[gbrbob]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-09-2012
Ran by SYSTEM at 2012-09-07 21:16:43 Run:4
Running from D:\

==============================================


========= copy /y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe C:\Windows\System32\services.exe =========

1 file(s) copied.

========= End of CMD: =========


==== End of Fixlog ====

[Advertisements]

Have we made any progress with booting up?

[emeraldnzl]

Have we made any progress with booting up?

[gbrbob]

Nope still get bsod

[emeraldnzl]

Next move:

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your hard drive letter and close the notepad.
In the command window type C: and press Enter
Note: Replace letter C with the drive letter of your hard drive.
Type in chkdsk /b and press Enter.
When prompted, type in Y and press Enter.
Allow chkdsk to perform all 5 stages. This may take some time, so please be patient.
When complete, close the Command Prompt window, and click on the Restart button to restart your computer.
Please let me know whether there is any change with starting up your computer.

See if that makes a difference.

If not then try:

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Last Boot: 2012-08-31 15:02

This Registry file is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Please enter System Recovery Options, as we've done previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Come back and tell me how you got on.

[gbrbob]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-09-2012
Ran by SYSTEM at 2012-09-08 02:51:47 Run:5
Running from F:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

[gbrbob]

It still ended up at a bsod

[emeraldnzl]

Question: Did we ever manage to run ComboFix properly? If not, now might be a good time to try.

[gbrbob]

No I never got a chance to re-run it again.

[emeraldnzl]

Okay let's try again.

Please delete your version of ComboFix, including the folders C:\Qoobox and C:\Combofix, and download a new version of Combofix.

Download ComboFix from here

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[gbrbob]

You do realize I'm not loaded into windows right?

[gbrbob]

Can we try an older system restore date? I see one back from June, maybe the virus won't be listed that far back?

[emeraldnzl]

You do realize I'm not loaded into windows right?

Oh dear... getting tired. My mistake.

Can we try an older system restore date? I see one back from June, maybe the virus won't be listed that far back?

Yes although I thought Start up Repair might be worth a try.


On the Advanced Boot Options screen, use the arrow keys to highlight Repair your computer, and then press ENTER. (If Repair your computer is not listed as an option, then your computer does not include Startup Repair as a preinstalled recovery option.)


Select a keyboard layout, and then click Next.

Select a user name and enter the password, and then click OK.


On the System Recovery Options menu, click Startup Repair. Startup Repair might prompt you to make choices as it tries to fix the problem and, if necessary, it might restart your computer as it makes repairs.

What do you think?

[gbrbob]

I will try that even though it hasn't worked in the past. If I end in the same result what do u think about doing an earlier system restore?

[emeraldnzl]

Always worth a try.

[gbrbob]

Well running startup repair didn't work so I'll try the system restore from June and see what it does.