Solved Windows 7 - write fault error HDD rogue virus

[kraftwerk]

Hi,

My laptop has a viral infection where I get the Write Fault Error messages and the System Error Hard disk failure message. I have tried to use Malwarebytes but I am unable to install it as it keeps telling me that access is denied. I am unable to use the internet in normal mode as the laptop just restarts a few minutes after I open internet explorer. I have spent hours trying to fix it but I have given up.

Any help would be greatly appreciated.

Thanks

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

Can you operate from safe mode with networking?

 

[kraftwerk]

Yes I can however I still get the same "Access is Denied" message even in safe mode with networking. I also dont seem to have any problem with the internet in safe mode even though im currently using my desktop computer until my laptop is fixed.

 

[Broni]

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt

 

[kraftwerk]

After I click on repair your computer I go into a black screen and then it says windows is loading files at the bottom with the loading bar filled but it just freezes in that nothing happens, its like the screen is just frozen there.

 

[Broni]

You'll have to create Windows 7 DVD using pinned links at my site here: http://www.smartestcomputing.us.com/forum/98-windows-7/ and use second method:

To enter System Recovery Options by using Windows installation disc:

 

[kraftwerk]

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 14-08-2012
Ran by SYSTEM at 15-08-2012 00:18:31
Running from G:\
Windows 7 Enterprise Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RotateImage] C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe [31744 2008-10-30] (Ricoh co.,Ltd.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2221352 2011-03-31] (Synaptics Incorporated)
HKLM\...\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor [1258856 2011-05-09] (Lenovo Group Limited)
HKLM\...\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [112152 2011-01-17] (Intel Corporation)
HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49568 2010-10-26] ()
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash [303824 2011-03-17] (F-Secure Corporation)
HKLM\...\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW [1655504 2011-03-17] (F-Secure Corporation)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [143384 2011-03-30] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [176664 2011-03-30] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [178200 2011-03-30] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Samsung LBP SM] "C:\Windows\Samsung\LaserSMMgr\ssmmgr.exe" /autorun [266240 2003-04-03] (Samsung Electronics.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction [x]
HKLM\...\Run: [pDLlBUpSERAyOw.exe] C:\ProgramData\pDLlBUpSERAyOw.exe [348160 2012-08-14] (PFE)
HKLM\...\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup [336992 2012-07-19] (Power Software Ltd)
HKU\100400248\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\100400248\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [17093512 2011-04-01] (Skype Technologies S.A.)
HKU\100400248\...\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent [1353080 2012-08-13] (Valve Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
AppInit_DLLs: C:\Windows\system32\nvinit.dll
Startup: C:\Users\100400248\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
================================ Services (Whitelisted) ==================
2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [509448 2012-03-01] (Intel Corporation)
2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [104208 2012-03-08] (Intel(R) Corporation)
2 CBA8; "C:\Program Files\LANDesk\Shared Files\residentagent.exe" [147456 2010-10-15] (Avocent Corporation)
2 CxAudMsg; C:\Windows\system32\CxAudMsg32.exe [190592 2010-12-17] (Conexant Systems Inc.)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 F-Secure Gatekeeper Handler Starter; "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe" [221904 2011-03-17] (F-Secure Corporation)
3 F-Secure Network Request Broker; "C:\Program Files\F-Secure\Common\FNRB32.EXE" [185040 2011-03-17] (F-Secure Corporation)
3 FSDFWD; "C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe" [553680 2011-03-17] (F-Secure Corporation)
2 FSMA; "C:\Program Files\F-Secure\Common\FSMA32.EXE" [189136 2011-03-17] (F-Secure Corporation)
3 FSORSPClient; "C:\Program Files\F-Secure\ORSP Client\fsorsp.exe" [61088 2011-05-30] (F-Secure Corporation)
2 Intel Local Scheduler Service; "C:\Program Files\LANDesk\LDClient\LocalSch.EXE" [189952 2010-10-08] (LANDesk Software, Inc. and its affiliates.)
2 Intel PDS; C:\Windows\system32\CBA\pds.exe [32825 2007-08-31] (LANDesk Software Ltd.)
2 ISSUSER; C:\PROGRA~1\LANDesk\LDClient\issuser.exe /SERVICE [1157632 2010-10-18] (LANDesk Software, Inc. and its affiliates.)
2 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [210896 2011-02-07] (Intel Corporation)
2 LANDesk Policy Invoker; "C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe" [205312 2010-12-21] (LANDesk Software, Inc. and its affiliates )
2 LANDesk Targeted Multicast; C:\Program Files\LANDesk\LDClient\tmcsvc.exe [178688 2010-10-07] (LANDesk Software, Inc. and its affiliates.)
2 LANDesk(R) Out-of-Band Monitor Service; C:\Program Files\LANDesk\LDClient\amtmon.exe [1058304 2010-09-10] (LANDesk Software, Inc. and its affiliates.)
2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2010-11-24] (Lenovo Group Limited)
2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [241936 2012-04-17] ()
2 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [148840 2011-05-09] (Lenovo Group Limited)
2 SAService; C:\Windows\System32\SAsrv.exe [446592 2011-03-14] (Conexant Systems, Inc.)
2 Softmon; "C:\Program Files\LANDesk\LDClient\softmon.exe" [385024 2010-10-21] (LANDesk Software, Inc. and its affiliates.)
2 SUService; "C:\Program Files\Lenovo\System Update\SUService.exe" [28672 2011-04-18] (Lenovo Group Limited)
2 syshost32; "C:\Windows\Installer\{EDBCCB20-07DD-288D-B39E-924B92F00192}\syshost.exe" /service [351232 2012-08-14] (Topre)
2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [99328 2010-12-03] (Lenovo Group Limited)
2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.)
2 vToolbarUpdater11.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-06-14] ()
2 ZeroConfigService; "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" [2326288 2012-04-17] (Intel® Corporation)
========================== Drivers (Whitelisted) =============
0 200842507a68b0eb; C:\Windows\System32\Drivers\200842507a68b0eb.sys [69888 2012-08-14] () ATTENTION =====> Rootkit?
3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [141312 2012-03-01] (Windows (R) Win 7 DDK provider)
3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [141312 2012-03-01] (Windows (R) Win 7 DDK provider)
3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [40448 2003-07-28] (DeviceGuys, Inc.)
3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [238760 2010-12-20] (Intel Corporation)
2 F-Secure Gatekeeper; \??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [148632 2011-09-23] ()
0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [44184 2012-05-09] ()
1 FSES; C:\Windows\System32\drivers\fses.sys [37968 2011-03-17] (F-Secure Corporation)
1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [72816 2011-03-17] (F-Secure Corporation)
1 fsvista; \??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [14544 2011-03-17] ()
3 ldblank; C:\Windows\System32\DRIVERS\ldblank.sys [14336 2009-11-23] (Avocent Corporation)
3 ldmirror; C:\Windows\System32\DRIVERS\ldmirror.sys [5120 2009-11-23] (Avocent Corporation)
3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2010-10-19] (Intel Corporation)
3 mirrorflt; C:\Windows\System32\DRIVERS\mirrorflt.sys [6144 2009-11-23] (Avocent Corporation)
3 NETwNs32; C:\Windows\System32\DRIVERS\Netwsn00.sys [10339840 2012-03-12] (Intel Corporation)
2 risdxc; C:\Windows\system32\drivers\risdxc86.sys [75264 2011-03-23] (REDC)
1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [113104 2012-07-19] (Power Software Ltd)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-06-14] (Duplex Secure Ltd.)
3 SWI32; \??\C:\Program Files\Lenovo\System Update\tvsuhd32.sys [28992 2011-05-31] (Lenovo Group Limited)
3 NT_NvcA; C:\Windows\System32\DRIVERS\ntnvca.sys [x]
4 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [x]
0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-08-14 18:58 - 2012-08-14 18:58 - 00000969 ____A C:\Users\Public\Desktop\PowerISO.lnk
2012-08-14 18:58 - 2012-08-14 18:58 - 00000000 ____D C:\Program Files\PowerISO
2012-08-14 18:42 - 2012-08-14 18:30 - 00126528 ____A (Microsoft Corporation) C:\Windows\System32\oscdimg.exe
2012-08-14 14:00 - 2012-08-14 14:13 - 00000000 ___HD C:\Qoobox
2012-08-14 13:59 - 2012-08-14 14:17 - 00000000 ___SD C:\32788R22FWJFW
2012-08-14 13:59 - 2012-08-14 14:13 - 00000000 ___HD C:\Windows\erdnt
2012-08-14 12:40 - 2012-08-14 12:40 - 00000000 _RASH C:\MSDOS.SYS
2012-08-14 12:40 - 2012-08-14 12:40 - 00000000 _RASH C:\IO.SYS
2012-08-14 12:27 - 2012-08-14 13:43 - 00004872 ___AH C:\Users\100400248\Desktop\Rkill.txt
2012-08-14 11:53 - 2012-08-14 17:42 - 00756826 ____A C:\Windows\System32\PerfStringBackup.TMP
2012-08-14 11:51 - 2012-08-14 11:52 - 00000000 ___HD C:\FRST
2012-08-14 10:22 - 2012-08-14 10:20 - 00348160 ___AH (PFE) C:\Users\All Users\pDLlBUpSERAyOw.exe
2012-08-14 10:20 - 2012-08-14 10:20 - 00069888 ____A C:\Windows\System32\Drivers\200842507a68b0eb.sys
2012-08-14 09:58 - 2012-08-14 09:58 - 00000000 ___HD C:\Users\100400248\AppData\Local\{6EE85522-93CE-4F05-BA97-125BDF5E4C47}
2012-08-14 09:58 - 2012-08-14 09:58 - 00000000 ___HD C:\Users\100400248\AppData\Local\{66AFEC49-8FA3-4A58-B0E8-EE1E5ED19A38}
2012-08-13 22:13 - 2012-08-13 22:13 - 00000000 ___HD C:\Users\100400248\AppData\Local\Adobe
2012-08-13 22:03 - 2012-08-13 22:03 - 00000000 ___HD C:\Users\100400248\AppData\Local\Conduit
2012-08-13 22:00 - 2012-08-13 22:00 - 00000000 ___HD C:\Users\100400248\AppData\Local\Google
2012-08-13 12:28 - 2012-08-14 16:24 - 00000000 ___HD C:\Program Files\Malwarebytes' Anti-Malware
2012-08-11 21:32 - 2012-08-11 21:55 - 00000000 ___HD C:\Users\100400248\AppData\Roaming\PC Suite
2012-08-11 21:32 - 2012-08-11 21:32 - 00000000 ___HD C:\Users\All Users\PC Suite
2012-08-11 21:31 - 2012-08-13 21:31 - 00000000 ___HD C:\Program Files\PC Connectivity Solution
2012-08-11 21:31 - 2012-08-11 21:32 - 00000000 ___HD C:\Users\All Users\Nokia
2012-08-11 21:30 - 2012-08-13 21:31 - 00000000 ___HD C:\Program Files\Nokia
2012-08-11 21:30 - 2012-08-11 21:30 - 00000000 ___HD C:\Users\All Users\NokiaInstallerCache
2012-08-04 00:32 - 2012-08-13 21:32 - 00000000 ___HD C:\Program Files\WinRAR
2012-08-04 00:32 - 2012-08-04 00:33 - 00000000 ___HD C:\Users\100400248\AppData\Roaming\WinRAR
2012-08-03 23:16 - 2012-08-03 23:16 - 00000000 ___HD C:\Users\All Users\YTD YouTube Downloader & Converter
2012-08-03 23:00 - 2012-08-03 23:06 - 00000000 ___HD C:\Users\100400248\AppData\Roaming\systweak
2012-08-03 23:00 - 2012-01-20 10:14 - 00017280 ___AH (Systweak Inc., (www.systweak.com)) C:\Windows\System32\roboot.exe
2012-08-03 22:50 - 2012-08-03 22:50 - 00000000 ___HD C:\Users\All Users\Premium
2012-08-03 22:48 - 2012-08-13 21:32 - 00000000 ___HD C:\Program Files\Common Files\Spigot
2012-07-24 00:26 - 2012-07-24 00:26 - 00000000 ___HD C:\Users\All Users\Kaspersky Lab
2012-07-24 00:08 - 2009-07-13 17:14 - 00259072 ___AH (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-19 01:38 - 2012-07-19 01:38 - 00113104 ____A (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys
2012-07-18 15:23 - 2012-08-13 21:32 - 00000000 ___HD C:\Users\All Users\InstallShield
2012-07-18 00:07 - 2012-08-13 21:33 - 00000000 ___HD C:\Windows\scoped_dir_3904_4558
2012-07-18 00:06 - 2012-07-18 00:06 - 00000012 ___AH C:\Windows\srun.log
============ 3 Months Modified Files ========================
2012-08-14 18:58 - 2012-08-14 18:58 - 00000969 ____A C:\Users\Public\Desktop\PowerISO.lnk
2012-08-14 18:30 - 2012-08-14 18:42 - 00126528 ____A (Microsoft Corporation) C:\Windows\System32\oscdimg.exe
2012-08-14 17:42 - 2012-08-14 11:53 - 00756826 ____A C:\Windows\System32\PerfStringBackup.TMP
2012-08-14 17:10 - 2011-09-23 07:09 - 01983489 ___AH C:\Windows\WindowsUpdate.log
2012-08-14 16:07 - 2012-04-10 11:16 - 00000830 ___AH C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-14 15:36 - 2011-12-25 14:11 - 00000892 ___AH C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-14 14:54 - 2011-12-25 14:11 - 00000888 ___AH C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-14 14:53 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-14 14:52 - 2011-06-28 06:42 - 00024893 ___AH C:\Windows\setupact.log
2012-08-14 13:43 - 2012-08-14 12:27 - 00004872 ___AH C:\Users\100400248\Desktop\Rkill.txt
2012-08-14 12:40 - 2012-08-14 12:40 - 00000000 _RASH C:\MSDOS.SYS
2012-08-14 12:40 - 2012-08-14 12:40 - 00000000 _RASH C:\IO.SYS
2012-08-14 10:48 - 2010-11-20 13:48 - 00189452 ___AH C:\Windows\PFRO.log
2012-08-14 10:39 - 2010-11-20 13:01 - 00739790 ___AH C:\Windows\System32\PerfStringBackup.INI
2012-08-14 10:20 - 2012-08-14 10:22 - 00348160 ___AH (PFE) C:\Users\All Users\pDLlBUpSERAyOw.exe
2012-08-14 10:20 - 2012-08-14 10:20 - 00069888 ____A C:\Windows\System32\Drivers\200842507a68b0eb.sys
2012-08-13 21:42 - 2009-07-13 20:34 - 00023568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-13 21:42 - 2009-07-13 20:34 - 00023568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-03 04:07 - 2012-04-10 11:16 - 00426184 ___AH (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-03 04:07 - 2011-05-30 08:21 - 00070344 ___AH (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-23 22:19 - 2011-09-26 14:36 - 00024246 ___AH C:\Windows\IE9_main.log
2012-07-19 06:38 - 2009-07-13 20:53 - 00032534 ___AH C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-19 01:38 - 2012-07-19 01:38 - 00113104 ____A (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys
2012-07-18 15:23 - 2012-06-14 17:01 - 00000513 ___AH C:\Windows\Directx.log
2012-07-18 00:06 - 2012-07-18 00:06 - 00000012 ___AH C:\Windows\srun.log
2012-07-02 23:13 - 2011-05-25 06:45 - 57442464 ___AH (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-14 19:30 - 2012-06-14 15:36 - 00000905 ___AH C:\Windows\eReg.dat
2012-06-14 17:23 - 2012-06-14 17:09 - 00477240 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
ZeroAccess:
C:\Windows\Installer\{a198b852-e64b-920b-ecd9-950ac8a09fb7}
C:\Windows\Installer\{a198b852-e64b-920b-ecd9-950ac8a09fb7}\L
C:\Windows\Installer\{a198b852-e64b-920b-ecd9-950ac8a09fb7}\U
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 12%
Total physical RAM: 3983.23 MB
Available physical RAM: 3474.03 MB
Total Pagefile: 3981.52 MB
Available Pagefile: 3480.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.6 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:146.39 GB) (Free:84.22 GB) NTFS
2 Drive e: () (Fixed) (Total:151.59 GB) (Free:124.92 GB) NTFS
3 Drive f: (GSP1RMCULFRER_EN_DVD) (CDROM) (Total:2.39 GB) (Free:0 GB) UDF
4 Drive g: () (Removable) (Total:3.73 GB) (Free:2.76 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3824 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 146 GB 101 MB
Partition 3 Primary 151 GB 146 GB
Partition 4 Primary 10 MB 298 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 146 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 151 GB Healthy
==================================================================================
Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes
There is no volume associated with this partition.
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 31 KB
==================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3823 MB Healthy
==================================================================================
Last Boot: 2012-08-14 15:13
======================= End Of Log ==========================

 

[kraftwerk]

Farbar Recovery Scan Tool Version: 14-08-2012
Ran by SYSTEM at 2012-08-15 00:20:27
Running from G:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ___AH (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows\System32\services.exe
[2012-07-24 00:08] - [2009-07-13 17:14] - 0259072 ___AH (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
=== End Of Search ===

 

[Broni]

We have several issues there.
We have fake HDD infection, we have ZeroAccess infection and we have fake infected partition.

Let's try to fix it one thing at a time.

My bed time is coming so we can do only couple of steps tonight.

=======================================

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

===========================

Next....

• [size=14]Download ListParts[/size] to a USB flash drive.
• [size=14]Download ListParts64[/size] to a USB flash drive.
• Plug the USB drive into the infected machine.

[size=14]Boot your computer into Recovery Environment[/size]

• Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
• Select Repair your computer.
• Select Language and click Next
• Enter password (if necessary) and click OK, you should now see the screen below ...

• Select the Command Prompt option.
• A command window will open.
  • Type notepad then hit Enter.
  • Notepad will open.
    • Click File > Open then select Computer.
    • Note down the drive letter for your USB Drive.
    • Close Notepad.
• Back in the command window ....
  • Type e:/listparts.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  • Type e:/listparts64.exeand hit Enter(wheree:is replaced by the drive letter for your USB drive)
  • ListParts will start to run.
    • Press the Scan button.
    • When finished scanning it will make a log Result.txt on the flash drive.
• Close the command window.
• Post the Result.txt log please.

 

[kraftwerk]

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-08-2012
Ran by SYSTEM at 2012-08-15 01:16:23 Run:1
Running from G:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pDLlBUpSERAyOw.exe Value deleted successfully.
C:\ProgramData\pDLlBUpSERAyOw.exe moved successfully.
syshost32 service deleted successfully.
C:\Windows\Installer\{EDBCCB20-07DD-288D-B39E-924B92F00192}\syshost.exe moved successfully.
200842507a68b0eb service deleted successfully.
C:\Windows\System32\Drivers\200842507a68b0eb.sys moved successfully.
C:\Windows\Installer\{a198b852-e64b-920b-ecd9-950ac8a09fb7} moved successfully.
C:\Windows\assembly\GAC\Desktop.ini moved successfully.
==== End of Fixlog ====

 

[kraftwerk]

ListParts by Farbar Version: 10-08-2012
Ran by SYSTEM (administrator) on 15-08-2012 at 01:19:13
Windows 7 (X86)
Running From: G:\
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 10%
Total physical RAM: 3983.23 MB
Available physical RAM: 3561.05 MB
Total Pagefile: 3981.52 MB
Available Pagefile: 3562.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.52 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:146.39 GB) (Free:84.2 GB) NTFS
2 Drive e: () (Fixed) (Total:151.59 GB) (Free:124.92 GB) NTFS
3 Drive f: (GSP1RMCULFRER_EN_DVD) (CDROM) (Total:2.39 GB) (Free:0 GB) UDF
4 Drive g: () (Removable) (Total:3.73 GB) (Free:2.76 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3824 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 146 GB 101 MB
Partition 3 Primary 151 GB 146 GB
Partition 4 Primary 10 MB 298 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 146 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 151 GB Healthy
======================================================================================================
Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes
There is no volume associated with this partition.
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 31 KB
======================================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3823 MB Healthy
======================================================================================================
****** End Of Log ******

 

[Broni]

• ClickStart and in the Search Programs and files box type Notepad.exe then hit Enter.
• An empty Notepad file will open.
• Copy and paste the contents of the code box below into Notepad.

Disk=0 Partition=4 inactive
Disk=0 Partition=2 active

• Click Format and ensure Wordwrap is unchecked.
• Save as Fix.txt to the flash drive where ListParts is located.

Next

[size=14]Boot your computer into Recovery Environment[/size]

• Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
• Select Repair your computer.
• Select Language and click Next
• Enter password (if necessary) and click OK, you should now see the screen below ...

• Select the Command Prompt option.
• A command window will open.
  • Type notepad then hit Enter.
  • Notepad will open.
    • Click File > Open then select Computer.
    • Note down the drive letter for your USB Drive.
    • Close Notepad.
• Back in the command window ....
  • Type e:/listparts.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  • Type e:/listparts64.exeand hit Enter(wheree:is replaced by the drive letter for your USB drive)
  • ListParts will start to run.
    • Press the Fix button.
    • ListParts will process the script inFix.txt
    • When finished please press the Scan button.
    • A log Result.txt will be saved to the flash drive.
• Close the command window.
• Boot back into normal mode and post me the Result.txt log please.

===============================

If you were able to boot to normal mode we're going to use the very same tool again but this time running from your desktop.

For x86 (x32) bit systems please download Listparts to your Desktop.
For x64 bit systems please download Listparts64 to your Desktop.
Double click on downloaded file to start the program.

Click on Scan button.

Scan result will open in Notepad (Result.txt).
Post it in your next reply.

 

[kraftwerk]

I have gotten the Result.txt after running the fix but then when I boot the computer again it says BOOTMGR is missing press Ctrl-Alt-Del to restart.

 

[Broni]

We'll try to fix it in a moment.

Can you post Result.txt from another computer?

 

[kraftwerk]

ListParts by Farbar Version: 10-08-2012
Ran by SYSTEM (administrator) on 15-08-2012 at 12:50:36
Windows 7 (X86)
Running From: G:\
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 10%
Total physical RAM: 3983.23 MB
Available physical RAM: 3556.07 MB
Total Pagefile: 3981.52 MB
Available Pagefile: 3554.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.52 MB
======================= Partitions =========================
1 Drive c: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: () (Fixed) (Total:146.39 GB) (Free:84.14 GB) NTFS
3 Drive e: () (Fixed) (Total:151.59 GB) (Free:124.92 GB) NTFS
4 Drive f: (GSP1RMCULFRER_EN_DVD) (CDROM) (Total:2.39 GB) (Free:0 GB) UDF
5 Drive g: () (Removable) (Total:3.73 GB) (Free:2.76 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3824 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 146 GB 101 MB
Partition 3 Primary 151 GB 146 GB
Partition 4 Primary 10 MB 298 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C System Rese NTFS Partition 100 MB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 146 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 151 GB Healthy
======================================================================================================
Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No
There is no volume associated with this partition.
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 31 KB
======================================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3823 MB Healthy
======================================================================================================
****** End Of Log ******

 

[Broni]

Good

Now try this solution for your error: http://www.sevenforums.com/tutorials/104341-bootmgr-missing-fix.html

See if you can boot normally after running those fixes.

 

[kraftwerk]

Even after running those fixes I still get the same message.

 

[Broni]

Post new ListParts log.

 

[kraftwerk]

ListParts by Farbar Version: 10-08-2012
Ran by SYSTEM (administrator) on 15-08-2012 at 15:07:28
Windows 7 (X86)
Running From: G:\
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 10%
Total physical RAM: 3983.23 MB
Available physical RAM: 3563.4 MB
Total Pagefile: 3981.52 MB
Available Pagefile: 3564.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.52 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:146.39 GB) (Free:84.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: () (Fixed) (Total:151.59 GB) (Free:124.92 GB) NTFS
4 Drive f: (GSP1RMCULFRER_EN_DVD) (CDROM) (Total:2.39 GB) (Free:0 GB) UDF
5 Drive g: () (Removable) (Total:3.73 GB) (Free:2.76 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3824 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 146 GB 101 MB
Partition 3 Primary 151 GB 146 GB
Partition 4 Primary 10 MB 298 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D System Rese NTFS Partition 100 MB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 146 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 151 GB Healthy
======================================================================================================
Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No
There is no volume associated with this partition.
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 31 KB
======================================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3823 MB Healthy
======================================================================================================
****** End Of Log ******

 

[Broni]

• Click Start and in the Search Programs and files box type Notepad.exe then hit Enter.
• An empty Notepad file will open.
• Copy and paste the contents of the code box below into Notepad.

Disk=0 Partition=1 active
custom

• Click Format and ensure Wordwrap is unchecked.
• Save as Fix.txt to the flash drive where ListParts is located.

Enter System Recovery Options again.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\listparts (for x64 bit version type e:\listparts64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• Press Fix button.
• ListParts will process the script in Fix.txt
• When finished please press the Scan button.
• It will make a log (Result.txt) on the flash drive. Please copy and paste it to your reply.

See if you can boot normally.

 

[kraftwerk]

ListParts by Farbar Version: 10-08-2012 Ran by SYSTEM (administrator) on 15-08-2012 at 15:36:20 Windows 7 (X86) Running From: G:\ Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 10% Total physical RAM: 3983.23 MB Available physical RAM: 3557.94 MB Total Pagefile: 3981.52 MB Available Pagefile: 3558.21 MB Total Virtual: 2047.88 MB Available Virtual: 1973.52 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:146.39 GB) (Free:84.14 GB) NTFS 2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] 3 Drive e: () (Fixed) (Total:151.59 GB) (Free:124.92 GB) NTFS 4 Drive f: (GSP1RMCULFRER_EN_DVD) (CDROM) (Total:2.39 GB) (Free:0 GB) UDF 5 Drive g: () (Removable) (Total:3.73 GB) (Free:2.76 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 3824 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 146 GB 101 MB Partition 3 Primary 151 GB 146 GB Partition 4 Primary 10 MB 298 GB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 D System Rese NTFS Partition 100 MB Healthy ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 146 GB Healthy ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E NTFS Partition 151 GB Healthy ====================================================================================================== Disk: 0 Partition 4 Type : 17 (Suspicious Type) Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3823 MB 31 KB ====================================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G FAT32 Removable 3823 MB Healthy ====================================================================================================== ****** End Of Log ******

 

[kraftwerk]

I am now able to boot back into normal mode. I will post the results in a minute.

 

[Broni]

Excellent.

 

[kraftwerk]

ListParts by Farbar Version: 10-08-2012
Ran by 100400248 (administrator) on 15-08-2012 at 15:46:33
Windows 7 (X86)
Running From: D:\Desktop
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 31%
Total physical RAM: 3497.23 MB
Available physical RAM: 2394.23 MB
Total Pagefile: 6992.75 MB
Available Pagefile: 5794.92 MB
Total Virtual: 2499.88 MB
Available Virtual: 2407.49 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:146.39 GB) (Free:83.9 GB) NTFS
2 Drive d: () (Fixed) (Total:151.59 GB) (Free:124.92 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 146 GB 101 MB
Partition 3 Primary 151 GB 146 GB
Partition 4 Primary 10 MB 298 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 146 GB Healthy Boot
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 151 GB Healthy
======================================================================================================
Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No
There is no volume associated with this partition.
======================================================================================================
****** End Of Log ******

 

[Broni]

Very good

Now we need to remove fake partition.

• Please open Notepad (Start>All Programs>Accessories>Notepad).
• Copy and paste the contents of the quote box below into Notepad.

Disk=0 partition=4 delete

• Save as Fix.txt to your Desktop (must be in this location).

Next

• Double click ListParts.exe/ListParts64.exe to launch the program.
• Press the Fix button.
• ListParts will process the script in Fix.txt
• When finished please press the Scan button.
• A log Result.txt will open on your Desktop.
• Please post me the contents of the log.