Solved Trojan

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-09-2012 01
Ran by SYSTEM at 2012-09-14 19:12:08 Run:2
Running from F:\
==============================================
HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApNnQdomYXNfVQU.exe Value deleted successfully.
C:\ProgramData\ApNnQdomYXNfVQU.exe moved successfully.
==== End of Fixlog ====
 
Uh, how do I get into BIOS when booting off the boot disc? I tried hitting F8, but it doesn't get me to the same menu again.
 
Well, I went into Bios to switch the boot priority back to the hard drive, and I did, but now it's not booting up at all. It only boots up with the disc.
 
Let's see if we can fix it....

  • Click Start and in the Search Programs and files box type Notepad.exe then hit Enter.
  • An empty Notepad file will open.
  • Copy and paste the contents of the code box below into Notepad.

Code:
Disk=0 Partition=2 inactive
Disk=0 Partition=3 active

  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fix.txt to the flash drive where ListParts is located.

Enter System Recovery Options again.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\listparts (for x64 bit version type e:\listparts64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • Press Fix button.
  • ListParts will process the script in Fix.txt
  • When finished please press the Scan button.
  • It will make a log (Result.txt) on the flash drive. Please copy and paste it to your reply.

See if you can boot normally.
 
Well 1. When I try to boot normally, it goes to a black screen saying "BOOTMGR is missing"
2., Here's the scan:
ListParts by Farbar Version: 14-09-2012
Ran by SYSTEM (administrator) on 14-09-2012 at 19:59:39
Windows 7 (X64)
Running From: F:\
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 8%
Total physical RAM: 8174.63 MB
Available physical RAM: 7469.99 MB
Total Pagefile: 8172.78 MB
Available Pagefile: 7457.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:919.21 GB) (Free:666.23 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.62 GB) NTFS
3 Drive e: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
4 Drive f: (KINGSTON) (Removable) (Total:3.6 GB) (Free:2.25 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 13 MB
Disk 1 Online 3695 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 12 GB 40 MB
Partition 3 Primary 919 GB 12 GB
======================================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 12 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 919 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3694 MB 31 KB
======================================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F KINGSTON FAT32 Removable 3694 MB Healthy
======================================================================================================
****** End Of Log ******
 
One more try using FRST...

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.
 

Attachments

  • fixlist.txt
    27 bytes · Views: 4
BOOTMGR is still misssing. Here's the scan:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-09-2012 01
Ran by SYSTEM at 2012-10-14 20:40:05 Run:3
Running from F:\
==============================================
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
==== End of Fixlog ====
 
  • Click Start and in the Search Programs and files box type Notepad.exe then hit Enter.
  • An empty Notepad file will open.
  • Copy and paste the contents of the code box below into Notepad.

Code:
Disk=0 Partition=3 inactive
Disk=0 Partition=2 active
custom

  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fix.txt to the flash drive where ListParts is located.

Enter System Recovery Options again.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\listparts (for x64 bit version type e:\listparts64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • Press Fix button.
  • ListParts will process the script in Fix.txt
  • When finished please press the Scan button.
  • It will make a log (Result.txt) on the flash drive. Please copy and paste it to your reply.

See if you can boot now.
 
Well I still can't boot.Here's the log:
ListParts by Farbar Version: 14-09-2012
Ran by SYSTEM (administrator) on 14-10-2012 at 21:31:55
Windows 7 (X64)
Running From: G:\
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 8%
Total physical RAM: 8174.63 MB
Available physical RAM: 7468.78 MB
Total Pagefile: 8172.78 MB
Available Pagefile: 7454.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:919.21 GB) (Free:666.13 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.62 GB) NTFS
3 Drive e: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
5 Drive g: (KINGSTON) (Removable) (Total:3.6 GB) (Free:2.25 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 13 MB
Disk 1 Online 3695 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 12 GB 40 MB
Partition 3 Primary 919 GB 12 GB
======================================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 12 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 919 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3694 MB 31 KB
======================================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G KINGSTON FAT32 Removable 3694 MB Healthy
======================================================================================================
****** End Of Log ******
 
OK...

Couple of questions...

1. What is your BIOS boot order set to right now?
2. What's the EXACT message when you try to boot normally.

I also need fresh FRST log.
 
Bios Boot Order whe I try and Boot up Normally:
1. Hard Disk:WDC WD1001FAES-74W7A0
2.CD/DVD: PLDS DVD+/-RW DH-16ABS
3.USB Floppy
4. Network
5.USB Hard Disk
6. USB CD/DVD
Next, Exact Message:
Windows has failed to start. A recent hardware or software change might be the cause. To fix the problem:
1.Insert you windows installation disc and restart your computer.
2. Choose your language settings, and then click "Next"
3. Click "Repair your computer"
If you do not have this disc, contact your system administrator or computer manufacturer for assistance.
File: \Boot\BCD
Status: 0xc000000f
Info: An error occured while attempting to read the boot configuration data.

Next up, here's the FRST scan:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-09-2012 01 (ATTENTION: FRST version is 31 days old)
Ran by SYSTEM at 15-10-2012 11:03:52
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [148280 2011-01-23] ()
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-05-30] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-05-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-09-03] (Sonic Solutions)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [Lexmark Pro800-Pro900 Series] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\fm3032.exe" /s [316072 2009-10-01] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKU\Landie\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1353080 2012-08-04] (Valve Corporation)
HKU\Landie\...\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini [110352 2011-01-01] (www.motioninjoy.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
Tcpip\..\Interfaces\{01BACE2F-DB10-425E-87C5-2477C46B5374}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.4.4
==================== Services ====================
2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
2 lxec_device; C:\Windows\system32\lxeccoms.exe -service [1052328 2010-04-14] ( )
2 lxec_device; C:\Windows\SysWow64\lxeccoms.exe -service [598696 2010-04-14] ( )
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 MSSQL$NR2007; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sNR2007 [29293408 2010-12-10] (Microsoft Corporation)
2 NeatWorksDatabaseController; "C:\Program Files (x86)\NeatWorks\exec\NeatWorksDatabaseController.exe" [351352 2008-12-23] (The Neat Company)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
==================== Drivers =================================
3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1021440 2007-03-27] (Atheros Communications, Inc.)
3 athrusb6; C:\Windows\System32\DRIVERS\athrxu6.sys [1041920 2007-07-05] (Atheros Communications, Inc.)
3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
==================== NetSvcs (Whitelisted) =================

==================== One Month Created Files and Folders ======================

==================== 3 Months Modified Files ================================
2012-09-13 18:28 - 2012-06-28 11:13 - 00000375 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-09-13 18:27 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-13 18:26 - 2009-07-13 20:51 - 00110364 ___AH C:\Windows\setupact.log
2012-09-13 16:34 - 2009-07-13 21:10 - 01994388 ___AH C:\Windows\WindowsUpdate.log
2012-09-13 16:05 - 2011-06-22 14:29 - 00000912 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2344966874-3736381344-1801091321-1000UA.job
2012-09-13 15:38 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-13 15:38 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-13 15:27 - 2011-10-07 14:39 - 00093899 ___AH C:\Users\All Users\lxecscan.log
2012-09-13 15:23 - 2012-09-13 15:23 - 00003352 ____H C:\bootsqm.dat
2012-09-13 15:12 - 2012-09-13 15:12 - 00000657 ___AH C:\Users\Landie\Desktop\File_Recovery.lnk
2012-09-13 15:00 - 2012-09-13 15:09 - 04731392 ____A (AVAST Software) C:\Users\Landie\Desktop\aswMBR.exe
2012-09-13 14:58 - 2012-09-13 15:09 - 02193184 ___AH C:\Users\Landie\Desktop\tdsskiller.zip
2012-09-12 20:05 - 2011-06-22 14:29 - 00000860 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2344966874-3736381344-1801091321-1000Core.job
2012-09-12 14:59 - 2012-09-12 15:03 - 00607260 ___RH (Swearware) C:\Users\Landie\Desktop\dds.com
2012-09-12 14:57 - 2012-09-12 15:03 - 00302592 ___AH C:\Users\Landie\Desktop\cbr8bk3o.exe
2012-09-10 15:14 - 2011-01-28 15:21 - 00124062 ___AH C:\Windows\PFRO.log
2012-08-30 07:57 - 2012-08-30 07:56 - 00372440 ___AH C:\Windows\Minidump\083012-23150-01.dmp
2012-08-30 07:56 - 2011-02-28 16:30 - 527974013 ___AH C:\Windows\MEMORY.DMP
2012-08-29 10:26 - 2009-07-13 21:13 - 00799508 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-24 17:20 - 2012-08-23 21:02 - 00011330 ___AH C:\Users\Landie\Desktop\Usher schedule Sep to Dec 2012.xlsx
2012-08-24 12:28 - 2012-09-13 15:50 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Landie\Desktop\billy.exe
2012-08-23 07:23 - 2012-08-23 07:23 - 00076819 ___AH C:\Users\Landie\Documents\Untitled.wma
2012-08-16 07:45 - 2009-07-13 20:45 - 00462264 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 21:02 - 2011-03-29 10:06 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-02 19:15 - 2011-07-21 13:15 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-08-02 19:14 - 2011-07-21 13:15 - 00444952 ___AH (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-08-02 19:14 - 2011-07-21 13:15 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-08-02 19:14 - 2011-07-21 13:15 - 00109080 ___AH (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-07-31 12:03 - 2012-07-31 12:03 - 00001148 ___AH C:\Windows\SysWOW64\game.ini
2012-07-31 12:03 - 2012-07-31 11:54 - 00000056 ___AH C:\Windows\kgt2k.INI
2012-07-31 08:46 - 2009-07-13 21:08 - 00032654 ___AH C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-18 10:15 - 2012-08-15 14:28 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-08-15 21:02:41
Restore point made on: 2012-08-19 06:39:24
Restore point made on: 2012-08-22 09:02:06
Restore point made on: 2012-08-25 17:53:39
Restore point made on: 2012-08-29 08:27:15
Restore point made on: 2012-09-02 13:05:12
Restore point made on: 2012-09-06 14:43:39
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 8174.63 MB
Available physical RAM: 7308.35 MB
Total Pagefile: 8172.78 MB
Available Pagefile: 7318.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
==================== Partitions ============================
1 Drive c: (OS) (Fixed) (Total:919.21 GB) (Free:666.13 GB) NTFS
2 Drive e: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
3 Drive f: (KINGSTON) (Removable) (Total:3.6 GB) (Free:2.25 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.62 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 13 MB
Disk 1 Online 3695 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 12 GB 40 MB
Partition 3 Primary 919 GB 12 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 12 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 919 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3694 MB 31 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F KINGSTON FAT32 Removable 3694 MB Healthy
==================================================================================
Last Boot: 2012-09-07 16:32
==================== End Of Log =============================
 
Thank you :)

You'll see some delays with my replies since I'll wait for a word from my colleague whenever he's available.
Be patient.
 
I'm back...

1. Please refrain from doing anything on your own (just a precaution).
2. Did you actually try to run some own fixes especially concerning BCD like running /RebuildBcd?
3. It looks like your BIOS clock is off. Please set it to current date.
4. See if you can disable USB Floppy, if not put it down the order before Network and put the Network as last in the order.
Put CD/DVD before HD. When you want to boot normally if you don't press a key the system doesn't boot from CD/DVD and continue booting from HD.
5. Delete your copy of FRST, download fresh one and post new FRST log.
 
In addition...

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
 

Attachments

  • fixlist.txt
    169 bytes · Views: 5
So, I hven't done anything other than what you've told me. I've never tried to run my own fixes. I set my BIOS clock (why ever that matters) ti the right date. I dissabled USB Floppy on BIOS and put CD/DVD ahead of HD, and I put Network last.I got a new copy of FRST and applied the fix you gave me.
Here's the fix log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2012 01
Ran by SYSTEM at 2012-09-16 15:13:30 Run:4
Running from F:\
==============================================

========= bcdedit /enum all =========
The boot configuration data store could not be opened.
The requested system device cannot be found.
========= End of CMD: =========

========= bcdedit /enum all /store y:\boot\bcd =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

========= bcdedit /enum all /v /store y:\boot\bcd =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

========= dir /a y:\ =========
Volume in drive Y is RECOVERY
Volume Serial Number is C0CC-40A1
Directory of y:\
09/14/2012 07:24 PM <DIR> Boot
11/20/2010 04:40 AM 383,786 bootmgr
01/28/2011 04:03 PM <DIR> DELL
01/28/2011 01:45 PM <DIR> recovery
01/28/2011 04:03 PM 192 ResSys.ini
01/28/2011 03:22 PM <DIR> System Volume Information
09/14/2012 07:24 PM <DIR> Temp
2 File(s) 383,978 bytes
5 Dir(s) 6,035,435,520 bytes free
========= End of CMD: =========

========================= Folder: y:\boot ========================
2011-01-28 15:03 - 2012-09-14 18:40 - 0032768 __ASH () y:\boot\BCD.Backup.0001
2011-01-28 15:03 - 2012-09-14 18:40 - 0029696 __ASH () y:\boot\BCD.LOG
2011-01-28 15:03 - 2011-01-28 15:03 - 0000000 __ASH () y:\boot\BCD.LOG1
2011-01-28 15:03 - 2011-01-28 15:03 - 0000000 __ASH () y:\boot\BCD.LOG2
2011-01-28 15:03 - 2011-01-28 15:03 - 0065536 __ASH () y:\boot\BOOTSTAT.DAT
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\cs-CZ
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\da-DK
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\de-DE
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\el-GR
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\en-US
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\es-ES
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\fi-FI
2011-01-28 15:03 - 2011-01-28 15:03 - 0000000 ____D () y:\boot\Fonts
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\fr-FR
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\hu-HU
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\it-IT
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\ja-JP
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\ko-KR
2011-01-28 15:03 - 2010-11-20 04:30 - 0485760 ____A (Microsoft Corporation) y:\boot\memtest.exe
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\nb-NO
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\nl-NL
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\pl-PL
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\pt-BR
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\pt-PT
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\ru-RU
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\sv-SE
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\tr-TR
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\zh-CN
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\zh-HK
2011-01-28 15:03 - 2011-07-11 07:13 - 0000000 ____D () y:\boot\zh-TW
2011-01-28 15:03 - 2009-07-13 17:17 - 0089168 ____A (Microsoft Corporation) y:\boot\cs-CZ\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0087616 ____A (Microsoft Corporation) y:\boot\da-DK\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0091712 ____A (Microsoft Corporation) y:\boot\de-DE\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0094800 ____A (Microsoft Corporation) y:\boot\el-GR\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0085056 ____A (Microsoft Corporation) y:\boot\en-US\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 18:11 - 0043600 ____A (Microsoft Corporation) y:\boot\en-US\memtest.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0090192 ____A (Microsoft Corporation) y:\boot\es-ES\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0089152 ____A (Microsoft Corporation) y:\boot\fi-FI\bootmgr.exe.mui
2011-01-28 15:03 - 2009-06-10 12:31 - 3694080 ____A () y:\boot\Fonts\chs_boot.ttf
2011-01-28 15:03 - 2009-06-10 12:31 - 3876772 ____A () y:\boot\Fonts\cht_boot.ttf
2011-01-28 15:03 - 2009-06-10 12:31 - 1984228 ____A () y:\boot\Fonts\jpn_boot.ttf
2011-01-28 15:03 - 2009-06-10 12:31 - 2371360 ____A () y:\boot\Fonts\kor_boot.ttf
2011-01-28 15:03 - 2009-06-10 12:31 - 0047452 ____A () y:\boot\Fonts\wgl4_boot.ttf
2011-01-28 15:03 - 2009-07-13 17:17 - 0093248 ____A (Microsoft Corporation) y:\boot\fr-FR\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0090688 ____A (Microsoft Corporation) y:\boot\hu-HU\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0090704 ____A (Microsoft Corporation) y:\boot\it-IT\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0076352 ____A (Microsoft Corporation) y:\boot\ja-JP\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0075344 ____A (Microsoft Corporation) y:\boot\ko-KR\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0088144 ____A (Microsoft Corporation) y:\boot\nb-NO\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0090704 ____A (Microsoft Corporation) y:\boot\nl-NL\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0090704 ____A (Microsoft Corporation) y:\boot\pl-PL\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0090176 ____A (Microsoft Corporation) y:\boot\pt-BR\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0089664 ____A (Microsoft Corporation) y:\boot\pt-PT\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0090192 ____A (Microsoft Corporation) y:\boot\ru-RU\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0087616 ____A (Microsoft Corporation) y:\boot\sv-SE\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0087104 ____A (Microsoft Corporation) y:\boot\tr-TR\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0070720 ____A (Microsoft Corporation) y:\boot\zh-CN\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0070224 ____A (Microsoft Corporation) y:\boot\zh-HK\bootmgr.exe.mui
2011-01-28 15:03 - 2009-07-13 17:17 - 0070208 ____A (Microsoft Corporation) y:\boot\zh-TW\bootmgr.exe.mui
====== End of Folder: ======
========================= Folder: c:\frst\hives ========================
2012-09-13 20:14 - 2009-07-14 01:29 - 0262144 ___RA () c:\frst\hives\bcd
2012-09-13 20:14 - 2012-09-10 07:24 - 0032768 __ASH () c:\frst\hives\BCD.Y
2012-06-27 10:28 - 2012-06-26 18:51 - 0786432 ___AH () c:\frst\hives\default
2012-06-27 10:28 - 2012-06-27 10:26 - 0262144 ___AH () c:\frst\hives\sam
2012-06-27 10:28 - 2012-06-27 10:26 - 0262144 ___AH () c:\frst\hives\security
2012-06-27 10:28 - 2012-06-26 18:51 - 86507520 ___AH () c:\frst\hives\software
2012-06-27 10:28 - 2012-06-27 10:26 - 18087936 ___AH () c:\frst\hives\system
====== End of Folder: ======
==== End of Fixlog ====
 
And here's the FRST scan I did after:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2012 01
Ran by SYSTEM at 16-09-2012 15:13:40
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [148280 2011-01-23] ()
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-05-30] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-05-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-09-03] (Sonic Solutions)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [Lexmark Pro800-Pro900 Series] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\fm3032.exe" /s [316072 2009-10-01] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKU\Landie\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1353080 2012-08-04] (Valve Corporation)
HKU\Landie\...\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini [110352 2011-01-01] (www.motioninjoy.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
Tcpip\..\Interfaces\{01BACE2F-DB10-425E-87C5-2477C46B5374}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.4.4
==================== Services (Whitelisted) ===================
2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
2 lxec_device; C:\Windows\system32\lxeccoms.exe -service [1052328 2010-04-14] ( )
2 lxec_device; C:\Windows\SysWow64\lxeccoms.exe -service [598696 2010-04-14] ( )
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 MSSQL$NR2007; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sNR2007 [29293408 2010-12-10] (Microsoft Corporation)
2 NeatWorksDatabaseController; "C:\Program Files (x86)\NeatWorks\exec\NeatWorksDatabaseController.exe" [351352 2008-12-23] (The Neat Company)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
==================== Drivers (Whitelisted) =====================
3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1021440 2007-03-27] (Atheros Communications, Inc.)
3 athrusb6; C:\Windows\System32\DRIVERS\athrxu6.sys [1041920 2007-07-05] (Atheros Communications, Inc.)
3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========
2012-09-13 15:50 - 2012-08-24 12:28 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Landie\Desktop\billy.exe
2012-09-13 15:23 - 2012-09-13 15:23 - 00003352 ____H C:\bootsqm.dat
2012-09-13 15:22 - 2012-09-13 15:22 - 00000000 __SHD C:\found.001
2012-09-13 15:12 - 2012-09-13 15:12 - 00000657 ___AH C:\Users\Landie\Desktop\File_Recovery.lnk
2012-09-13 15:09 - 2012-09-13 15:39 - 00000000 ___HD C:\Users\Landie\Desktop\tdsskiller
2012-09-13 15:09 - 2012-09-13 15:00 - 04731392 ____A (AVAST Software) C:\Users\Landie\Desktop\aswMBR.exe
2012-09-13 15:09 - 2012-09-13 14:58 - 02193184 ___AH C:\Users\Landie\Desktop\tdsskiller.zip
2012-09-12 15:03 - 2012-09-12 14:59 - 00607260 ___RH (Swearware) C:\Users\Landie\Desktop\dds.com
2012-09-12 15:03 - 2012-09-12 14:57 - 00302592 ___AH C:\Users\Landie\Desktop\cbr8bk3o.exe
2012-08-30 07:56 - 2012-08-30 07:57 - 00372440 ___AH C:\Windows\Minidump\083012-23150-01.dmp
2012-08-27 11:36 - 2012-08-31 20:32 - 00000000 ___HD C:\Users\Landie\Desktop\Crazy Bass Stuff
2012-08-23 21:02 - 2012-08-24 17:20 - 00011330 ___AH C:\Users\Landie\Desktop\Usher schedule Sep to Dec 2012.xlsx
2012-08-23 07:23 - 2012-08-23 07:23 - 00076819 ___AH C:\Users\Landie\Documents\Untitled.wma

==================== 3 Months Modified Files ==================
2012-09-13 18:28 - 2012-06-28 11:13 - 00000375 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-09-13 18:27 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-13 18:26 - 2009-07-13 20:51 - 00110364 ___AH C:\Windows\setupact.log
2012-09-13 16:34 - 2009-07-13 21:10 - 01994388 ___AH C:\Windows\WindowsUpdate.log
2012-09-13 16:05 - 2011-06-22 14:29 - 00000912 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2344966874-3736381344-1801091321-1000UA.job
2012-09-13 15:38 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-13 15:38 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-13 15:27 - 2011-10-07 14:39 - 00093899 ___AH C:\Users\All Users\lxecscan.log
2012-09-13 15:23 - 2012-09-13 15:23 - 00003352 ____H C:\bootsqm.dat
2012-09-13 15:12 - 2012-09-13 15:12 - 00000657 ___AH C:\Users\Landie\Desktop\File_Recovery.lnk
2012-09-13 15:00 - 2012-09-13 15:09 - 04731392 ____A (AVAST Software) C:\Users\Landie\Desktop\aswMBR.exe
2012-09-13 14:58 - 2012-09-13 15:09 - 02193184 ___AH C:\Users\Landie\Desktop\tdsskiller.zip
2012-09-12 20:05 - 2011-06-22 14:29 - 00000860 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2344966874-3736381344-1801091321-1000Core.job
2012-09-12 14:59 - 2012-09-12 15:03 - 00607260 ___RH (Swearware) C:\Users\Landie\Desktop\dds.com
2012-09-12 14:57 - 2012-09-12 15:03 - 00302592 ___AH C:\Users\Landie\Desktop\cbr8bk3o.exe
2012-09-10 15:14 - 2011-01-28 15:21 - 00124062 ___AH C:\Windows\PFRO.log
2012-08-30 07:57 - 2012-08-30 07:56 - 00372440 ___AH C:\Windows\Minidump\083012-23150-01.dmp
2012-08-30 07:56 - 2011-02-28 16:30 - 527974013 ___AH C:\Windows\MEMORY.DMP
2012-08-29 10:26 - 2009-07-13 21:13 - 00799508 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-24 17:20 - 2012-08-23 21:02 - 00011330 ___AH C:\Users\Landie\Desktop\Usher schedule Sep to Dec 2012.xlsx
2012-08-24 12:28 - 2012-09-13 15:50 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Landie\Desktop\billy.exe
2012-08-23 07:23 - 2012-08-23 07:23 - 00076819 ___AH C:\Users\Landie\Documents\Untitled.wma
2012-08-16 07:45 - 2009-07-13 20:45 - 00462264 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 21:02 - 2011-03-29 10:06 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-02 19:15 - 2011-07-21 13:15 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-08-02 19:14 - 2011-07-21 13:15 - 00444952 ___AH (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-08-02 19:14 - 2011-07-21 13:15 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-08-02 19:14 - 2011-07-21 13:15 - 00109080 ___AH (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-07-31 12:03 - 2012-07-31 12:03 - 00001148 ___AH C:\Windows\SysWOW64\game.ini
2012-07-31 12:03 - 2012-07-31 11:54 - 00000056 ___AH C:\Windows\kgt2k.INI
2012-07-31 08:46 - 2009-07-13 21:08 - 00032654 ___AH C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-18 10:15 - 2012-08-15 14:28 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-17 09:28 - 2011-01-28 13:36 - 00289325 ___AH C:\Windows\DirectX.log
2012-07-10 10:19 - 2012-06-29 12:54 - 00000088 __RSH C:\Users\All Users\202BF8F35A.sys
2012-07-10 10:19 - 2011-07-03 19:29 - 00000848 __ASH C:\Users\All Users\KGyGaAvL.sys
2012-07-08 15:46 - 2012-07-08 15:46 - 00371728 ___AH C:\Windows\Minidump\070812-28485-01.dmp
2012-07-08 15:42 - 2012-07-08 15:42 - 00372480 ___AH C:\Windows\Minidump\070812-31855-01.dmp
2012-07-05 07:43 - 2012-07-05 07:42 - 00371976 ___AH C:\Windows\Minidump\070512-21980-01.dmp
2012-07-04 14:16 - 2012-08-15 14:28 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-15 14:28 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-15 14:28 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-15 14:28 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-15 14:28 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-29 10:53 - 2012-06-29 10:53 - 00047353 ___AH C:\JavaRa.log
2012-06-29 10:50 - 2011-10-20 14:53 - 00174064 ___AH (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-29 10:50 - 2011-10-20 14:53 - 00174064 ___AH (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-29 10:48 - 2011-02-25 09:55 - 00001945 ___AH C:\Windows\epplauncher.mif
2012-06-29 10:48 - 2011-02-07 19:32 - 00804910 ___AH C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-28 20:55 - 2012-08-15 21:04 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-15 21:04 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-15 21:04 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-15 21:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-15 21:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-15 21:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-15 21:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-15 21:04 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-15 21:04 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-15 21:04 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-15 21:04 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-15 21:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-15 21:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-15 21:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-15 21:04 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-15 21:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-15 21:04 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-15 21:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-15 21:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-15 21:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-15 21:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-15 21:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-15 21:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-15 21:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-15 21:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-15 21:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-15 21:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-15 21:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-28 11:11 - 2009-07-13 18:34 - 00000215 ___AH C:\Windows\system.ini
2012-06-22 13:26 - 2012-06-22 13:26 - 00000220 ___AH C:\Windows\Tasks\SidebarExecute.job
2012-06-21 20:00 - 2012-06-21 19:59 - 00275096 ___AH C:\Windows\Minidump\062112-25708-01.dmp
2012-06-21 18:21 - 2012-03-21 17:23 - 00093184 __ASH C:\Users\Landie\Documents\Thumbs.db

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-08-15 21:02:41
Restore point made on: 2012-08-19 06:39:24
Restore point made on: 2012-08-22 09:02:06
Restore point made on: 2012-08-25 17:53:39
Restore point made on: 2012-08-29 08:27:15
Restore point made on: 2012-09-02 13:05:12
Restore point made on: 2012-09-06 14:43:39
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 8174.63 MB
Available physical RAM: 7320.12 MB
Total Pagefile: 8172.78 MB
Available Pagefile: 7317.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:919.21 GB) (Free:666.13 GB) NTFS
2 Drive e: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
3 Drive f: (KINGSTON) (Removable) (Total:3.6 GB) (Free:2.25 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.62 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 13 MB
Disk 1 Online 3695 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 12 GB 40 MB
Partition 3 Primary 919 GB 12 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 12 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 919 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3694 MB 31 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F KINGSTON FAT32 Removable 3694 MB Healthy
=========================================================
Last Boot: 2012-09-07 16:32
==================== End Of Log =============================
 
Very good.
I'll forward your info to my colleague.
He's from Europe so most likely you'll see some reply tomorrow morning.
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Attempt to boot normally.

If successful post Fixlog.txt log.
 

Attachments

  • fixlist.txt
    457 bytes · Views: 6
Nope. The fix didn't work. I tired booting normally, and it brought up the same error message as last time.
Here's the fixlog.txt if you want it:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2012 01
Ran by SYSTEM at 2012-09-17 21:02:57 Run:5
Running from F:\
==============================================
Could not find Replace: c:\frst\hives\BCD.Y Y:\boot\BCD.Y.
Could not find Replace: c:\frst\hives\BCD.Y Y:\boot\BCD.Y.
========= ren Y:\boot\BCD.Y BCD =========
The system cannot find the file specified.
========= End of CMD: =========

========= bcdedit /enum all /store y:\boot\bcd =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

========= Bcdedit /set {default} device partition=Y: /store y:\boot\bcd =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

========= Bcdedit /set {default} osdevice partition=C: /store y:\boot\bcd =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

========= Bcdedit /set {bootmgr} device partition=Y: /store y:\boot\bcd =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

========= Bcdedit /set {memdiag} path \boot\memtest.exe /store y:\boot\bcd =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

========= bcdedit /enum all =========
The boot configuration data store could not be opened.
The requested system device cannot be found.
========= End of CMD: =========

========= bcdedit /enum all /store y:\boot\bcd =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

==== End of Fixlog ====
 
So, can I just download the newest one off the same download link at the begining of the topic? 'Cause I've just been using the dowload link you provided earlier in the thread.
 
Back