Solved ZeroAccess, FRST fix

[Jay Pfoutz]

Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.

 

[JCharles007]

What should the boot priority be? I followed the instructions and was unable to boot successfully (still same screen as before). I then went to the boot manager and moved HDD/SSD higher up the list. I currently have these settings:
1. CD/DVD
2. USB
3. HDD/SSD Toshiba MK3265GSXN (S1)
4. eSATA
5. FDD
6. LAN

Now that the HDD/SSD is higher up the list, I'm not getting the same screen. I'm only getting a blinking cursor.

Here's the log: Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 22-08-2012 02
Ran by SYSTEM at 2012-09-02 07:51:46 Run:8
Running from G:\

==============================================


========= dir /a c:\ =========

Volume in drive C is TI106033W0C
Volume Serial Number is 5ACC-503C

Directory of c:\

02/14/2011 08:49 PM <DIR> $Recycle.Bin
10/14/2010 07:45 PM <DIR> Boot
07/13/2009 05:38 PM 383,562 bootmgr
10/14/2010 07:45 PM 8,192 BOOTSECT.BAK
03/13/2012 12:09 PM <DIR> codec-info
03/25/2012 09:50 PM <DIR> Config.Msi
07/13/2009 09:08 PM <JUNCTION> Documents and Settings [C:\Users]
08/22/2012 06:05 PM <DIR> FRST
03/28/2012 07:12 PM 3,062,255,616 hiberfil.sys
01/20/2011 12:25 AM <DIR> Intel
02/14/2011 09:42 PM <DIR> MSOCache
03/28/2012 07:13 PM 4,083,007,488 pagefile.sys
03/23/2012 06:24 PM <DIR> Program Files
03/25/2012 09:50 PM <DIR> Program Files (x86)
08/24/2012 10:40 PM <DIR> ProgramData
02/16/2012 07:37 AM 510 settings.ini
03/28/2012 04:11 PM <DIR> System Volume Information
02/14/2011 08:47 PM <DIR> Users
08/24/2012 10:40 PM <DIR> Windows
5 File(s) 7,145,655,368 bytes
14 Dir(s) 252,893,216,768 bytes free

========= End of CMD: =========


========= dir /a e:\ =========

Volume in drive E is System
Volume Serial Number is E4A5-287C

Directory of e:\

01/20/2011 01:20 AM <DIR> Boot
07/13/2009 05:38 PM 383,562 bootmgr
02/14/2011 08:47 PM <DIR> Recovery
02/14/2011 09:02 PM <DIR> System Volume Information
10/22/2010 04:45 AM 189 WinREPartition.ini
2 File(s) 383,751 bytes
3 Dir(s) 1,367,330,816 bytes free

========= End of CMD: =========


========= dir /a y:\ =========

The system cannot find the path specified.

========= End of CMD: =========


========================= folder: e:\boot ========================

2011-01-20 01:20 - 2012-03-28 21:24 - 0024576 ____A () e:\boot\BCD
2011-01-20 01:20 - 2012-03-28 19:23 - 0021504 __ASH () e:\boot\BCD.LOG
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 __ASH () e:\boot\BCD.LOG1
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 __ASH () e:\boot\BCD.LOG2
2011-01-20 01:20 - 2011-01-20 01:20 - 0065536 __ASH () e:\boot\BOOTSTAT.DAT
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\cs-CZ
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\da-DK
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\de-DE
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\el-GR
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\en-US
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\es-ES
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\fi-FI
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\Fonts
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\fr-FR
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\hu-HU
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\it-IT
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\ja-JP
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\ko-KR
2011-01-20 01:20 - 2009-07-13 17:20 - 0485440 ____A (Microsoft Corporation) e:\boot\memtest.exe
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\nb-NO
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\nl-NL
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\pl-PL
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\pt-BR
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\pt-PT
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\ru-RU
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\sv-SE
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\tr-TR
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\zh-CN
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\zh-HK
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\zh-TW
2011-01-20 01:20 - 2009-07-13 17:17 - 0089168 ____A (Microsoft Corporation) e:\boot\cs-CZ\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0087616 ____A (Microsoft Corporation) e:\boot\da-DK\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0091712 ____A (Microsoft Corporation) e:\boot\de-DE\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0094800 ____A (Microsoft Corporation) e:\boot\el-GR\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0085056 ____A (Microsoft Corporation) e:\boot\en-US\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 18:11 - 0043600 ____A (Microsoft Corporation) e:\boot\en-US\memtest.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0090192 ____A (Microsoft Corporation) e:\boot\es-ES\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0089152 ____A (Microsoft Corporation) e:\boot\fi-FI\bootmgr.exe.mui
2011-01-20 01:20 - 2009-06-10 12:31 - 3694080 ____A () e:\boot\Fonts\chs_boot.ttf
2011-01-20 01:20 - 2009-06-10 12:31 - 3876772 ____A () e:\boot\Fonts\cht_boot.ttf
2011-01-20 01:20 - 2009-06-10 12:31 - 1984228 ____A () e:\boot\Fonts\jpn_boot.ttf
2011-01-20 01:20 - 2009-06-10 12:31 - 2371360 ____A () e:\boot\Fonts\kor_boot.ttf
2011-01-20 01:20 - 2009-06-10 12:31 - 0047452 ____A () e:\boot\Fonts\wgl4_boot.ttf
2011-01-20 01:20 - 2009-07-13 17:17 - 0093248 ____A (Microsoft Corporation) e:\boot\fr-FR\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0090688 ____A (Microsoft Corporation) e:\boot\hu-HU\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0090704 ____A (Microsoft Corporation) e:\boot\it-IT\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0076352 ____A (Microsoft Corporation) e:\boot\ja-JP\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0075344 ____A (Microsoft Corporation) e:\boot\ko-KR\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0088144 ____A (Microsoft Corporation) e:\boot\nb-NO\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0090704 ____A (Microsoft Corporation) e:\boot\nl-NL\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0090704 ____A (Microsoft Corporation) e:\boot\pl-PL\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0090176 ____A (Microsoft Corporation) e:\boot\pt-BR\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0089664 ____A (Microsoft Corporation) e:\boot\pt-PT\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0090192 ____A (Microsoft Corporation) e:\boot\ru-RU\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0087616 ____A (Microsoft Corporation) e:\boot\sv-SE\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0087104 ____A (Microsoft Corporation) e:\boot\tr-TR\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0070720 ____A (Microsoft Corporation) e:\boot\zh-CN\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0070224 ____A (Microsoft Corporation) e:\boot\zh-HK\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0070208 ____A (Microsoft Corporation) e:\boot\zh-TW\bootmgr.exe.mui

====== End of Folder: ======

========================= folder: y:\boot ========================

Directory Not Found

====== End of Folder: ======

========= bcdedit /enum all /store c:\boot\BCD_Backup =========

The boot configuration data store could not be opened.
The system cannot find the file specified.

========= End of CMD: =========


========= bcdedit /enum all /v /store c:\boot\BCD_Backup =========

The boot configuration data store could not be opened.
The system cannot find the file specified.

========= End of CMD: =========


========= bcdedit /enum all /store y:\boot\BCD =========

The boot configuration data store could not be opened.
The system cannot find the file specified.

========= End of CMD: =========


========= bcdedit /enum all /v /store y:\boot\BCD =========

The boot configuration data store could not be opened.
The system cannot find the file specified.

========= End of CMD: =========


========= bcdedit /enum all /store e:\boot\BCD =========


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=E:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {default}
resumeobject {75a9f6bc-2476-11e0-8911-f50c2d86a5b2}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {75a9f6be-2476-11e0-8911-f50c2d86a5b2}
recoveryenabled Yes
osdevice partition=C:
systemroot \windows
resumeobject {75a9f6bc-2476-11e0-8911-f50c2d86a5b2}
nx OptIn

Windows Boot Loader
-------------------
identifier {75a9f6be-2476-11e0-8911-f50c2d86a5b2}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{75a9f6bf-2476-11e0-8911-f50c2d86a5b2}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{75a9f6bf-2476-11e0-8911-f50c2d86a5b2}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {75a9f6bc-2476-11e0-8911-f50c2d86a5b2}
device partition=C:
path \windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=E:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {75a9f6bf-2476-11e0-8911-f50c2d86a5b2}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

========= End of CMD: =========


========= bcdedit /enum all /v /store e:\boot\BCD =========


Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=E:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {75a9f6bd-2476-11e0-8911-f50c2d86a5b2}
resumeobject {75a9f6bc-2476-11e0-8911-f50c2d86a5b2}
displayorder {75a9f6bd-2476-11e0-8911-f50c2d86a5b2}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {75a9f6bd-2476-11e0-8911-f50c2d86a5b2}
device partition=C:
path \windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {75a9f6be-2476-11e0-8911-f50c2d86a5b2}
recoveryenabled Yes
osdevice partition=C:
systemroot \windows
resumeobject {75a9f6bc-2476-11e0-8911-f50c2d86a5b2}
nx OptIn

Windows Boot Loader
-------------------
identifier {75a9f6be-2476-11e0-8911-f50c2d86a5b2}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{75a9f6bf-2476-11e0-8911-f50c2d86a5b2}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{75a9f6bf-2476-11e0-8911-f50c2d86a5b2}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {75a9f6bc-2476-11e0-8911-f50c2d86a5b2}
device partition=C:
path \windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=E:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {75a9f6bf-2476-11e0-8911-f50c2d86a5b2}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

========= End of CMD: =========


========= bcdedit /enum all /store c:\boot\BCD =========


Windows Boot Manager
--------------------
identifier {bootmgr}
device locate=unknown
description Windows Boot Manager
locale en-us
inherit {globalsettings}
default {default}
resumeobject {976be343-d80e-11df-96e6-00269eeaa3d0}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {default}
device locate=\Windows\system32\winload.exe
path \Windows\system32\winload.exe
description Windows 7
locale en-us
inherit {bootloadersettings}
osdevice locate=\Windows
systemroot \Windows
resumeobject {976be343-d80e-11df-96e6-00269eeaa3d0}
nx OptIn

Resume from Hibernate
---------------------
identifier {976be343-d80e-11df-96e6-00269eeaa3d0}
device locate=\Windows\system32\winresume.exe
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-us
inherit {resumeloadersettings}
filedevice locate=\hiberfil.sys
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device locate=\boot\memtest.exe
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-us
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

========= End of CMD: =========


========= bcdedit /enum all /v /store c:\boot\BCD =========


Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device locate=custom:12000002
description Windows Boot Manager
locale en-us
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {976be344-d80e-11df-96e6-00269eeaa3d0}
resumeobject {976be343-d80e-11df-96e6-00269eeaa3d0}
displayorder {976be344-d80e-11df-96e6-00269eeaa3d0}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {976be344-d80e-11df-96e6-00269eeaa3d0}
device locate=custom:12000002
path \Windows\system32\winload.exe
description Windows 7
locale en-us
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice locate=custom:22000002
systemroot \Windows
resumeobject {976be343-d80e-11df-96e6-00269eeaa3d0}
nx OptIn

Resume from Hibernate
---------------------
identifier {976be343-d80e-11df-96e6-00269eeaa3d0}
device locate=custom:12000002
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-us
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice locate=custom:22000002
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device locate=custom:12000002
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-us
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

========= End of CMD: =========


========= bootrec /FixMbr =========

ÿþT h e o p e r a t I o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========

MBRDUMP.txt is made successfully.

==== End of Fixlog ====

 

[JCharles007]

Here's the info you requested: Additional instructions:
1. Content of the Fixlog.txt (it could be attached if it is a large file)
2. Attach the fresh MBRDUMP.txt (any old one will be overwritten, so no need to remove the old one)
3. After the fix restart, let it boot normally and tell us how it went.
Still blinking cursor, no boot.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 22-08-2012 02
Ran by SYSTEM at 2012-09-07 13:21:03 Run:9
Running from G:\

==============================================


========= dir /a c:\ =========

Volume in drive C is TI106033W0C
Volume Serial Number is 5ACC-503C

Directory of c:\

02/14/2011 08:49 PM <DIR> $Recycle.Bin
10/14/2010 07:45 PM <DIR> Boot
07/13/2009 05:38 PM 383,562 bootmgr
10/14/2010 07:45 PM 8,192 BOOTSECT.BAK
03/13/2012 12:09 PM <DIR> codec-info
03/25/2012 09:50 PM <DIR> Config.Msi
07/13/2009 09:08 PM <JUNCTION> Documents and Settings [C:\Users]
08/22/2012 06:05 PM <DIR> FRST
03/28/2012 07:12 PM 3,062,255,616 hiberfil.sys
01/20/2011 12:25 AM <DIR> Intel
02/14/2011 09:42 PM <DIR> MSOCache
03/28/2012 07:13 PM 4,083,007,488 pagefile.sys
03/23/2012 06:24 PM <DIR> Program Files
03/25/2012 09:50 PM <DIR> Program Files (x86)
08/24/2012 10:40 PM <DIR> ProgramData
02/16/2012 07:37 AM 510 settings.ini
03/28/2012 04:11 PM <DIR> System Volume Information
02/14/2011 08:47 PM <DIR> Users
08/24/2012 10:40 PM <DIR> Windows
5 File(s) 7,145,655,368 bytes
14 Dir(s) 252,893,179,904 bytes free

========= End of CMD: =========


========= dir /a e:\ =========

Volume in drive E is System
Volume Serial Number is E4A5-287C

Directory of e:\

01/20/2011 01:20 AM <DIR> Boot
07/13/2009 05:38 PM 383,562 bootmgr
02/14/2011 08:47 PM <DIR> Recovery
02/14/2011 09:02 PM <DIR> System Volume Information
10/22/2010 04:45 AM 189 WinREPartition.ini
2 File(s) 383,751 bytes
3 Dir(s) 1,367,330,816 bytes free

========= End of CMD: =========


========= dir /a y:\ =========

The system cannot find the path specified.

========= End of CMD: =========


========================= folder: e:\boot ========================

2011-01-20 01:20 - 2012-09-07 12:51 - 0024576 ____A () e:\boot\BCD
2011-01-20 01:20 - 2012-09-07 12:51 - 0021504 __ASH () e:\boot\BCD.LOG
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 __ASH () e:\boot\BCD.LOG1
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 __ASH () e:\boot\BCD.LOG2
2011-01-20 01:20 - 2011-01-20 01:20 - 0065536 __ASH () e:\boot\BOOTSTAT.DAT
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\cs-CZ
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\da-DK
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\de-DE
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\el-GR
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\en-US
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\es-ES
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\fi-FI
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\Fonts
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\fr-FR
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\hu-HU
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\it-IT
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\ja-JP
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\ko-KR
2011-01-20 01:20 - 2009-07-13 17:20 - 0485440 ____A (Microsoft Corporation) e:\boot\memtest.exe
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\nb-NO
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\nl-NL
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\pl-PL
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\pt-BR
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\pt-PT
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\ru-RU
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\sv-SE
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\tr-TR
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\zh-CN
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\zh-HK
2011-01-20 01:20 - 2011-01-20 01:20 - 0000000 ____D () e:\boot\zh-TW
2011-01-20 01:20 - 2009-07-13 17:17 - 0089168 ____A (Microsoft Corporation) e:\boot\cs-CZ\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0087616 ____A (Microsoft Corporation) e:\boot\da-DK\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0091712 ____A (Microsoft Corporation) e:\boot\de-DE\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0094800 ____A (Microsoft Corporation) e:\boot\el-GR\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0085056 ____A (Microsoft Corporation) e:\boot\en-US\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 18:11 - 0043600 ____A (Microsoft Corporation) e:\boot\en-US\memtest.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0090192 ____A (Microsoft Corporation) e:\boot\es-ES\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0089152 ____A (Microsoft Corporation) e:\boot\fi-FI\bootmgr.exe.mui
2011-01-20 01:20 - 2009-06-10 12:31 - 3694080 ____A () e:\boot\Fonts\chs_boot.ttf
2011-01-20 01:20 - 2009-06-10 12:31 - 3876772 ____A () e:\boot\Fonts\cht_boot.ttf
2011-01-20 01:20 - 2009-06-10 12:31 - 1984228 ____A () e:\boot\Fonts\jpn_boot.ttf
2011-01-20 01:20 - 2009-06-10 12:31 - 2371360 ____A () e:\boot\Fonts\kor_boot.ttf
2011-01-20 01:20 - 2009-06-10 12:31 - 0047452 ____A () e:\boot\Fonts\wgl4_boot.ttf
2011-01-20 01:20 - 2009-07-13 17:17 - 0093248 ____A (Microsoft Corporation) e:\boot\fr-FR\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0090688 ____A (Microsoft Corporation) e:\boot\hu-HU\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0090704 ____A (Microsoft Corporation) e:\boot\it-IT\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0076352 ____A (Microsoft Corporation) e:\boot\ja-JP\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0075344 ____A (Microsoft Corporation) e:\boot\ko-KR\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0088144 ____A (Microsoft Corporation) e:\boot\nb-NO\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0090704 ____A (Microsoft Corporation) e:\boot\nl-NL\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0090704 ____A (Microsoft Corporation) e:\boot\pl-PL\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0090176 ____A (Microsoft Corporation) e:\boot\pt-BR\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0089664 ____A (Microsoft Corporation) e:\boot\pt-PT\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0090192 ____A (Microsoft Corporation) e:\boot\ru-RU\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0087616 ____A (Microsoft Corporation) e:\boot\sv-SE\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0087104 ____A (Microsoft Corporation) e:\boot\tr-TR\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0070720 ____A (Microsoft Corporation) e:\boot\zh-CN\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0070224 ____A (Microsoft Corporation) e:\boot\zh-HK\bootmgr.exe.mui
2011-01-20 01:20 - 2009-07-13 17:17 - 0070208 ____A (Microsoft Corporation) e:\boot\zh-TW\bootmgr.exe.mui

====== End of Folder: ======

========================= folder: y:\boot ========================

Directory Not Found

====== End of Folder: ======

========= bcdedit /enum all /store c:\boot\BCD_Backup =========

The boot configuration data store could not be opened.
The system cannot find the file specified.

========= End of CMD: =========


========= bcdedit /enum all /v /store c:\boot\BCD_Backup =========

The boot configuration data store could not be opened.
The system cannot find the file specified.

========= End of CMD: =========


========= bcdedit /enum all /store y:\boot\BCD =========

The boot configuration data store could not be opened.
The system cannot find the file specified.

========= End of CMD: =========


========= bcdedit /enum all /v /store y:\boot\BCD =========

The boot configuration data store could not be opened.
The system cannot find the file specified.

========= End of CMD: =========


========= bcdedit /enum all /store e:\boot\BCD =========


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=E:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {default}
resumeobject {75a9f6bc-2476-11e0-8911-f50c2d86a5b2}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {75a9f6be-2476-11e0-8911-f50c2d86a5b2}
recoveryenabled Yes
osdevice partition=C:
systemroot \windows
resumeobject {75a9f6bc-2476-11e0-8911-f50c2d86a5b2}
nx OptIn

Windows Boot Loader
-------------------
identifier {75a9f6be-2476-11e0-8911-f50c2d86a5b2}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{75a9f6bf-2476-11e0-8911-f50c2d86a5b2}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{75a9f6bf-2476-11e0-8911-f50c2d86a5b2}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {75a9f6bc-2476-11e0-8911-f50c2d86a5b2}
device partition=C:
path \windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=E:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {75a9f6bf-2476-11e0-8911-f50c2d86a5b2}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

========= End of CMD: =========


========= bcdedit /enum all /v /store e:\boot\BCD =========


Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=E:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {75a9f6bd-2476-11e0-8911-f50c2d86a5b2}
resumeobject {75a9f6bc-2476-11e0-8911-f50c2d86a5b2}
displayorder {75a9f6bd-2476-11e0-8911-f50c2d86a5b2}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {75a9f6bd-2476-11e0-8911-f50c2d86a5b2}
device partition=C:
path \windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {75a9f6be-2476-11e0-8911-f50c2d86a5b2}
recoveryenabled Yes
osdevice partition=C:
systemroot \windows
resumeobject {75a9f6bc-2476-11e0-8911-f50c2d86a5b2}
nx OptIn

Windows Boot Loader
-------------------
identifier {75a9f6be-2476-11e0-8911-f50c2d86a5b2}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{75a9f6bf-2476-11e0-8911-f50c2d86a5b2}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{75a9f6bf-2476-11e0-8911-f50c2d86a5b2}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {75a9f6bc-2476-11e0-8911-f50c2d86a5b2}
device partition=C:
path \windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=E:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {75a9f6bf-2476-11e0-8911-f50c2d86a5b2}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

========= End of CMD: =========


========= bcdedit /enum all /store c:\boot\BCD =========


Windows Boot Manager
--------------------
identifier {bootmgr}
device locate=unknown
description Windows Boot Manager
locale en-us
inherit {globalsettings}
default {default}
resumeobject {976be343-d80e-11df-96e6-00269eeaa3d0}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {default}
device locate=\Windows\system32\winload.exe
path \Windows\system32\winload.exe
description Windows 7
locale en-us
inherit {bootloadersettings}
osdevice locate=\Windows
systemroot \Windows
resumeobject {976be343-d80e-11df-96e6-00269eeaa3d0}
nx OptIn

Resume from Hibernate
---------------------
identifier {976be343-d80e-11df-96e6-00269eeaa3d0}
device locate=\Windows\system32\winresume.exe
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-us
inherit {resumeloadersettings}
filedevice locate=\hiberfil.sys
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device locate=\boot\memtest.exe
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-us
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

========= End of CMD: =========


========= bcdedit /enum all /v /store c:\boot\BCD =========


Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device locate=custom:12000002
description Windows Boot Manager
locale en-us
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {976be344-d80e-11df-96e6-00269eeaa3d0}
resumeobject {976be343-d80e-11df-96e6-00269eeaa3d0}
displayorder {976be344-d80e-11df-96e6-00269eeaa3d0}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {976be344-d80e-11df-96e6-00269eeaa3d0}
device locate=custom:12000002
path \Windows\system32\winload.exe
description Windows 7
locale en-us
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice locate=custom:22000002
systemroot \Windows
resumeobject {976be343-d80e-11df-96e6-00269eeaa3d0}
nx OptIn

Resume from Hibernate
---------------------
identifier {976be343-d80e-11df-96e6-00269eeaa3d0}
device locate=custom:12000002
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-us
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice locate=custom:22000002
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device locate=custom:12000002
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-us
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

========= End of CMD: =========


========= bootrec /FixMbr =========

ÿþT h e o p e r a t I o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========

MBRDUMP.txt is made successfully.

==== End of Fixlog ====

 

[Jay Pfoutz]

I'm waiting to the developer to get back with me, hopefully to catch up soon here...

 

[Jay Pfoutz]

Okie dokie. Current boot priority is good.

FRST Fixlist

Download the attached file, please. Save it on your flash drive to replace the current fixlist.txt. Make sure it maintains its current name fixlist.txt.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

Additional instructions:
1. Content of the Fixlog.txt (it could be attached if it is a large file)
2. Attach the fresh MBRDUMP.txt (any old one will be overwritten, so no need to remove the old one)

 

[JCharles007]

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 22-08-2012 02
Ran by SYSTEM at 2012-09-11 21:03:25 Run:10
Running from G:\

==============================================

MBRDUMP.txt is made successfully.

========= FixMbr64 /drive 0 fixmbr /win7 /yes =========

'FixMbr64' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

MBRDUMP.txt is made successfully.

==== End of Fixlog ====

When I reboot I just get flashing cursor on black screen. This is a tough-E, huh? I really appreciate the help. I know you'll get it running. Thanks.

 

[Jay Pfoutz]

That's right, don't give up. I'm sure we'll get this.

Keep in mind the MBR is still very infected with TDL4. While you're waiting, please consider reading, if you like: http://en.wikipedia.org/wiki/Alureon

 

[Jay Pfoutz]

Please do the same in the post here, except with a new fixlist.

The developer, Farbar, and myself apologize, but there was an error in the script. But no worries, we're not trying to waste time.

 

[JCharles007]

Sure, no problem. Here's the fixlog and MBRDump:
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 22-08-2012 02
Ran by SYSTEM at 2012-09-15 22:42:48 Run:11
Running from G:\

==============================================

MBRDUMP.txt is made successfully.

========= MbrFix64 /drive 0 fixmbr /win7 /yes =========


========= End of CMD: =========

MBRDUMP.txt is made successfully.

==== End of Fixlog ====

 

[Jay Pfoutz]

That was a clean MBR. Before I report back to Farbar, please attempt to boot the computer. Let me know what happens, please.

 

[JCharles007]

Successful boot without CD. Do I need to run a specific antivirus tool?

 

[Jay Pfoutz]

Great!

ComboFix

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
• It is important to rename ComboFix before the download.
• Please do not rename ComboFix to other names, but only the one indicated.

After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
• It will attempt to install the Recovery Console:

• When ComboFix finishes, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

AdwCleaner Scan
Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Search.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

 

[JCharles007]

OK, here are the files:
ADWCleaner-
# AdwCleaner v2.002 - Logfile created 09/16/2012 at 14:45:11
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Smith Family - SMITHFAMILY-PC
# Boot Mode : Normal
# Running from : C:\Users\Smith Family\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Premium
Folder Found : C:\Users\Smith Family\AppData\Roaming\Mozilla\Firefox\Profiles\b5r7jg9n.default\extensions\info@allpremiumplay.info

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Found : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Smith Family\AppData\Roaming\Mozilla\Firefox\Profiles\b5r7jg9n.default\prefs.js

Found : user_pref("extensions.nurit5562nurit235.scode", "(function(){try{if('aol.com,mystart.incredibar.com,[...]

*************************

AdwCleaner[R1].txt - [1501 octets] - [16/09/2012 14:45:11]

########## EOF - C:\AdwCleaner[R1].txt - [1561 octets] ##########

ComboFix:
ComboFix 12-09-15.02 - Smith Family 09/16/2012 14:11:45.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2627 [GMT -7:00]
Running from: c:\users\Smith Family\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Codec-C
c:\programdata\Codec-C\background.html
c:\programdata\Codec-C\bhoclass.dll
c:\programdata\Codec-C\content.js
c:\programdata\Codec-C\data\content.js
c:\programdata\Codec-C\data\jsondb.js
c:\programdata\Codec-C\ekdjfcdinekpfcedakhpngcnaamhiihn.crx
c:\programdata\Codec-C\settings.ini
c:\programdata\Codec-C\uninstall.exe
c:\users\Smith Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\{529E7CDC-C1DF-4407-AB5D-8E0375822219}.xps
c:\users\Smith Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FCC19056-CCEF-42D3-8C11-A042B38680D1}.xps
.
.
((((((((((((((((((((((((( Files Created from 2012-08-16 to 2012-09-16 )))))))))))))))))))))))))))))))
.
.
2012-09-16 21:16 . 2012-09-16 21:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-16 20:31 . 2012-09-16 21:11 747928 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-08-23 02:05 . 2012-08-23 02:05 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"WirelessUSBManager"="c:\program files (x86)\Wireless USB\Components\WirelessUSBManager\WirelessUSBManager.exe" [2011-03-01 4110672]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.5.29055.0.sys [2012-03-24 17408]
R3 DLCopyFilter;DLCopyFilter;c:\windows\system32\Drivers\wsr_tbf.sys [2010-07-21 52736]
R3 DWA;Wireless USB Device Adapter;c:\windows\system32\DRIVERS\WSR_DWA.SYS [2010-11-18 578048]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
R3 hwa;Wireless USB Host Adapter;c:\windows\system32\DRIVERS\WSR_HWA.SYS [2010-11-18 1028096]
R3 HWARadio;Wireless USB Host Radio;c:\windows\system32\DRIVERS\WSR_RCI.SYS [2010-11-18 167424]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-19 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSR_USF;Debug1;c:\windows\system32\Drivers\WSR_USF.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2010-11-26 13936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 CableAssociation;CableAssociation;c:\program files (x86)\Wireless USB\Components\Association\CableAssociation.exe [2010-12-08 1457480]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2010-11-26 9464168]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2010-11-26 203376]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-23 75304]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-02-12 877088]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd944d9cc2e9ab.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 04:04]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cd944d9d248217.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 04:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://us.mg4.mail.yahoo.com/neo/launch?.rand=9fc0i0kfknj7f
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: myitlab.com
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoned.com
TCP: DhcpNameServer = 192.168.2.2
FF - ProfilePath - c:\users\Smith Family\AppData\Roaming\Mozilla\Firefox\Profiles\b5r7jg9n.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Codec-C: info@allpremiumplay.info - c:\users\Smith Family\AppData\Roaming\Mozilla\Firefox\Profiles\b5r7jg9n.default\extensions\info@allpremiumplay.info
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Codec-C: info@allpremiumplay.info - %profile%\extensions\info@allpremiumplay.info
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{5055EDC9-A18F-4B5E-A182-8C425E15659B} - c:\programdata\Codec-C\bhoclass.dll
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\Codec-C\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
c:\program files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
c:\program files (x86)\Mozilla Firefox\plugin-container.exe
.
**************************************************************************
.
Completion time: 2012-09-16 14:27:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-16 21:27
.
Pre-Run: 253,678,493,696 bytes free
Post-Run: 253,581,500,416 bytes free
.
- - End Of File - - 4E335169A2C1268AB12AB1F0259F3B1A

 

[Jay Pfoutz]

AdwCleaner FIX
Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
• Click Start or wait for the scanner to load.
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, there are a couple of things to keep in mind:
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
• Open the logfile from wherever you saved it
• Copy and paste the contents in your next reply.

 

[JCharles007]

ADW Cleaner:

# AdwCleaner v2.002 - Logfile created 09/17/2012 at 19:17:29
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Smith Family - SMITHFAMILY-PC
# Boot Mode : Normal
# Running from : C:\Users\Smith Family\Desktop\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Smith Family\AppData\Roaming\Mozilla\Firefox\Profiles\b5r7jg9n.default\extensions\info@allpremiumplay.info

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Smith Family\AppData\Roaming\Mozilla\Firefox\Profiles\b5r7jg9n.default\prefs.js

Deleted : user_pref("extensions.nurit5562nurit235.scode", "(function(){try{if('aol.com,mystart.incredibar.com,[...]

*************************

AdwCleaner[R1].txt - [1624 octets] - [16/09/2012 14:45:11]
AdwCleaner[S1].txt - [2197 octets] - [17/09/2012 19:17:29]

########## EOF - C:\AdwCleaner[S1].txt - [2257 octets] ##########

ESET:

C:\FRST\Quarantine\consrv.dll Win64/Sirefef.G trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\qeSKkLWiSNH.exe a variant of Win32/Kryptik.ADIQ trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\E043.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\E054.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\Users\Smith Family\Downloads\mplayer_Setup.exe a variant of Win32/Adware.iBryte.C application cleaned by deleting - quarantined

 

[Jay Pfoutz]

Good job! If there are no more issues, then we shall finish up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
• Select System
• On the left select Advanced System Settings and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name I.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
• Select Performance Information and Tools
• On the left select Open Disk Cleanup
• Select Files from all users and accept the warning if you get one
• In the drop down box select your main drive I.e. C
• For a few moments the system will make some calculations:
  
  
• Select the More Options tab
  
  
• In the System Restore and Shadow Backups select Clean up
  
  
• Select Delete on the pop up
• Select OK
• Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
• Double click OTC.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[Jay Pfoutz]

Topic marked solved.