Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Black screen w/blinking cursor after Trojans


  • Please log in to reply

#1
Silveragain

Silveragain

    Member

  • Member
  • PipPip
  • 17 posts
Hello and thanks for your help!

A couple of days ago an Adobe Flash update popped up while my wife was using the computer. It's an Asus Essentio desktop with Windows 7. She clicked for the update to install and a box popped up that said a newer version of Flash was available and linked her to adobe's site to check for the newest version. One fake installer and fake website later, McAfee popped up 2 trojans, then the computer restarted. It only gives a black screen with a blinking cursor instead of loading into windows. I can get to the BIOS but not to the system recovery. I followed the instructions in your "Computer Won't Boot - Malware Related" post and created an AVG Rescue CD on a flash drive. It ran fine and found 4 trojans, renamed them, tried to reboot but no change. Ran the rescue CD again but still getting the blinking cursor. Any help would be most appreciated.

Silver
  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
:welcome:

Do you have a working computer running Windows 7?
  • 0

#3
Silveragain

Silveragain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Yes, I do.
  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-
Posted Image

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-
Posted Image

  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.

Let me know if you are able to reach the ailing computer's Command prompt in the Repair Console using this disk.
  • 0

#5
Silveragain

Silveragain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Was able to create the repair disk on the other computer. :) Placed it in the ailing computer and started and is showing a System Recovery Options window.

Thanks, Silver
  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
Lets give it a try. You will need a USB Flash drive.

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforu...isc-create.html


    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]
  • 0

#7
Silveragain

Silveragain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thanks JSntgRvr

No problems with any of the steps. Here is the log.



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2013 01
Ran by SYSTEM at 27-02-2013 21:26:27
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [itype] TELLITYPE PRO\ITYPE.EXE" [x]
HKLM\...\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE [x]
HKLM\...\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE [x]
HKLM\...\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE [x]
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [151952 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKU\West\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\West\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\West\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1597864 2013-02-15] (Valve Corporation)
HKU\West\...\Run: [ODJvPpaotTb.exe] C:\ProgramData\ODJvPpaotTb.exe [x]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$7d049a04e11b896b2a9dfd255201f599\n. ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 74.128.19.102 74.128.17.114 192.168.1.1

==================== Services (Whitelisted) ===================

3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
2 McAfee SiteAdvisor Service; C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [103472 2012-12-04] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [383608 2012-11-16] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [241016 2012-12-26] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-12-26] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [182312 2012-12-26] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 nvsvc; "C:\Windows\system32\nvvsvc.exe" [884512 2013-01-18] (NVIDIA Corporation)
2 nvUpdatusService; "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [1260320 2013-02-01] (NVIDIA Corporation)
2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [383264 2013-01-18] (NVIDIA Corporation)

==================== Drivers (Whitelisted) =====================

2 ASInsHelp; \??\C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2009-08-03] ()
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-12-26] (McAfee, Inc.)
3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [178840 2012-12-26] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [309400 2012-12-26] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [515528 2012-12-26] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [771096 2012-12-26] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-12-26] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [339776 2012-12-26] (McAfee, Inc.)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany)
3 mfeavfk01; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-02-27 21:26 - 2013-02-27 21:26 - 00000000 ____D C:\FRST
2013-02-21 07:51 - 2013-02-21 07:51 - 00001494 ____A C:\Users\West\Desktop\System Repair.lnk
2013-02-21 07:37 - 2013-02-21 07:50 - 00000168 ____A C:\ProgramData\-ODJvPpaotTbr
2013-02-21 07:37 - 2013-02-21 07:50 - 00000152 ____A C:\ProgramData\-ODJvPpaotTb
2013-02-21 07:37 - 2013-02-21 07:49 - 00000088 ____A C:\ProgramData\ODJvPpaotTb
2013-02-17 13:49 - 2013-02-17 13:49 - 00016803 ____A C:\Users\West\Desktop\hs_err_pid4072.log
2013-02-14 00:00 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-14 00:00 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-14 00:00 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-14 00:00 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-14 00:00 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-14 00:00 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-14 00:00 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-14 00:00 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-14 00:00 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-14 00:00 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-14 00:00 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-14 00:00 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-14 00:00 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-14 00:00 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-14 00:00 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-14 00:00 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-14 00:00 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-14 00:00 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-14 00:00 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-14 00:00 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-14 00:00 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-14 00:00 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-14 00:00 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-14 00:00 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-14 00:00 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-14 00:00 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-14 00:00 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-14 00:00 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-14 00:00 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-14 00:00 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-14 00:00 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-14 00:00 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-13 01:43 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-13 01:43 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-02-13 01:43 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-02-13 01:43 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-13 01:42 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-13 01:42 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-02-13 01:42 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-02-13 01:42 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-02-13 01:42 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-02-13 01:42 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-02-13 01:42 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-13 01:42 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-02-09 18:34 - 2013-02-09 18:34 - 00014696 ____A C:\Users\West\Desktop\hs_err_pid2640.log
2013-02-06 13:46 - 2013-02-21 07:50 - 00000000 ____D C:\Program Files (x86)\Steam
2013-02-06 13:27 - 2013-02-06 13:27 - 00000000 ____D C:\Program Files (x86)\Bohemia Interactive
2013-02-05 16:30 - 2013-02-06 13:27 - 00000000 ____D C:\Users\West\AppData\Local\Play withSIX
2013-02-05 16:30 - 2013-02-05 16:30 - 00000000 ____D C:\Users\West\AppData\Roaming\Play withSIX
2013-02-05 16:30 - 2013-02-05 16:30 - 00000000 ____D C:\Users\West\AppData\Local\IsolatedStorage
2013-02-05 16:28 - 2013-02-06 13:10 - 00000000 ____D C:\Users\West\AppData\Local\Downloaded Installations
2013-02-01 22:53 - 2013-02-01 22:53 - 26929440 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 25256224 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 20449056 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 17560352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 15129960 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 12641992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 11036448 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-02-01 22:53 - 2013-02-01 22:53 - 09390760 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 07932256 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 07564040 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 06262608 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 02904352 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 02720544 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 02505144 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 02346784 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 01985824 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 00958120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 00245872 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 00201576 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

==================== One Month Modified Files and Folders =======

2013-02-21 07:52 - 2012-07-03 19:01 - 00000000 ____D C:\Users\West\AppData\Roaming\Skype
2013-02-21 07:52 - 2009-12-05 18:01 - 00000000 ___HD C:\users\West
2013-02-21 07:52 - 2009-12-05 18:00 - 01852738 ____A C:\Windows\WindowsUpdate.log
2013-02-21 07:52 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-21 07:52 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-21 07:51 - 2013-02-21 07:51 - 00001494 ____A C:\Users\West\Desktop\System Repair.lnk
2013-02-21 07:50 - 2013-02-21 07:37 - 00000168 ____A C:\ProgramData\-ODJvPpaotTbr
2013-02-21 07:50 - 2013-02-21 07:37 - 00000152 ____A C:\ProgramData\-ODJvPpaotTb
2013-02-21 07:50 - 2013-02-06 13:46 - 00000000 ____D C:\Program Files (x86)\Steam
2013-02-21 07:49 - 2013-02-21 07:37 - 00000088 ____A C:\ProgramData\ODJvPpaotTb
2013-02-21 07:49 - 2009-12-30 14:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-02-21 07:49 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-21 07:49 - 2009-07-13 20:51 - 00120803 ____A C:\Windows\setupact.log
2013-02-21 07:48 - 2012-06-13 17:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-21 07:48 - 2009-12-05 21:53 - 00186684 ____A C:\Windows\PFRO.log
2013-02-21 07:41 - 2010-07-18 18:01 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-02-21 07:41 - 2010-02-09 21:41 - 00000000 ___HD C:\Users\West\AppData\Local\Adobe
2013-02-21 07:41 - 2009-08-24 20:22 - 00000000 ____D C:\ProgramData\Adobe
2013-02-21 07:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-02-21 07:36 - 2012-06-13 17:06 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-21 07:36 - 2011-05-14 12:26 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-20 18:30 - 2011-08-06 14:29 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-02-20 18:30 - 2009-07-13 21:13 - 00796638 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-20 18:27 - 2010-11-13 12:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-02-20 17:22 - 2012-01-12 17:20 - 00000000 ____D C:\Users\West\AppData\Roaming\.minecraft
2013-02-19 17:53 - 2011-04-01 22:59 - 00000246 __ASH C:\Windows\SysWOW64\SysSecurity.ini
2013-02-19 17:53 - 2011-04-01 22:59 - 00000246 ___SH C:\Windows\SysWOW64\DevState.ini
2013-02-17 13:49 - 2013-02-17 13:49 - 00016803 ____A C:\Users\West\Desktop\hs_err_pid4072.log
2013-02-17 11:56 - 2009-12-06 08:07 - 00000000 ___HD C:\Users\West\AppData\Local\Deployment
2013-02-14 00:24 - 2009-07-13 20:45 - 00397352 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-14 00:07 - 2009-07-13 18:34 - 00000499 ____A C:\Windows\win.ini
2013-02-14 00:04 - 2009-12-06 16:46 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-13 14:45 - 2010-02-06 10:22 - 00000000 ____D C:\Program Files\McAfee
2013-02-09 18:34 - 2013-02-09 18:34 - 00014696 ____A C:\Users\West\Desktop\hs_err_pid2640.log
2013-02-09 10:06 - 2013-01-19 12:56 - 00017005 ____A C:\Users\West\Desktop\hs_err_pid7796.log
2013-02-08 18:54 - 2010-02-06 10:22 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-02-08 12:45 - 2010-08-11 13:06 - 00000000 ____D C:\Users\West\Desktop\Connor's
2013-02-06 13:27 - 2013-02-06 13:27 - 00000000 ____D C:\Program Files (x86)\Bohemia Interactive
2013-02-06 13:27 - 2013-02-05 16:30 - 00000000 ____D C:\Users\West\AppData\Local\Play withSIX
2013-02-06 13:10 - 2013-02-05 16:28 - 00000000 ____D C:\Users\West\AppData\Local\Downloaded Installations
2013-02-05 16:30 - 2013-02-05 16:30 - 00000000 ____D C:\Users\West\AppData\Roaming\Play withSIX
2013-02-05 16:30 - 2013-02-05 16:30 - 00000000 ____D C:\Users\West\AppData\Local\IsolatedStorage
2013-02-01 22:53 - 2013-02-01 22:53 - 26929440 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 25256224 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 20449056 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 17560352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 15129960 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 12641992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 11036448 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-02-01 22:53 - 2013-02-01 22:53 - 09390760 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 07932256 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 07564040 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 06262608 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 02904352 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 02720544 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 02505144 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 02346784 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 01985824 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 00958120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 00245872 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2013-02-01 22:53 - 2013-02-01 22:53 - 00201576 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-02-01 22:53 - 2012-10-10 18:23 - 01510176 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco64.dll
2013-02-01 22:53 - 2012-10-10 18:22 - 00017266 ____A C:\Windows\System32\nvinfo.pb
2013-02-01 22:53 - 2012-03-27 16:59 - 18055184 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-02-01 22:53 - 2012-03-27 16:59 - 01107440 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2013-02-01 22:53 - 2012-01-23 18:27 - 01814304 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2013-02-01 22:53 - 2011-05-21 02:01 - 15053264 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-02-01 22:53 - 2011-05-21 02:01 - 02826040 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll


ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-486885069-2404236430-1756599689-1001\$7d049a04e11b896b2a9dfd255201f599

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$7d049a04e11b896b2a9dfd255201f599

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-17 21:11:19
Restore point made on: 2013-01-24 21:56:50
Restore point made on: 2013-02-01 21:00:21
Restore point made on: 2013-02-05 16:29:48
Restore point made on: 2013-02-06 13:46:35
Restore point made on: 2013-02-13 22:18:53
Restore point made on: 2013-02-14 00:00:22

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 8191.12 MB
Available physical RAM: 7146.78 MB
Total Pagefile: 8189.27 MB
Available Pagefile: 7122.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (WIN7) (Fixed) (Total:372.61 GB) (Free:180.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (DATA) (Fixed) (Total:550.88 GB) (Free:550.5 GB) NTFS
3 Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.33 GB) (Free:0 GB) UDF
4 Drive g: (WDO_MEDIA64) (Removable) (Total:3.8 GB) (Free:3.8 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (RECOVERY) (Fixed) (Total:8.01 GB) (Free:0.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 3901 MB 0 B

Partitions of Disk 0:
===============

Disk ID: EB2DE2E2

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 8 GB 31 KB
Partition 2 Primary 372 GB 8 GB
Partition 3 Primary 550 GB 380 GB
Partition 4 Primary 10 MB 931 GB

==================================================================================

Disk: 0
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 8 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C WIN7 NTFS Partition 372 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E DATA NTFS Partition 550 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Disk ID: CF1FB07B

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3900 MB 384 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G WDO_MEDIA64 FAT32 Removable 3900 MB Healthy

=========================================================

Last Boot: 2013-02-12 22:18

==================== End Of Log =============================
  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
Download the enclosed file. Attached File  fixlist.txt   800bytes   70 downloads

Save it in the USB drive, next to FRST64.

Run FRST64 as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Attempt to boot in Normal Mode and let me know the outcome.
  • 0

#9
Silveragain

Silveragain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Booting into normal mode still takes me to the blinking cursor, sadly.

Here is the new log from the fix.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-02-2013 01
Ran by SYSTEM at 2013-02-27 22:58:36 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\itype Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IgfxTray Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HotKeysCmds Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Persistence Value deleted successfully.
HKEY_USERS\West\Software\Microsoft\Windows\CurrentVersion\Run\\MobileDocuments Value deleted successfully.
HKEY_USERS\West\Software\Microsoft\Windows\CurrentVersion\Run\\ODJvPpaotTb.exe Value deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully .
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present).
C:\ProgramData\-ODJvPpaotTbr moved successfully.
C:\ProgramData\-ODJvPpaotTb moved successfully.
C:\ProgramData\ODJvPpaotTb moved successfully.
C:\$Recycle.Bin\S-1-5-21-486885069-2404236430-1756599689-1001\$7d049a04e11b896b2a9dfd255201f599 moved successfully.
C:\$Recycle.Bin\S-1-5-18\$7d049a04e11b896b2a9dfd255201f599 moved successfully.

==== End of Fixlog ====
  • 0

#10
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
:Step1:

Download MBRFix from here.

Save and extract its contents to the working computer's desktop. There are three files in the MBRFix folder. From these, only copy the MBRFix64.exe to the USB drive.

Also download the enclosed file and save it in the USB drive. Attached File  fixlist.txt   16bytes   73 downloads

Insert the USB drive into the ailing computer.

Now please enter System Recovery Options and run FRST64 as you did before, except that this time around, press the Fix button just once and wait.

The tool will create a file labeled MBRDUMP.txt. Attach the MBRDUMP.txt to your reply as it is a hex file.

:Step2:

For x86 (x32) bit systems please download Listparts
For x64 bit systems please download Listparts64
and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\ListParts.exe (for x64 bit version type e:\ListParts64.exe) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Put check mark on List BCD.
  • Press Scan button.
  • It will make a log (Result.txt) in the flash drive. Please copy and paste it to your reply.

I'll be checking on you in the morning.
  • 0

Advertisements


#11
Silveragain

Silveragain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
F8 is still taking me to the window that says "please select the boot device." Still have to select the CDROM drive with the window 7 system repair disk to get further. Is that correct? Once I select the CDROM as the boot device, I can get to the System Recovery Options menu and go from there.

MBRDUMP.txt is attached. Following is the result.txt log. Thanks again for your help!


ListParts by Farbar Version: 16-01-2013
Ran by SYSTEM (administrator) on 27-02-2013 at 23:49:53
Windows 7 (X64)
Running From: G:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8191.12 MB
Available physical RAM: 7316.3 MB
Total Pagefile: 8189.27 MB
Available Pagefile: 7280.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (RECOVERY) (Fixed) (Total:8.01 GB) (Free:0.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (WIN7) (Fixed) (Total:372.61 GB) (Free:180.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (DATA) (Fixed) (Total:550.88 GB) (Free:550.5 GB) NTFS
4 Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.33 GB) (Free:0 GB) UDF
5 Drive g: (WDO_MEDIA64) (Removable) (Total:3.8 GB) (Free:3.8 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 3901 MB 0 B

Partitions of Disk 0:
===============

Disk ID: EB2DE2E2

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 8 GB 31 KB
Partition 2 Primary 372 GB 8 GB
Partition 3 Primary 550 GB 380 GB
Partition 4 Primary 10 MB 931 GB

======================================================================================================

Disk: 0
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C RECOVERY NTFS Partition 8 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D WIN7 NTFS Partition 372 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E DATA NTFS Partition 550 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Disk ID: CF1FB07B

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3900 MB 384 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G WDO_MEDIA64 FAT32 Removable 3900 MB Healthy

======================================================================================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
path \bootmgr
description Windows Boot Manager
locale en-US
default {default}
displayorder {default}
timeout 30

Windows Boot Loader
-------------------
identifier {default}
device partition=D:
path \Windows\system32\winload.exe
description Windows 7 Home Premium (recovered)
locale en-US
recoverysequence {35f3f2e6-8165-11e2-9ef4-90e6bab9e12d}
recoveryenabled Yes
osdevice partition=D:
systemroot \Windows

Windows Boot Loader
-------------------
identifier {35f3f2e6-8165-11e2-9ef4-90e6bab9e12d}
device ramdisk=[D:]\Recovery\369b2c51-e20b-11de-8e24-90e6bab9e12d\Winre.wim,{35f3f2e7-8165-11e2-9ef4-90e6bab9e12d}
path \windows\system32\winload.exe
description Windows Recovery Environment (recovered)
locale
osdevice ramdisk=[D:]\Recovery\369b2c51-e20b-11de-8e24-90e6bab9e12d\Winre.wim,{35f3f2e7-8165-11e2-9ef4-90e6bab9e12d}
systemroot \windows
winpe Yes

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US

Device options
--------------
identifier {35f3f2e7-8165-11e2-9ef4-90e6bab9e12d}
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\369b2c51-e20b-11de-8e24-90e6bab9e12d\boot.sdi


****** End Of Log ******

Edited by Silveragain, 27 February 2013 - 10:59 PM.

  • 0

#12
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
The MBRDUMP.txt did not attach. Please try again
  • 0

#13
Silveragain

Silveragain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Not sure what I'm doing wrong, JSntgRvr. In the attachment area, I can navigate to the file and it shows in the box, but doesn't actually upload to the post. I tried both the basic and advanced uploaders.

Edit: Looked at the posting help topics and realized I wasn't seeing all of the editing and attachment options, even with RTE turned on. Switched to IE8 and they appeared, including "attach this file." Hopefully it shows up now.

Attached File  MBRDUMP.txt   512bytes   53 downloads

Thanks, Silver


Edited by Silveragain, 28 February 2013 - 08:08 AM.

  • 0

#14
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts
Download the enclosed files.

Attached File  fixlist.txt   44bytes   78 downloads

Attached File  fix.txt   25bytes   75 downloads

Save them in the USB drive, next to FRST64 and ListParts64.

Run FRST64 as you did before, except that this time around click on the Fix button and wait.

Close FRST64. Run ListParts64 as you did before, except that this time around click on the Fix button and wait.

The tools will make logs in the flashdrive, (Fixlog.txt and Result.txt) please post them in your next reply.

Attempt to boot in Normal Mode and let me know the outcome.
  • 0

#15
Silveragain

Silveragain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Yay! Success!! Computer now boots to normal mode successfully and loads to desktop. Thank you so much. The background is black, but icons all appear to be there, although I haven't tried to do anything yet. There are 2 windows that opened. The first is a system recovery box that says that recovery has completed, do you want to restore your user files? The second is McAfee, saying the system is not protected.

The PLfixlog is just one line:

Script used: "Disk=0 Partition=4 delete"


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-02-2013 01
Ran by SYSTEM at 2013-02-28 13:01:17 Run:3
Running from G:\

==============================================


========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


=========== Control: ===========

The operation completed successfully.

==== End of Control: ====

==== End of Fixlog ====
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP