[Cololady]

I seem to have a common problem - but have tried all of the common fixes with no luck. I have a Dell laptop that is only about 3 years old. It runs Windows 7 Home Premium 64-bit. I updated a CD burning software program last weekend and upon restart, the system failed and went into startup repair mode. I cannot rule out a malware issue nor a virus I suppose - but in doing online research, it seems more likely I have just damaged a dll or driver file.

I have attempted ththe system repair process at least two dozen times to no avail. It says the computer cannot repair itself. It tells me the signature 07 is a corrupt file. I have tried to boot into safe mode to no avail, have checked the bios and even loaded the system default - no luck. I have tried to load to a command prompt - it will do that and of course goes to the x:\ command. It will not switch to a C:\ - but will run the chkdsk command and repair command - that all runs fine and comes out saying it is completed. But when trying to restart, it returns simply to the start up repair loop again.

I can open a USB drive from the command prompt as well as opening NOTEPAD (I checked all of my files that way on my C drive and everything seems to be in tact and readable I just cant get the darn thing to boot so I can recover them off of there before doing a clean install).

I have also tried to restore to a previous date - that hasnt worked either unfortunately. I have tried as well to do an auto data backup and recovery - it goes all the way through and then errors out.

Everything was preinstalled on this Dell of course - so I have no start up disc, no emergency recovery cd nor install discs. I also have no partitions set up, no secondary drives installed and no original image to restore from.

I ran the frst64.exe command from my USB drive - I will paste the frst.txt file results in the hopes that you can see my issue and reply with a text/script to run in order to fix the problem.

Thank you in advance for all of your help - and if I have neglected to list any info that you need that is important to the fix, please let me know and I will do my best to answer.

Thank you again!




Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2013 01
Ran by SYSTEM on 23-08-2013 20:10:08
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-25] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Corel Photo Downloader] - C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [531272 2007-08-28] (Corel, Inc.)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-05] (Dell)
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/w...&"ver=10.0.1325 [x]
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2010-07-21] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [18240 2010-07-21] (Dell)
HKLM-x32\...\RunOnce: [STToasterLauncher] - C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [122176 2010-07-21] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [FATrayAlert] - c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95560 2010-02-22] (Sensible Vision )
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [FAStartup] - [x]
HKLM-x32\...\Run: [Desktop Disc Tool] - c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] - "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [Corel Photo Downloader] - "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [38768 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2009-10-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Mcx1-WESTERNWINDS-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
HKU\WesternWinds\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\WesternWinds\...\Run: [Google Update] - C:\Users\WesternWinds\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-18] (Google Inc.)
HKU\WesternWinds\...\Run: [Facebook Update] - C:\Users\WesternWinds\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\WesternWinds\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\WesternWinds\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [7180376 2013-06-21] (SlySoft, Inc.)
HKU\WesternWinds\...\Run: [ROC_ROC_APR2013_AV] - C:\Users\WesternWinds\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid ff2ecd2f8bd817ace7cc29ab78b05a0f-27373b2b61ef48247ba09679e0fdfb2281079763 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 [x]
AppInit_DLLs: acaptuser64.dll [119160 2008-06-12] (Adobe Systems, Inc.)
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mcx1-WESTERNWINDS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\WesternWinds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\WesternWinds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> (No File)

==================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
S2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe [244736 2010-02-25] (IDT, Inc.)
S2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [33280 2009-07-16] ()

==================== Drivers (Whitelisted) ====================

S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [142424 2013-05-19] (SlySoft, Inc.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-17 17:31 - 2013-08-17 17:31 - 00000000 ____D C:\Emergency
2013-08-17 00:24 - 2013-08-17 00:24 - 00029541 _____ C:\Users\WesternWinds\.recently-used.xbel

==================== One Month Modified Files and Folders =======

2013-08-23 20:08 - 2013-08-23 20:08 - 00000000 ____D C:\FRST
2013-08-23 18:20 - 2012-12-12 20:33 - 00000000 ____D C:\Users\WesternWinds\AppData\Roaming\AVG2013
2013-08-23 18:20 - 2011-11-26 21:25 - 00000000 ____D C:\Windows\System32\Macromed
2013-08-23 18:20 - 2011-03-10 22:00 - 00000000 ____D C:\Users\WesternWinds\AppData\Roaming\gtk-2.0
2013-08-23 18:20 - 2011-01-05 20:01 - 00000000 ____D C:\users\Mcx1-WESTERNWINDS-PC
2013-08-23 18:20 - 2010-11-10 10:54 - 00000000 ____D C:\ProgramData\MFAData
2013-08-23 18:20 - 2010-09-29 15:42 - 00000000 ____D C:\ProgramData\FLEXnet
2013-08-23 18:20 - 2010-09-17 00:22 - 00000000 ____D C:\users\WesternWinds
2013-08-23 18:20 - 2010-09-09 17:33 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-08-23 18:20 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-23 18:20 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-23 18:20 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-23 18:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-23 18:20 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-23 18:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-08-23 18:18 - 2011-01-05 15:59 - 00000000 ____D C:\Users\WesternWinds\AppData\Roaming\SoftGrid Client
2013-08-23 18:16 - 2011-01-05 19:51 - 00000000 __RHD C:\MSOCache
2013-08-23 18:16 - 2010-09-09 17:46 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-08-17 17:31 - 2013-08-17 17:31 - 00000000 ____D C:\Emergency
2013-08-17 15:56 - 2013-07-02 22:57 - 00000083 ___SH C:\ProgramData\.zreglib
2013-08-17 15:56 - 2010-09-17 00:23 - 00085088 _____ C:\Users\WesternWinds\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-17 15:43 - 2013-02-10 23:14 - 00203776 _____ C:\Users\WesternWinds\Desktop\2013 to do list.xls
2013-08-17 15:10 - 2009-07-14 02:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-17 00:24 - 2013-08-17 00:24 - 00029541 _____ C:\Users\WesternWinds\.recently-used.xbel
2013-08-17 00:24 - 2011-03-10 21:59 - 00000000 ____D C:\Users\WesternWinds\.gimp-2.6
2013-08-16 23:58 - 2012-05-17 21:04 - 03073536 ___SH C:\Users\WesternWinds\Desktop\Thumbs.db
2013-08-16 18:44 - 2012-03-05 22:34 - 00000956 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2409828140-1940018236-4276432541-1001UA.job
2013-08-16 18:29 - 2011-08-18 23:14 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2409828140-1940018236-4276432541-1001UA.job
2013-08-16 15:44 - 2012-03-05 22:34 - 00000934 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2409828140-1940018236-4276432541-1001Core.job
2013-08-16 14:31 - 2012-07-13 14:55 - 00000000 ____D C:\Users\WesternWinds\Desktop\New folder (2)
2013-08-16 14:04 - 2009-07-14 00:10 - 01444163 _____ C:\Windows\WindowsUpdate.log
2013-08-16 01:29 - 2011-08-18 23:14 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2409828140-1940018236-4276432541-1001Core.job
2013-08-14 20:24 - 2013-02-16 22:50 - 00047616 _____ C:\Users\WesternWinds\Desktop\Monthly.xls
2013-08-12 23:06 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-12 23:06 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-12 23:03 - 2009-07-14 00:13 - 00727334 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-12 21:22 - 2010-09-29 15:38 - 00000000 ____D C:\Users\WesternWinds\AppData\Local\Adobe
2013-08-12 20:53 - 2012-04-08 18:53 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-12 20:53 - 2011-05-20 10:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-12 20:48 - 2010-09-17 00:26 - 00000072 _____ C:\Windows\SysWOW64\ToasterLauncherLog.log
2013-08-12 20:48 - 2010-09-17 00:26 - 00000000 ____D C:\Users\WesternWinds\AppData\Local\SoftThinks
2013-08-12 20:47 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-12 20:47 - 2009-07-13 23:45 - 00357360 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-12 20:46 - 2009-07-13 23:51 - 00087445 _____ C:\Windows\setupact.log
2013-08-12 20:44 - 2012-05-16 14:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-12 20:44 - 2012-05-16 14:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-31 17:34 - 2011-08-18 23:14 - 00002414 _____ C:\Users\WesternWinds\Desktop\Google Chrome.lnk
2013-07-30 10:04 - 2012-12-12 20:28 - 00000967 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-30 10:04 - 2012-12-12 20:28 - 00000967 _____ C:\ProgramData\Desktop\AVG 2013.lnk

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-07-15 21:46:06
Restore point made on: 2013-07-25 15:24:54
Restore point made on: 2013-08-08 08:53:10
Restore point made on: 2013-08-16 18:58:44

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4056.36 MB
Available physical RAM: 3417.77 MB
Total Pagefile: 4054.51 MB
Available Pagefile: 3407.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:130.1 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (USB Disk) (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 4CAAC25C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 490 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=490 MB) - (Type=06)


LastRegBack: 2013-08-12 19:41

==================== End Of Log ============================

[Advertisements]

Hello, Cololady and

I am nathdep and I will be helping you with your malware problems.

Note: Just to let you know, I am still in the process of training to become a malware expert. I want you to know that I have a teacher who will be reviewing all the fixes that I post here. Thank you for being part of my learning process!

Also, I ask that you please stay here through the entire malware removal process. Leaving midway can cause more complications as the malware will not be fully removed. Once agian, please stay here until the malware removal process is complete.


Here are some general steps to follow during the malware removal process:

• Please print these instructions as well as future instructions as you may have to boot in safe mode and will not be able to access this site via the internet. Another solution is saving these instructions by copying and pasting them into notebook and saving the file in a convenient location.
  
• Please be patient as the malware removal process could be lengthy, complex, and at times frustrating. Your cooperation throughout the entire process will benefit you as it will expedite your removal time. Please keep this issue in this post and do not post this same issue on a different site. Doing so can be compared to a patient seeing two different doctors. If the two different doctors are not aware of what medication the other doctor is prescribing, the patient could be risking his life. This is synonymous to a computer's health.
  
• Please read (and re-read) the instructions entirely as not following the instructions carefully can produce damaging results.
  
• Please tell me how your computer is running in the beginning of each post. Tell me both recurring and new
  issues as this added information can shed even more light to the problems you are experiencing.
  

I have to get my first fix approved by my teacher. I will be back ASAP!

[nathdep]

Hello, Cololady and

I am nathdep and I will be helping you with your malware problems.

Note: Just to let you know, I am still in the process of training to become a malware expert. I want you to know that I have a teacher who will be reviewing all the fixes that I post here. Thank you for being part of my learning process!

Also, I ask that you please stay here through the entire malware removal process. Leaving midway can cause more complications as the malware will not be fully removed. Once agian, please stay here until the malware removal process is complete.


Here are some general steps to follow during the malware removal process:

• Please print these instructions as well as future instructions as you may have to boot in safe mode and will not be able to access this site via the internet. Another solution is saving these instructions by copying and pasting them into notebook and saving the file in a convenient location.
  
• Please be patient as the malware removal process could be lengthy, complex, and at times frustrating. Your cooperation throughout the entire process will benefit you as it will expedite your removal time. Please keep this issue in this post and do not post this same issue on a different site. Doing so can be compared to a patient seeing two different doctors. If the two different doctors are not aware of what medication the other doctor is prescribing, the patient could be risking his life. This is synonymous to a computer's health.
  
• Please read (and re-read) the instructions entirely as not following the instructions carefully can produce damaging results.
  
• Please tell me how your computer is running in the beginning of each post. Tell me both recurring and new
  issues as this added information can shed even more light to the problems you are experiencing.
  

I have to get my first fix approved by my teacher. I will be back ASAP!

[Cololady]

I appreciate you looking over the file text to see if you can help. I will keep attempting to fix things while waiting to hear back from you.

[nathdep]

Hello again Cololady!

Please follow these instructions very carefully:

First, Rerun FRST
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt:

Start

HKU\Mcx1-WESTERNWINDS-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13]

Folder: C:\Windows\eHome

End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system!

• Boot back into System Recovery Options, as you've done previously.
• Run FRST64 and press the Fix button just once and wait.
• The tool will make a log on the flashdrive (Fixlog.txt) please post it in your reply.

In your next post be sure to include:

• Fixlog.txt
• A report on if you had any problems following the above instructions
• A report on if any issues were solved or created as a result of following the above instructions

[Cololady]

I ran the FRST64.exe from my USB drive through the commpand prompt option as requested. I clicked the FIX button, it ran and said it was completed generating a log file - and that the element was removed. I will paste the log results below.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-08-2013 01
Ran by SYSTEM at 2013-08-25 09:12:21 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Start

HKU\Mcx1-WESTERNWINDS-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13]

Folder: C:\Windows\eHome

End
*****************

HKU\Mcx1-WESTERNWINDS-PC\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

========================= Folder: C:\Windows\eHome ========================


====== End of Folder: ======


==== End of Fixlog ====



I then chose the RESTART option - only to end up at the same startup repair window again that has been appearing for the past week. No change, no reboot, unable to fix itself, nothing different :-(


I did notice that in the frst.txt file you sent for me to use, you had listed "Mcx1-WESTERNWINDS-PC" which is not what I have to log in as on this system when running the repair options...this system login is the "WESTERNWINDS" in case that makes a difference.

I will also include the system restore error that apprears when I try to do a rollback/restore point in case that helps with anything.

Any other suggestions as to what the next steps would be? I really appreciate your help!

Attached Thumbnails

• 

[nathdep]

Hello again Cololady!

Please follow these instructions very carefully:

First, did you receive a Windows update right before your problems occurred?

Next, please boot to the System Recovery Options box.

• Choose the Command Prompt option
• When the Command Prompt loads, type the contents of the box below:
  

  sfc /scannow /offbootdir=c:\ /offwindir=c:\windows

• Press Enter
• You will get a blinking curser while it checks and attempts to repair any issues it may find, it could take quite a bit of time to complete.
• A message will appear telling you if errors were found or not. Please let me know what it finds in your next post.

Next, could you give me a fresh FRST log?

In your next post be sure to include:

• A report on what the sfc /scannow scan yielded
• The FRST log
• A report on if you experienced any issues while following the above instructions
• A report on if any issues were solved or created while following the above instructions

[Cololady]

Nathdep -

No - there were no Windows updates immediately prior to my issue. I did however as I mentioned originally upgrade to a newer version of a CD/DVD burning software (ANYDVD)and was restarting my laptop from that upgrade when the issue began.

I was unable to run the "sfc /scannow /offbootdir=c:\ /offwindir=c:\windows" command. I attemtpted to twice and both times the message that came back was that there is a system restore pending so it cannot run. It asks me to restart my system and try again. The only way I can reach the command prompt is to go through the start up repair prces (as you instructed above) - but then am unable to run the command because of the pending repair.

I ran the frst64.exe command again from my USB drive - it created a new frst.txt file that I will paste below.


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2013 01
Ran by SYSTEM on 26-08-2013 15:27:02
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-25] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Corel Photo Downloader] - C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [531272 2007-08-28] (Corel, Inc.)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-05] (Dell)
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/w...&"ver=10.0.1325 [x]
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2010-07-21] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [18240 2010-07-21] (Dell)
HKLM-x32\...\RunOnce: [STToasterLauncher] - C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [122176 2010-07-21] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [FATrayAlert] - c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95560 2010-02-22] (Sensible Vision )
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [FAStartup] - [x]
HKLM-x32\...\Run: [Desktop Disc Tool] - c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] - "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [Corel Photo Downloader] - "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [38768 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2009-10-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Mcx1-WESTERNWINDS-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
HKU\WesternWinds\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\WesternWinds\...\Run: [Google Update] - C:\Users\WesternWinds\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-18] (Google Inc.)
HKU\WesternWinds\...\Run: [Facebook Update] - C:\Users\WesternWinds\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\WesternWinds\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\WesternWinds\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [7180376 2013-06-21] (SlySoft, Inc.)
HKU\WesternWinds\...\Run: [ROC_ROC_APR2013_AV] - C:\Users\WesternWinds\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid ff2ecd2f8bd817ace7cc29ab78b05a0f-27373b2b61ef48247ba09679e0fdfb2281079763 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 [x]
AppInit_DLLs: acaptuser64.dll [119160 2008-06-12] (Adobe Systems, Inc.)
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mcx1-WESTERNWINDS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\WesternWinds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\WesternWinds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> (No File)

==================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
S2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe [244736 2010-02-25] (IDT, Inc.)
S2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [33280 2009-07-16] ()

==================== Drivers (Whitelisted) ====================

S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [142424 2013-05-19] (SlySoft, Inc.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-17 17:31 - 2013-08-17 17:31 - 00000000 ____D C:\Emergency
2013-08-17 00:24 - 2013-08-17 00:24 - 00029541 _____ C:\Users\WesternWinds\.recently-used.xbel

==================== One Month Modified Files and Folders =======

2013-08-25 09:28 - 2012-12-12 20:33 - 00000000 ____D C:\Users\WesternWinds\AppData\Roaming\AVG2013
2013-08-25 09:28 - 2012-05-16 14:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-25 09:28 - 2012-05-16 14:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-25 09:28 - 2011-11-26 21:25 - 00000000 ____D C:\Windows\System32\Macromed
2013-08-25 09:28 - 2011-03-10 22:00 - 00000000 ____D C:\Users\WesternWinds\AppData\Roaming\gtk-2.0
2013-08-25 09:28 - 2011-01-05 20:01 - 00000000 ____D C:\users\Mcx1-WESTERNWINDS-PC
2013-08-25 09:28 - 2010-11-10 10:54 - 00000000 ____D C:\ProgramData\MFAData
2013-08-25 09:28 - 2010-09-29 15:42 - 00000000 ____D C:\ProgramData\FLEXnet
2013-08-25 09:28 - 2010-09-17 00:22 - 00000000 ____D C:\users\WesternWinds
2013-08-25 09:28 - 2010-09-09 17:33 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-08-25 09:28 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-25 09:28 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-25 09:28 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-25 09:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-08-25 09:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-25 09:28 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-25 09:26 - 2011-01-05 15:59 - 00000000 ____D C:\Users\WesternWinds\AppData\Roaming\SoftGrid Client
2013-08-25 09:22 - 2011-01-05 19:51 - 00000000 __RHD C:\MSOCache
2013-08-25 09:22 - 2010-09-09 17:46 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-08-23 20:08 - 2013-08-23 20:08 - 00000000 ____D C:\FRST
2013-08-17 17:31 - 2013-08-17 17:31 - 00000000 ____D C:\Emergency
2013-08-17 15:56 - 2013-07-02 22:57 - 00000083 ___SH C:\ProgramData\.zreglib
2013-08-17 15:56 - 2010-09-17 00:23 - 00085088 _____ C:\Users\WesternWinds\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-17 15:43 - 2013-02-10 23:14 - 00203776 _____ C:\Users\WesternWinds\Desktop\2013 to do list.xls
2013-08-17 15:10 - 2009-07-14 02:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-17 00:24 - 2013-08-17 00:24 - 00029541 _____ C:\Users\WesternWinds\.recently-used.xbel
2013-08-17 00:24 - 2011-03-10 21:59 - 00000000 ____D C:\Users\WesternWinds\.gimp-2.6
2013-08-16 23:58 - 2012-05-17 21:04 - 03073536 ___SH C:\Users\WesternWinds\Desktop\Thumbs.db
2013-08-14 20:24 - 2013-02-16 22:50 - 00047616 _____ C:\Users\WesternWinds\Desktop\Monthly.xls
2013-08-12 21:22 - 2010-09-29 15:38 - 00000000 ____D C:\Users\WesternWinds\AppData\Local\Adobe
2013-08-12 20:48 - 2010-09-17 00:26 - 00000000 ____D C:\Users\WesternWinds\AppData\Local\SoftThinks
2013-08-08 08:29 - 2011-08-18 23:14 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2409828140-1940018236-4276432541-1001UA.job
2013-08-08 07:45 - 2009-07-14 00:10 - 01309450 _____ C:\Windows\WindowsUpdate.log
2013-08-08 06:44 - 2012-03-05 22:34 - 00000956 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2409828140-1940018236-4276432541-1001UA.job
2013-08-08 01:29 - 2011-08-18 23:14 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2409828140-1940018236-4276432541-1001Core.job
2013-08-07 15:44 - 2012-03-05 22:34 - 00000934 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2409828140-1940018236-4276432541-1001Core.job
2013-08-05 22:14 - 2012-07-13 14:55 - 00000000 ____D C:\Users\WesternWinds\Desktop\New folder (2)
2013-07-31 19:04 - 2009-07-14 00:13 - 00727334 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-31 17:34 - 2011-08-18 23:14 - 00002414 _____ C:\Users\WesternWinds\Desktop\Google Chrome.lnk
2013-07-30 20:02 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 20:02 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 10:04 - 2012-12-12 20:28 - 00000967 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-30 10:04 - 2012-12-12 20:28 - 00000967 _____ C:\ProgramData\Desktop\AVG 2013.lnk
2013-07-28 18:52 - 2009-07-13 23:51 - 00087389 _____ C:\Windows\setupact.log

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-07-15 21:46:06
Restore point made on: 2013-07-25 15:24:54
Restore point made on: 2013-08-08 08:53:10
Restore point made on: 2013-08-16 18:58:44

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4056.36 MB
Available physical RAM: 3416 MB
Total Pagefile: 4054.51 MB
Available Pagefile: 3407.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:130.43 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (USB Disk) (Removable) (Total:0.48 GB) (Free:0.47 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 4CAAC25C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 490 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=490 MB) - (Type=06)


LastRegBack: 2013-08-12 19:41

==================== End Of Log ============================




Thank again in advance for your time in looking atthe log and seeing what a fix may be. I look forward to your reply.

[nathdep]

Hello again!

Please follow these instructions very carefully:

First, Rerun FRST
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt:

Start

HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)

S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [142424 2013-05-19] (SlySoft, Inc.)

C:\Windows\System32\Drivers\AnyDVD.sys

End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system!

• Boot back into System Recovery Options, as you've done previously.
• Run FRST64 and press the Fix button just once and wait.
• The tool will make a log on the flashdrive (Fixlog.txt) please post it in your reply.

In your next post be sure to include:

• Fixlog.txt
• A report on if you had any problems following the above instructions
• A report on if any issues were solved or created as a result of following the above instructions

[Cololady]

I ran the frst64.exe file - chose FIX - it ran, said it completed successfully and moved the file. I closed the window, chose RESTART - and nothing has changed. It still goes immediately into the START UP REPAIR tool, says its scanning for errors, comes up and says it cannot fix itself and my options are to finish (which shuts down the computer) or view the advanced options. None of the advanced options will allow me to successfully boot the system.

I will paste the copy of the newly generated fixlog.txt file:



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-08-2013 01
Ran by SYSTEM at 2013-08-27 19:27:49 Run:2
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Start

HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)

S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [142424 2013-05-19] (SlySoft, Inc.)

C:\Windows\System32\Drivers\AnyDVD.sys

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => Value deleted successfully.
AnyDVD => Service deleted successfully.
C:\Windows\System32\Drivers\AnyDVD.sys => Moved successfully.

==== End of Fixlog ====


Really hoping there is another option you have in mind? Nothing seems to be working. I appreciate you sticking with it and trying to help! I look forward to your next message!

[nathdep]

Hello again!

Let's see if you can run the sfc /scannow command now:

First, please boot to the System Recovery Options box.

• Choose the Command Prompt option
• When the Command Prompt loads, type the contents of the box below:
  

  sfc /scannow /offbootdir=c:\ /offwindir=c:\windows

• Press Enter
• You will get a blinking curser while it checks and attempts to repair any issues it may find, it could take quite a bit of time to complete.
• A message will appear telling you if errors were found or not. Please let me know what it finds in your next post.

In your next post be sure to include:

• A report on if the above instructions were successful
• A report on if any issues were created or resolved by following the above instructions

[Cololady]

Unfortunately I get the same error message - it tells me there is a system repair pending that requires a reboot so it cannot run the scan. It tells me to reboot and try again - which sends me in a loop. I cannot get to the command prompt without going through the repair options - hence the pending repair that will not allow the scan.

Is there any other way to reach the command prompt that I am missing? I cannot boot in safe mode or with a command promopt - so I believe the only option is the way I am doing it, but if there is another way (through the BIOS or SETUP option?), that might help.

Thank you! I am convinced one of these times you will have a magic fix for me :-) I greatly appreciate it! Looking forward to your next reply.

[Essexboy]

Hi Nathdep is unavailable for a day or so, I will be jumping in

Could I have one more FRST scan please, once I have that I will disable AVG which may be the cause. I will admit that the success rate with this problem is only about 50% and the root cause is a MS update that was released this moth for windows defender

[Cololady]

Thank you for jumping in - I was afraid nathdep had exhausted all options and had given up on my system!! I appreciate all of the assistance.

Really hoping for a work around or fix so I can grab the data off and do a clean install if I have to. As mentioned in the original post, the laptop came preloaded with Windows 7 and no discs. I have a friends Windows 7 cd but was a bit leary of trying to install his copy over my version - not knowing if was the same SP or if it works as it did with teh old XP and isnt a big deal. Will it repair itself if I install his version over mine to get it up and running so I can copy off the needed data and then I can format and do a clean install after requesting install discs from Dell?

I ran the FRST64.exe scan again - here is the newest frst.txt file:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2013 01 (ATTENTION: ====> FRST version is 7 days old and could be outdated)
Ran by SYSTEM on 30-08-2013 07:06:51
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-25] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Corel Photo Downloader] - C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [531272 2007-08-28] (Corel, Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-05] (Dell)
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/w...&"ver=10.0.1325 [x]
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2010-07-21] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [18240 2010-07-21] (Dell)
HKLM-x32\...\RunOnce: [STToasterLauncher] - C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [122176 2010-07-21] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [FATrayAlert] - c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95560 2010-02-22] (Sensible Vision )
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [FAStartup] - [x]
HKLM-x32\...\Run: [Desktop Disc Tool] - c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] - "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [Corel Photo Downloader] - "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [38768 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2009-10-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Mcx1-WESTERNWINDS-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
HKU\WesternWinds\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\WesternWinds\...\Run: [Google Update] - C:\Users\WesternWinds\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-18] (Google Inc.)
HKU\WesternWinds\...\Run: [Facebook Update] - C:\Users\WesternWinds\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\WesternWinds\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\WesternWinds\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [7180376 2013-06-21] (SlySoft, Inc.)
HKU\WesternWinds\...\Run: [ROC_ROC_APR2013_AV] - C:\Users\WesternWinds\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid ff2ecd2f8bd817ace7cc29ab78b05a0f-27373b2b61ef48247ba09679e0fdfb2281079763 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 [x]
AppInit_DLLs: acaptuser64.dll [119160 2008-06-12] (Adobe Systems, Inc.)
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mcx1-WESTERNWINDS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\WesternWinds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\WesternWinds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> (No File)

==================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
S2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe [244736 2010-02-25] (IDT, Inc.)
S2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [33280 2009-07-16] ()

==================== Drivers (Whitelisted) ====================

S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-17 17:31 - 2013-08-17 17:31 - 00000000 ____D C:\Emergency
2013-08-17 00:24 - 2013-08-17 00:24 - 00029541 _____ C:\Users\WesternWinds\.recently-used.xbel

==================== One Month Modified Files and Folders =======

2013-08-25 09:28 - 2012-12-12 20:33 - 00000000 ____D C:\Users\WesternWinds\AppData\Roaming\AVG2013
2013-08-25 09:28 - 2012-05-16 14:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-25 09:28 - 2012-05-16 14:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-25 09:28 - 2011-11-26 21:25 - 00000000 ____D C:\Windows\System32\Macromed
2013-08-25 09:28 - 2011-03-10 22:00 - 00000000 ____D C:\Users\WesternWinds\AppData\Roaming\gtk-2.0
2013-08-25 09:28 - 2011-01-05 20:01 - 00000000 ____D C:\users\Mcx1-WESTERNWINDS-PC
2013-08-25 09:28 - 2010-11-10 10:54 - 00000000 ____D C:\ProgramData\MFAData
2013-08-25 09:28 - 2010-09-29 15:42 - 00000000 ____D C:\ProgramData\FLEXnet
2013-08-25 09:28 - 2010-09-17 00:22 - 00000000 ____D C:\users\WesternWinds
2013-08-25 09:28 - 2010-09-09 17:33 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-08-25 09:28 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-25 09:28 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-25 09:28 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-25 09:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-08-25 09:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-25 09:28 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-25 09:26 - 2011-01-05 15:59 - 00000000 ____D C:\Users\WesternWinds\AppData\Roaming\SoftGrid Client
2013-08-25 09:22 - 2011-01-05 19:51 - 00000000 __RHD C:\MSOCache
2013-08-25 09:22 - 2010-09-09 17:46 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-08-23 20:08 - 2013-08-23 20:08 - 00000000 ____D C:\FRST
2013-08-17 17:31 - 2013-08-17 17:31 - 00000000 ____D C:\Emergency
2013-08-17 15:56 - 2013-07-02 22:57 - 00000083 ___SH C:\ProgramData\.zreglib
2013-08-17 15:56 - 2010-09-17 00:23 - 00085088 _____ C:\Users\WesternWinds\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-17 15:43 - 2013-02-10 23:14 - 00203776 _____ C:\Users\WesternWinds\Desktop\2013 to do list.xls
2013-08-17 15:10 - 2009-07-14 02:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-17 00:24 - 2013-08-17 00:24 - 00029541 _____ C:\Users\WesternWinds\.recently-used.xbel
2013-08-17 00:24 - 2011-03-10 21:59 - 00000000 ____D C:\Users\WesternWinds\.gimp-2.6
2013-08-16 23:58 - 2012-05-17 21:04 - 03073536 ___SH C:\Users\WesternWinds\Desktop\Thumbs.db
2013-08-14 20:24 - 2013-02-16 22:50 - 00047616 _____ C:\Users\WesternWinds\Desktop\Monthly.xls
2013-08-12 21:22 - 2010-09-29 15:38 - 00000000 ____D C:\Users\WesternWinds\AppData\Local\Adobe
2013-08-12 20:48 - 2010-09-17 00:26 - 00000000 ____D C:\Users\WesternWinds\AppData\Local\SoftThinks
2013-08-08 08:29 - 2011-08-18 23:14 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2409828140-1940018236-4276432541-1001UA.job
2013-08-08 07:45 - 2009-07-14 00:10 - 01309450 _____ C:\Windows\WindowsUpdate.log
2013-08-08 06:44 - 2012-03-05 22:34 - 00000956 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2409828140-1940018236-4276432541-1001UA.job
2013-08-08 01:29 - 2011-08-18 23:14 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2409828140-1940018236-4276432541-1001Core.job
2013-08-07 15:44 - 2012-03-05 22:34 - 00000934 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2409828140-1940018236-4276432541-1001Core.job
2013-08-05 22:14 - 2012-07-13 14:55 - 00000000 ____D C:\Users\WesternWinds\Desktop\New folder (2)
2013-07-31 19:04 - 2009-07-14 00:13 - 00727334 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-31 17:34 - 2011-08-18 23:14 - 00002414 _____ C:\Users\WesternWinds\Desktop\Google Chrome.lnk

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-07-15 21:46:06
Restore point made on: 2013-07-25 15:24:54
Restore point made on: 2013-08-08 08:53:10
Restore point made on: 2013-08-16 18:58:44

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4056.36 MB
Available physical RAM: 3419.15 MB
Total Pagefile: 4054.51 MB
Available Pagefile: 3408.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:130.43 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (USB Disk) (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 4CAAC25C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 490 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=490 MB) - (Type=06)


LastRegBack: 2013-08-12 19:41

==================== End Of Log ============================

[Essexboy]

During this run I will be disabling AVG as from my experience with this it appears to be the low level drivers that the updates have messed with, there have been a few instances where the action was delayed by several days (I can find no reason for this)

If it fails I can provide a programme that will enable you to back up your data and run a factory re-install. But, lets hope it does not come to that

Download the attached fixlist.txt to the same location as FRST

Run FRST as before and press fix
Once completed try a normal boot

[Cololady]

I tried to run the frst64 again, then ran the fixlist file you sent - it said it completed successfully but then upon rstart, the same thing...just goes to start up reapir, says it cannot fix itself, allows me into the other options screen but none of those will work to get the system booted still. I tried to do a system restore again and picked a point that wa sin July instead of an August date hoping that if this was indeed caused by a Windows update at some point in August, it would back that out and allow the machine to boot. No luck...

Still stuck in the start up repair loop, unable to boot, cannot boot even to safe mode, no system restore point works - its been this way for 2 full weeks now after trying to repair and restart 36 times according to the log....still showing a corruptfile on signature 7 and an autofailure on signature 5.

When you say the success rate is 50% - does that mean the "other" 50% solution is to format?

And how about the repair install option - is it possible for me to install Windows 7 over itself to repair itself like it was in XP? If so - is it as "simple" as booting off the Windows 7 install dvd and letting it overwrite the current files without losing all of my data?

I will paste the fixlog and the start up repair logs just in case either of those can give you some more insight into whatever is causing this issue with my system.

Thanks again - I appreciate your time on this!



FIXLOG TEXT
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-08-2013 01
Ran by SYSTEM at 2013-08-31 18:02:53 Run:3
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
http://www.avg.com/w...&"ver=10.0.1325
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKU\Mcx1-WESTERNWINDS-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
HKU\WesternWinds\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [7180376 2013-06-21] (SlySoft, Inc.)
HKU\WesternWinds\...\Run: [ROC_ROC_APR2013_AV] - C:\Users\WesternWinds\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid ff2ecd2f8bd817ace7cc29ab78b05a0f-27373b2b61ef48247ba09679e0fdfb2281079763 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 [x]
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AVG_UI => Value deleted successfully.
HKU\Mcx1-WESTERNWINDS-PC\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\WesternWinds\Software\Microsoft\Windows\CurrentVersion\Run\\AnyDVD => Value deleted successfully.
HKU\WesternWinds\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_APR2013_AV => Value deleted successfully.
AVGIDSAgent => Service deleted successfully.
avgwd => Service deleted successfully.
AVGIDSDriver => Service deleted successfully.
AVGIDSHA => Service deleted successfully.
Avgldx64 => Service deleted successfully.
Avgloga => Service deleted successfully.
Avgmfx64 => Service deleted successfully.
Avgrkx64 => Service deleted successfully.
Avgtdia => Service deleted successfully.

==== End of Fixlog ====




START UP REPAIR LOG TEXT
Startup Repair diagnosis and repair log
---------------------------
Number of repair attempts: 36

Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = C:\Windows
AutoChk Run = 0
Number of root causes = 1

Test Performed:
---------------------------
Name: Check for updates
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System disk test
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 453 ms

Test Performed:
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code = 0x0
Time taken = 62 ms

Test Performed:
---------------------------
Name: Target OS test
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Volume content check
Result: Completed successfully. Error code = 0x0
Time taken = 250 ms

Test Performed:
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Internal state check
Result: Completed successfully. Error code = 0x0
Time taken = 125 ms

Root cause found:
---------------------------
Startup Repair has tried several times but still cannot determine the cause of the problem.

---------------------------
---------------------------
Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = C:\Windows
AutoChk Run = 0
Number of root causes = 1

Test Performed:
---------------------------
Name: Check for updates
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System disk test
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 468 ms

Test Performed:
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code = 0x0
Time taken = 47 ms

Test Performed:
---------------------------
Name: Target OS test
Result: Completed successfully. Error code = 0x0
Time taken = 16 ms

Test Performed:
---------------------------
Name: Volume content check
Result: Completed successfully. Error code = 0x0
Time taken = 249 ms

Test Performed:
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 16 ms

Test Performed:
---------------------------
Name: Internal state check
Result: Completed successfully. Error code = 0x0
Time taken = 93 ms

Root cause found:
---------------------------
Startup Repair has tried several times but still cannot determine the cause of the problem.

---------------------------
---------------------------
Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = C:\Windows
AutoChk Run = 0
Number of root causes = 1

Test Performed:
---------------------------
Name: Check for updates
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System disk test
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 421 ms

Test Performed:
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code = 0x0
Time taken = 47 ms

Test Performed:
---------------------------
Name: Target OS test
Result: Completed successfully. Error code = 0x0
Time taken = 15 ms

Test Performed:
---------------------------
Name: Volume content check
Result: Completed successfully. Error code = 0x0
Time taken = 281 ms

Test Performed:
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Internal state check
Result: Completed successfully. Error code = 0x0
Time taken = 125 ms

Root cause found:
---------------------------
Startup Repair has tried several times but still cannot determine the cause of the problem.

---------------------------
---------------------------