Problems? See this thread at archive.org.
First off, I'm running Win7 Professional x64. The rest of the specs are in my Sig. I currently use AntiVir & Comodo, UAC & Windows Firewall turned off from day one.
I started up my computer this morning and STRANGE things are hapenning. First, my Anti-Virus doesn't start at boot, nor does ATITool (I only use this for GPU temp monitoring). Several of the OS-level features are not working: Snipping tool, system restore, right-clicking on taskbar and selecting properties doesn't work, and several other things.
I manually ran my virus scan (twice), and it found a few things, but they were stuffed away in zip files I have never uncompressed or loaded (yeah, I'm changing all my passwords today). I don't think they were running, b/c the AntiVir runtime scanner would have picked them up I would think.
Here is the error I get when trying to load System Restore:
"Catastrophic failure 0x8000ffff System restore will now close"
I am going to load up in safe mode when I get home, I can't remote into safe mode from where I'm at now. In the end I'll probably just clean install in the next couple days, though I'm apalled that things are so mucked up. I've never had a problem. I don't torrent, P2P, usenet, nothing suspicious/pirating. I don't visit crappy spamware websites.
Anyways, any ideas what has happened?
P.S. I just tried to open up Excel 2007 on that Machine, it says "Microsoft has not been installed for the current user. Please run setup to install the application."
And for Word 2007:
Your AutoCorrect file [insert crazy chinese characters]MSO1033.acl, could not be saved. This file may be read-only, or you may not have permission to modify the file.
I'll keep Googling, I get a sneak suspicion this is all caused by one thing. Not sure what that is. The only thing I've installed in the past couple weeks in the Battlefield MP Beta (which ROCKS, btw).
P.P.S. I'm thinking somehow that my profile has become corrupt and/or my hard-drive may be experiencing problems. I'll be running checkdisk and whatnot until I figure out what's up.
I included a comma-delimited text file of the errors in my even log from today. Not sure if that will help.
-
Attached Files:
-
-
That surely sounds like a bad virus. Try running an online scanner. But with something that bad, it will probably call for a reinstall.
-
There is so much going on here it is difficult to speculate. It sounds like you are running a rdp conneciton now? Using what program or windows' built in?
Running Antivir and Comodo--don't run two antivirus with realtime monitoring at the same time. If you want to run two, turn off the real time mode on one and only manually scan with it.
The Catastrophic failure 0x8000ffff sounds like a memory issue, so run a ram test---could also be system file corruption. Run a chkdsk.
I think system file corruption may be at the root of all your trouble -
Thanks for the reply Gerry.
I re: the Antivir apps, I do not have Comodo's Antivirus installed, just the firewall and defense+ (I use this instead of UAC).
I brought my laptop to work, so I will run chkdsk from the recovery console this morning. I have the feeling that file corruption is the root of the problem. If it were corruption to the registry, and just not my disk, do I have many options? (System restore is not an option, I've already tried this with my DVD). -
if it is file system corruption, then depending on the severity, a chkdsk may repair the registry hives.
You ran system restore from what...the dvd start up repair? Or from within Windows? -
It would not run from w/in Windows, I did it via the DVD. None of the restore points fixed the problems.
My memory scan was clean, I am running chkdsk right now, it has repaired 4 files already on my main partition and is checking the 2nd. I'm hopeful this will clear things up.
My guess is that corruption disabled some key components of explorer to load properly, causing many things to go haywire.
Time will tell. -
Sorry for double, just an update.
Chkdsk did repair a few errors but all problems persist.
Looks like I'll be clean installing later on. =[
Thank. -
What were the results of chkdsk (in event viewer, look for the wininit entry in APPLCIATIONS)
-
Here is the text from the log:
Code:Log Name: Application Source: Microsoft-Windows-Wininit Date: 2/3/2010 9:22:42 AM Event ID: 1001 Task Category: None Level: Information Keywords: Classic User: N/A Computer: 7b0x Description: Checking file system on C: The type of the file system is NTFS. Volume label is New Volume. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... Attribute record of type 0x80 and instance tag 0x0 is cross linked starting at 0x342d08 for possibly 0x7267 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x0 in file 0x10c1c is already in use. Deleted corrupt attribute list entry with type code 128 in file 68636. Unable to locate attribute with instance tag 0x0 and segment reference 0x2000000010c1e. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 68638. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0xc8510 for possibly 0x9 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x3 in file 0x12a09 is already in use. Deleting corrupt attribute record (128, "") from file record segment 76297. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0xc84d7 for possibly 0x9 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x1ba2b is already in use. Deleting corrupt attribute record (128, "") from file record segment 113195. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x504d8 for possibly 0x4 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x1c28c is already in use. Deleting corrupt attribute record (128, "") from file record segment 115340. 122624 file records processed. File verification completed. 217 large file records processed. 0 bad file records processed. 2 EA records processed. 41 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 162084 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 122624 file SDs/SIDs processed. Cleaning up 297 unused index entries from index $SII of file 0x9. Cleaning up 297 unused index entries from index $SDH of file 0x9. Cleaning up 297 unused security descriptors. Security descriptor verification completed. Inserting data attribute into file 68636. Inserting data attribute into file 76297. Inserting data attribute into file 113195. Inserting data attribute into file 115340. 19735 data files processed. CHKDSK is verifying Usn Journal... 34457080 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 122608 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 2127872 free clusters processed. Free space verification is complete. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. Correcting errors in the Volume Bitmap. Windows has made corrections to the file system. 56888319 KB total disk space. 48090452 KB in 102108 files. 61728 KB in 19732 indexes. 0 KB in bad sectors. 224647 KB in use by the system. 65536 KB occupied by the log file. 8511492 KB available on disk. 4096 bytes in each allocation unit. 14222079 total allocation units on disk. 2127873 allocation units available on disk. Internal Info: 00 df 01 00 fd db 01 00 8f 7f 03 00 00 00 00 00 ................ 36 01 00 00 29 00 00 00 00 00 00 00 00 00 00 00 6...)........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Wininit" Guid='{206f6dea-d3c5-4d10-bc72-989f03c8b84b}' EventSourceName="Wininit" /> <EventID Qualifiers="16384">1001</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2010-02-03T17:22:42.000000000Z" /> <EventRecordID>2140</EventRecordID> <Correlation /> <Execution Processid='0' Threadid='0' /> <Channel>Application</Channel> <Computer>7b0x</Computer> <Security /> </System> <EventData> <Data> Checking file system on C: The type of the file system is NTFS. Volume label is New Volume. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... Attribute record of type 0x80 and instance tag 0x0 is cross linked starting at 0x342d08 for possibly 0x7267 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x0 in file 0x10c1c is already in use. Deleted corrupt attribute list entry with type code 128 in file 68636. Unable to locate attribute with instance tag 0x0 and segment reference 0x2000000010c1e. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 68638. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0xc8510 for possibly 0x9 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x3 in file 0x12a09 is already in use. Deleting corrupt attribute record (128, "") from file record segment 76297. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0xc84d7 for possibly 0x9 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x1ba2b is already in use. Deleting corrupt attribute record (128, "") from file record segment 113195. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x504d8 for possibly 0x4 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x1c28c is already in use. Deleting corrupt attribute record (128, "") from file record segment 115340. 122624 file records processed. File verification completed. 217 large file records processed. 0 bad file records processed. 2 EA records processed. 41 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 162084 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 122624 file SDs/SIDs processed. Cleaning up 297 unused index entries from index $SII of file 0x9. Cleaning up 297 unused index entries from index $SDH of file 0x9. Cleaning up 297 unused security descriptors. Security descriptor verification completed. Inserting data attribute into file 68636. Inserting data attribute into file 76297. Inserting data attribute into file 113195. Inserting data attribute into file 115340. 19735 data files processed. CHKDSK is verifying Usn Journal... 34457080 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 122608 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 2127872 free clusters processed. Free space verification is complete. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. Correcting errors in the Volume Bitmap. Windows has made corrections to the file system. 56888319 KB total disk space. 48090452 KB in 102108 files. 61728 KB in 19732 indexes. 0 KB in bad sectors. 224647 KB in use by the system. 65536 KB occupied by the log file. 8511492 KB available on disk. 4096 bytes in each allocation unit. 14222079 total allocation units on disk. 2127873 allocation units available on disk. Internal Info: 00 df 01 00 fd db 01 00 8f 7f 03 00 00 00 00 00 ................ 36 01 00 00 29 00 00 00 00 00 00 00 00 00 00 00 6...)........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts. </Data> </EventData> </Event>
AND, this is never a good sign (these two errors happen at every logon):
Under Avira AntiVir in the Even log there are 2 errors, the first says:
"The engine file has been modified or destroyed: Returned error code 0x9"
The Second:
"An error occurred during a resource request to the Windos NT system. The resource <ENGINE> has not been allocated. this could be due to an out-of-memory error or any other system failure. Returned error code: 0x57"Last edited by a moderator: May 7, 2015 -
Well, the harddrive appears to be physically ok, but that was a pretty messed up file system issue.
Reinstalling Avira may fix Avira, but I don't know.
I'd consider running chkdsk /r at least once and then seeing if the errors return (after reinstalling Avira).
Beyond that, I don't like the looks of those errors...you could try a
sfc /scannow
before going to the entire reinstall. -
Haha, it's totally beefed. Just tried running the Avira installation, and it brings up an error saying that my internet settings are preventing access. I click through to change those settings, and it is blank. I'm going to clean install. I don't want any remnants of this muck.
I'm half embarrassed that I let something like this through. Just goes to show you can't be too careful.
Thanks a ton for all of your help.
Strange Happenings
Discussion in 'Security and Anti-Virus Software' started by Meetloaf13, Feb 2, 2010.
