 bytes.
    Read failure with status 0xc00000b5 at offset 0x1f41196000 for 0x10000 bytes.
    Read failure with status 0xc00000b5 at offset 0x1f41196000 for 0x1000 bytes.
    Read failure with status 0xc00000b5 at offset 0x1f41197000 for 0x10000 bytes.
    Read failure with status 0xc00000b5 at offset 0x1f41197000 for 0x1000 bytes.
    Read failure with status 0xc00000b5 at offset 0x1f41198000 for 0x10000 bytes.
    Read failure with status 0xc00000b5 at offset 0x1f41198000 for 0x1000 bytes.
    Read failure with status 0xc00000b5 at offset 0x1f41199000 for 0x10000 bytes.
    Read failure with status 0xc00000b5 at offset 0x1f41199000 for 0x1000 bytes.
    Windows replaced bad clusters in file 395240
    of name \oraclexe\oradata\XE\CONTROL.DBF.
    456944 files processed.

    File data verification completed.
    CHKDSK is verifying free space (stage 5 of 5)...
    58836595 free clusters processed.

    Free space verification is complete.
    Adding 5 bad clusters to the Bad Clusters File.
    CHKDSK discovered free space marked as allocated in the volume bitmap.
    Windows has made corrections to the file system.

    498735103 KB total disk space.
    262617400 KB in 356500 files.
    193584 KB in 70771 indexes.
    20 KB in bad sectors.
    577719 KB in use by the system.
    65536 KB occupied by the log file.
    235346380 KB available on disk.

    4096 bytes in each allocation unit.
    124683775 total allocation units on disk.
    58836595 allocation units available on disk.

    Internal Info:
    00 f9 06 00 0e 85 06 00 98 99 0b 00 00 00 00 00 ................
    2c 12 00 00 7c 00 00 00 00 00 00 00 00 00 00 00 ,...|...........
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

    Windows has finished checking your disk.
    Please wait while your computer restarts.

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-01-15T13:02:14.000000000Z" />
    <EventRecordID>68224</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>i5-PC</Computer>
    <Security />
    </System>
    <EventData>
    <Data>

    Checking file system on C:
    The type of the file system is NTFS.

    A disk check has been scheduled.
    Windows will now check the disk.

    CHKDSK is verifying files (stage 1 of 5)...
    456960 file records processed.

    File verification completed.
    2018 large file records processed.

    0 bad file records processed.

    2 EA records processed.

    124 reparse records processed.

    CHKDSK is verifying indexes (stage 2 of 5)...
    598498 index entries processed.

    Index verification completed.
    0 unindexed files scanned.

    0 unindexed files recovered.

    CHKDSK is verifying security descriptors (stage 3 of 5)...
    456960 file SDs/SIDs processed.

    Cleaning up 30 unused index entries from index $SII of file 0x9.
    Cleaning up 30 unused index entries from index $SDH of file 0x9.
    Cleaning up 30 unused security descriptors.
    Security descriptor verification completed.
    70770 data files processed.

    CHKDSK is verifying Usn Journal...
    36149752 USN bytes processed.

    Usn Journal verification completed.
    CHKDSK is verifying file data (stage 4 of 5)...
    Windows replaced bad clusters in file 25475
    of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\NOBC2E~1\Report.wer.
    Windows replaced bad clusters in file 25497
    of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\NO844C~1\Report.wer.
    Windows replaced bad clusters in file 25503
    of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\NO0AE0~1\Report.wer.
    Windows replaced bad clusters in file 25599
    of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\NO39B5~1\Report.wer.
    Windows replaced bad clusters in file 25652
    of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\NO73E4~1\Report.wer.
    Read failure with status 0xc00000b5 at offset 0x1f4118c000 for 0x10000 bytes.
    Read failure with status 0xc00000b5 at offset 0x1f41195000 for 0x1000 bytes.
    Read failure with status 0xc00000b5 at offset 0x1f41196000 for 0x10000 bytes.
    Read failure with status 0xc00000b5 at offset 0x1f41196000 for 0x1000 bytes.
    Read failure with status 0xc00000b5 at offset 0x1f41197000 for 0x10000 bytes.
    Read failure with status 0xc00000b5 at offset 0x1f41197000 for 0x1000 bytes.
    Read failure with status 0xc00000b5 at offset 0x1f41198000 for 0x10000 bytes.
    Read failure with status 0xc00000b5 at offset 0x1f41198000 for 0x1000 bytes.
    Read failure with status 0xc00000b5 at offset 0x1f41199000 for 0x10000 bytes.
    Read failure with status 0xc00000b5 at offset 0x1f41199000 for 0x1000 bytes.
    Windows replaced bad clusters in file 395240
    of name \oraclexe\oradata\XE\CONTROL.DBF.
    456944 files processed.

    File data verification completed.
    CHKDSK is verifying free space (stage 5 of 5)...
    58836595 free clusters processed.

    Free space verification is complete.
    Adding 5 bad clusters to the Bad Clusters File.
    CHKDSK discovered free space marked as allocated in the volume bitmap.
    Windows has made corrections to the file system.

    498735103 KB total disk space.
    262617400 KB in 356500 files.
    193584 KB in 70771 indexes.
    20 KB in bad sectors.
    577719 KB in use by the system.
    65536 KB occupied by the log file.
    235346380 KB available on disk.

    4096 bytes in each allocation unit.
    124683775 total allocation units on disk.
    58836595 allocation units available on disk.

    Internal Info:
    00 f9 06 00 0e 85 06 00 98 99 0b 00 00 00 00 00 ................
    2c 12 00 00 7c 00 00 00 00 00 00 00 00 00 00 00 ,...|...........
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

    Windows has finished checking your disk.
    Please wait while your computer restarts.
    </Data>
    </EventData>
    </Event>
     
  11. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    The disc check shows that your hard drive has bad sectors which would explain the missing files. A bad sector is basically a microscopic spec on the drive surface that is defective and cannot hold data.

    The bad sectors are now marked so they will not get used again and you could continue to use the drive, but the appearance of bad sectors is a sign the drive is wearing out and further bad sectors may soon appear, risking further file corruption and/or data loss.

    If you wish to continue using the drive your easiest option would be to run a repair install which will replace any damaged system files. You will need a retail copy of Window 7 which you say you have but it must include Service Pack 1, you can get it from the link I gave earlier if your copy does not have SP1 included.

    Follow this guide: Windows 7 Repair Install
     
  12. kneidels

    kneidels Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    6
    great - many thanks for all the help, Mark
     
  13. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    You're welcome.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - notepad refuses open
  1. Kylex01
    Replies:
    12
    Views:
    313
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1084882

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice