[JSntgRvr]

We are running out of options.

Download the enclosed file.

Save it next to FRST, replacing the existing one.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.


Try Normal Mode.

[Advertisements]

 Fixlog.txt   872bytes   494 downloads

it looped back again to the windows recovery screen

when reatogo is up, I can click on my computer and user heidi and see my stuff - there has to be a way around this virus

[hknh]

 Fixlog.txt   872bytes   494 downloads

it looped back again to the windows recovery screen

when reatogo is up, I can click on my computer and user heidi and see my stuff - there has to be a way around this virus

[JSntgRvr]

Try Safe Mode and the Repair Console. Are you still unable to logon with your username?

[hknh]

nope

[JSntgRvr]

Lets check the configuration data file once again.

Download the enclosed file.

Save it next to FRST, replacing the existing one.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

[hknh]

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012 01
Ran by SYSTEM at 2012-08-09 01:40:49 Run:3
Running from D:\

==============================================


========= C:\windows\system32\bcdedit /enum all /v =========


Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {7fdd6ac5-70be-11db-ba26-a0b016378059}
displayorder {7fdd6ac5-70be-11db-ba26-a0b016378059}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {572bcd55-ffa7-11d9-aae0-0007e994107d}
device partition=H:
path \Windows\System32\boot\winload.exe
description Windows Recovery Environment
osdevice partition=H:
systemroot \Windows
resumeobject {7625eb16-04f4-11dc-8eeb-806e6f6e6963}
nx OptIn
detecthal Yes
winpe Yes

Windows Boot Loader
-------------------
identifier {7fdd6ac5-70be-11db-ba26-a0b016378059}
device partition=C:
path \Windows\system32\winload.exe
description Windows Vista
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {572bcd55-ffa7-11d9-aae0-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {7fdd6ac6-70be-11db-ba26-a0b016378059}
nx OptIn
increaseuserva 2048

Resume from Hibernate
---------------------
identifier {7625eb16-04f4-11dc-8eeb-806e6f6e6963}
device partition=H:
path \Windows\System32\boot\winresume.exe
description Windows Recovery Environment
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
pae Yes
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {7fdd6ac6-70be-11db-ba26-a0b016378059}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {466f5a88-0af2-4f76-9038-095b170dc21c}
device unknown
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

========= End of CMD: =========


==== End of Fixlog ====

 Fixlog.txt   4.37KB   449 downloads

[JSntgRvr]

Everything looks as they should.

One last check. Run FRST.

Type the following in the edit box after "Search:".

winload.exe

It then should look like:

Search: winload.exe

Click Search button and post the log (Search.txt) it makes to your reply.

[hknh]

I cannot seem to attach the file -

[JSntgRvr]

Open the file in Notepad and Copy and Paste its contents in a reply.

[hknh]

Farbar Recovery Scan Tool Version: 05-08-2012 01
Ran by SYSTEM at 2012-08-09 02:52:55
Running from D:\

================== Search: "winload.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94\winload.exe
[2009-09-22 17:31] - [2009-04-11 02:33] - 0986600 ____A (Microsoft Corporation) 074DF633D8C15656560F0388AA7F6237

C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winload.exe
[2008-04-09 09:33] - [2008-02-29 03:02] - 0988216 ____A (Microsoft Corporation) B014C9768E1A7E12D7F1EA8B4294EE7E

C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winload.exe
[2008-04-09 09:33] - [2008-02-29 03:11] - 0988216 ____A (Microsoft Corporation) BB82A604FCC5A930696962A27F1C9760

C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18000_none_5b26ba326ca6e048\winload.exe
[2008-09-11 07:10] - [2008-01-19 03:44] - 0986680 ____A (Microsoft Corporation) 8C5CF5E594B696DEC0B6BC791EB0371A

C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winload.exe
[2008-04-09 09:32] - [2008-02-14 19:13] - 0944696 ____A (Microsoft Corporation) 651D59AE69715F62D7D7D9F4746B1195

C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winload.exe
[2008-04-09 09:32] - [2008-02-14 19:19] - 0944184 ____A (Microsoft Corporation) 2FE80A1F41E18B07FC00C94EC316E164

C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6002.18005_none_6b24103689ec6965\winload.exe
[2009-09-22 17:31] - [2009-04-11 02:33] - 0986600 ____A (Microsoft Corporation) 074DF633D8C15656560F0388AA7F6237

C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winload.exe
[2008-04-09 09:33] - [2008-02-29 03:02] - 0988216 ____A (Microsoft Corporation) B014C9768E1A7E12D7F1EA8B4294EE7E

C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winload.exe
[2008-04-09 09:33] - [2008-02-29 03:11] - 0988216 ____A (Microsoft Corporation) BB82A604FCC5A930696962A27F1C9760

C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18000_none_6938972a8cca9e19\winload.exe
[2008-09-11 07:10] - [2008-01-19 03:44] - 0986680 ____A (Microsoft Corporation) 8C5CF5E594B696DEC0B6BC791EB0371A

C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6000.16386_none_6701d52e8fdf8d45\winload.exe
[2006-11-02 04:30] - [2006-11-02 05:52] - 0940648 ____A (Microsoft Corporation) 00D439AB54A9FEB59F94B15C03FF4277

C:\Windows\System32\winload.exe
[2009-09-22 17:31] - [2009-04-11 02:33] - 0986600 ____A (Microsoft Corporation) 074DF633D8C15656560F0388AA7F6237

C:\Windows\System32\Boot\winload.exe
[2009-09-22 17:31] - [2009-04-11 02:33] - 0986600 ____A (Microsoft Corporation) 074DF633D8C15656560F0388AA7F6237

=== End Of Search ===

 Search.txt   3.13KB   483 downloads

[JSntgRvr]

The file seems clear.

Download the enclosed file.

Save it next to FRST, replacing the existing one.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

[hknh]

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012 01
Ran by SYSTEM at 2012-08-09 22:28:27 Run:4
Running from D:\

==============================================


========= C:\Windows\System32\BCDEDIT /SET {9dea862c-5cdd-4e70-acc1-f32b344d4795} path \bootmgr =========

The operation completed successfully.

========= End of CMD: =========


========= C:\windows\system32\bcdedit /enum all /v =========


Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
path \bootmgr
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {7fdd6ac5-70be-11db-ba26-a0b016378059}
displayorder {7fdd6ac5-70be-11db-ba26-a0b016378059}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {572bcd55-ffa7-11d9-aae0-0007e994107d}
device partition=H:
path \Windows\System32\boot\winload.exe
description Windows Recovery Environment
osdevice partition=H:
systemroot \Windows
resumeobject {7625eb16-04f4-11dc-8eeb-806e6f6e6963}
nx OptIn
detecthal Yes
winpe Yes

Windows Boot Loader
-------------------
identifier {7fdd6ac5-70be-11db-ba26-a0b016378059}
device partition=C:
path \Windows\system32\winload.exe
description Windows Vista
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {572bcd55-ffa7-11d9-aae0-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {7fdd6ac6-70be-11db-ba26-a0b016378059}
nx OptIn
increaseuserva 2048

Resume from Hibernate
---------------------
identifier {7625eb16-04f4-11dc-8eeb-806e6f6e6963}
device partition=H:
path \Windows\System32\boot\winresume.exe
description Windows Recovery Environment
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
pae Yes
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {7fdd6ac6-70be-11db-ba26-a0b016378059}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {466f5a88-0af2-4f76-9038-095b170dc21c}
device unknown
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

========= End of CMD: =========


==== End of Fixlog ====

 Fixlog.txt   4.59KB   428 downloads

[JSntgRvr]

Attempt to boot, let me know the outcome.

[hknh]

booted from hard drive and tried to start up normally - it goes to the other user screen - it will not take my username and password

[JSntgRvr]

Sorry for the delay. I was reviewing the entire thread and I can't see anything that may help us boot that computer. All seems to indicate that your user account is either corrupted, or files are missing that we are unable to identify by these means.

All I can suggest is to restore the computer to factory settings. If the built-in Recovery option is not available, then you will need to contact the manufacturer for the Recovery CDs.

Sorry that it took so long, but there are times that we just have to fold.