I need to delete a Desktop.ini

[gplmb]

Hi


Hope someone can help me?

My system will not boot up - goes to startup repair - which fails - I try system restore and it says a file in my itues media folder is corrupted - long file end Desktop.ini)

I have tried and failed to delete this from command prompt using DEL/F/S/Q/A but without success

Thanks in advance

Grant

 

[VistaKing]

Try to download this tool

   Warning

You will need a USB FLASH DRIVE

   Tip

Download the Tool from a non infected PC

Download Farbar Recovery Scan Tool

32-bit Version OS :ar: Farbar Recovery Scan Tool

64-Bit Version OS :ar: Farbar Recovery Scan Tool x64

   Note

Click the rb: button and right-click Computer .Select Properties . Look for System Type: which will say 32-bit Operating System or 64-bit Operating System

Plug the flash drive into the infected PC.

Enter System Recovery Options.

:ar: To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

:ar: To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

:ar: On the System Recovery Options menu you will get the following options:
Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

Select Command Prompt

In the command window type X:\FRST.exe (for x64 bit version type X:\FRST64.exe) and press Enter

   Note

Replace letter X with the drive letter of your flash drive.

   Tip

Type the commands below to see what your letter is for the USB drive and press ENTER after each command

Diskpart
List volume

The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file
Please copy and paste both logs in your reply.(FRST.txt and Addition.txt)

 

[gplmb]

Thanks I will give that a try

Grant

 

[gregrocker]

In these steps for Troubleshooting Windows 7 Failure to Start step 10 copy out the file in question and then delete it to see if the Repair/Restore will complete.

But such an error when running System Restore is unusual and may instead be a symptom of infection.

In that case start at the top of the steps which offer everything possible that can be done to start Win7, leading up to if necessary rescuiing your files to run Recover or do the superior Clean Reinstall.

 

[gplmb]

Thanks guys

I will have a go at this over the weekend

Grant

 

[gplmb]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-06-2013
Ran by SYSTEM on 09-06-2013 21:33:50
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKU\Grant\...\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14749544 2012-03-23] (GARMIN Corp.)
HKU\Grant\...\Run: [Google Update] "C:\Users\Grant\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-21] (Google Inc.)

==================== Services (Whitelisted) =================

S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-20] ()
S2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-20] ()
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1872568 2013-04-19] (Microsoft Corporation)
S3 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
S2 Kodak AiO Network Discovery Service; C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [1390680 2013-05-02] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [1390680 2013-05-02] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-10] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-10] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-10] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130531.001\IDSvia64.sys [513184 2013-04-05] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130531.001\IDSvia64.sys [513184 2013-04-05] (Symantec Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (libusb-Win32)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130601.022\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130601.022\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130601.022\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130601.022\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-01-18] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-09 21:33 - 2013-06-09 21:33 - 00000000 ____D C:\FRST
2013-06-05 17:26 - 2013-06-05 17:32 - 00000000 __SHD C:\found.001
2013-05-30 13:21 - 2013-05-30 13:21 - 00000162 ____A C:\Users\Grant\Downloads\2883.wmv
2013-05-30 12:44 - 2013-05-30 12:44 - 00000000 ____D C:\Users\Grant\AppData\Local\{160DBA4F-B386-47EB-91BC-5C3E84ADD2D8}
2013-05-15 23:39 - 2013-05-05 13:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 23:39 - 2013-05-05 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 23:39 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 23:39 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 10:33 - 2013-05-15 10:33 - 01635727 ____A C:\Users\Grant\Downloads\Hotel offer.pptx
2013-05-15 10:33 - 2013-05-15 10:33 - 01635727 ____A C:\Users\Grant\Downloads\Hotel offer (1).pptx
2013-05-15 10:20 - 2013-05-15 10:22 - 00403456 ____A C:\Users\Grant\Documents\yearbook.pub
2013-05-15 07:04 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 07:04 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 07:03 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 07:03 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 07:03 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 07:03 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 07:03 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 07:03 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 07:03 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 07:03 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 07:03 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 07:03 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 07:03 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 07:03 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 07:02 - 2013-04-04 17:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 07:02 - 2013-04-04 17:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 07:02 - 2013-04-04 17:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 07:02 - 2013-04-04 17:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 07:02 - 2013-04-04 16:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-15 07:02 - 2013-04-04 16:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-15 07:02 - 2013-04-04 16:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 07:02 - 2013-04-04 16:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-15 07:02 - 2013-04-04 16:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 07:02 - 2013-04-04 16:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-15 07:02 - 2013-04-04 16:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 07:02 - 2013-04-04 16:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 07:02 - 2013-04-04 16:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-15 07:02 - 2013-04-04 16:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 07:02 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 07:02 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 07:02 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-15 07:02 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 07:02 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 07:02 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-15 07:02 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 07:02 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 07:02 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-15 07:02 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-15 07:02 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 07:02 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 07:02 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-15 07:02 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-13 13:25 - 2013-05-13 13:25 - 00047981 ____A C:\Users\Grant\Documents\Presentation1.odp
2013-05-10 12:37 - 2013-06-02 08:46 - 00059904 ____A C:\Users\Grant\Documents\learning log v4 (macroless).xls
2013-05-10 12:36 - 2013-05-10 12:36 - 00051712 ____A C:\Users\Grant\Downloads\learning log v4 (macroless) (1).xls

==================== One Month Modified Files and Folders =======

2013-06-09 21:33 - 2013-06-09 21:33 - 00000000 ____D C:\FRST
2013-06-05 17:32 - 2013-06-05 17:26 - 00000000 __SHD C:\found.001
2013-06-05 17:32 - 2011-09-07 07:32 - 00000000 ____D C:\ProgramData\Kodak
2013-06-05 17:32 - 2011-02-23 08:15 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-05 17:32 - 2011-02-18 07:32 - 00000000 ____D C:\users\Grant
2013-06-05 17:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-02 09:15 - 2011-02-18 07:32 - 01880895 ____A C:\Windows\WindowsUpdate.log
2013-06-02 09:10 - 2012-04-09 10:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-02 08:59 - 2011-02-23 12:09 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-02 08:46 - 2013-05-10 12:37 - 00059904 ____A C:\Users\Grant\Documents\learning log v4 (macroless).xls
2013-06-02 08:34 - 2011-06-21 12:07 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1160217133-2842434139-2770959930-1000UA.job
2013-06-02 08:29 - 2009-07-13 20:45 - 00015328 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-02 08:29 - 2009-07-13 20:45 - 00015328 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-02 08:21 - 2011-02-23 12:09 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-02 08:21 - 2011-02-18 08:05 - 00379918 ____A C:\Windows\PFRO.log
2013-06-02 08:21 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-02 08:21 - 2009-07-13 20:51 - 00111204 ____A C:\Windows\setupact.log
2013-06-01 12:20 - 2011-06-21 12:07 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1160217133-2842434139-2770959930-1000Core.job
2013-05-30 13:21 - 2013-05-30 13:21 - 00000162 ____A C:\Users\Grant\Downloads\2883.wmv
2013-05-30 12:44 - 2013-05-30 12:44 - 00000000 ____D C:\Users\Grant\AppData\Local\{160DBA4F-B386-47EB-91BC-5C3E84ADD2D8}
2013-05-29 14:34 - 2011-09-28 11:00 - 00000000 ____D C:\Users\Grant\Tracing
2013-05-27 07:53 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-24 13:26 - 2011-06-21 12:08 - 00002368 ____A C:\Users\Grant\Desktop\Google Chrome.lnk
2013-05-22 12:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-05-21 15:17 - 2012-02-21 12:33 - 00235062 ____A C:\Users\Grant\.DLMSave_back.xml
2013-05-21 15:17 - 2012-02-21 12:33 - 00235062 ____A C:\Users\Grant\.DLMSave.xml
2013-05-21 11:17 - 2012-02-21 12:32 - 00000228 ____A C:\Users\Grant\.DLMTempFile.txt
2013-05-21 11:17 - 2012-02-21 12:32 - 00000000 ____D C:\Program Files (x86)\eMusic Download Manager
2013-05-16 07:12 - 2013-03-27 11:10 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-05-16 05:39 - 2009-07-13 20:45 - 00342664 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 23:41 - 2011-02-23 12:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-15 10:33 - 2013-05-15 10:33 - 01635727 ____A C:\Users\Grant\Downloads\Hotel offer.pptx
2013-05-15 10:33 - 2013-05-15 10:33 - 01635727 ____A C:\Users\Grant\Downloads\Hotel offer (1).pptx
2013-05-15 10:22 - 2013-05-15 10:20 - 00403456 ____A C:\Users\Grant\Documents\yearbook.pub
2013-05-15 10:10 - 2012-04-09 10:10 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 10:10 - 2012-04-09 10:10 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-15 07:08 - 2012-06-28 18:01 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-13 13:25 - 2013-05-13 13:25 - 00047981 ____A C:\Users\Grant\Documents\Presentation1.odp
2013-05-10 12:36 - 2013-05-10 12:36 - 00051712 ____A C:\Users\Grant\Downloads\learning log v4 (macroless) (1).xls

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-06 01:30:50
Restore point made on: 2013-05-14 09:27:38
Restore point made on: 2013-05-15 06:57:23
Restore point made on: 2013-05-15 23:38:59
Restore point made on: 2013-05-24 10:35:07

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4095.23 MB
Available physical RAM: 3443.39 MB
Total Pagefile: 4093.38 MB
Available Pagefile: 3428.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:232.62 GB) NTFS (Disk=0 Partition=2)
Drive f: () (Removable) (Total:0.24 GB) (Free:0.22 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 73A2DAF3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 247 MB) (Disk ID: A3CE7234)
Partition 1: (Active) - (Size=247 MB) - (Type=06)


LastRegBack: 2013-05-24 10:27

==================== End Of Log ============================

 

[gplmb]

Vista King

This is what was reported

Hope it is useful

Grant

 

[cottonball]

gplmb,

Please do the following:

:info: Open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the quote box below (Do not copy the word 'Quote');
Save it on the flash drive that has FRST64 and name it: fixlist.txt

start
LastRegBack: 2013-05-24 10:27
end

:warn: This script is written specifically for gplmb, and, for use on this computer.
Running this on another computer may cause damage to the Operating System!! :warn:

Now, please enter System Recovery Options and select the Command Prompt as done before.

Run FRST64, and press the Fix button, just once, and wait.

The tool creates a report on the pendrive called: Fixlog.txt
Please post Fixlog.txt in your reply.

Reboot the computer. What happens?

 

[gjgjgj]

Nice sharing.It's very useful for me.

 

[gplmb]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-06-2013
Ran by SYSTEM at 2013-06-10 21:13:35 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====




Hi

Here is the fixlog

Unfortunately the system will still not boot up - startup repair is - off line - when i click problem details - a box opens with a list of 7 problem signatures


Thanks again for your efforts

Grant

 

[gregrocker]

What were the results of each of the steps I gave you here:

In these steps for Troubleshooting Windows 7 Failure to Start step 10 copy out the file in question and then delete it to see if the Repair/Restore will complete.

But such an error when running System Restore is unusual and may instead be a symptom of infection.

In that case start at the top of the steps which offer everything possible that can be done to start Win7, leading up to if necessary rescuiing your files to run Recover or do the superior Clean Reinstall.

 

[cottonball]

gplmb,

If a Registry restore did not solve the problem, the guidance provided by gregrocker is the course of action to follow.

 

[gplmb]

gregorycrocker

thanks - I did try and delete the file - but no joy

not sure if I did that correctly

step 10 says...

- 10. If these all fail you can copy out your data using your Windows 7 DVD or System Repair Disk using this method: Copy & Paste - in Windows Recovery Console, or Paragon rescue disk to recover data.

Should I try this now?

Thank-you

Grant

 

[gregrocker]

When you're browsing into the files using Win7 DVD or Repair CD, did you see the file? So what happened when you rightclicked on it to Delete it? It should delete.

You can use the same method to copy out your files to another, HD external HD or USB flash stick.

Try also from Advanced Boot Options Last Known Good Config. Then from disk System Recovery Options run System Restore and Startup Repair. If these all fail after you make good (not sloppy) attempts to run them, try SFC /SCANNOW Run in Command Prompt at Boot

 

[gplmb]

gregcroker

I am having a little trouble creating the system repair disc - i will try again in my office tomorrow - then get back to you

Thanks again

Grant

 

[gregrocker]

I'd burn a Win7 installation DVD which has the Repair console on second screen when booted, and may be needed for getting the superior Clean Reinstall - Factory OEM Windows 7

 

[gplmb]

gregcroker

I think I am a few steps behind you here!

I managed to access the files on my PC but the folder I was looking for is missing - the iTunes Media folder was in the My Music folder but is not there - therfore I am not able to try and delete the relevant file?

Thanks

Grant