[steveAA]

Here's the getid notepad info.


Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {c018e821-a939-11df-b4ec-87d65a71fa91}
resumeobject {c018e820-a939-11df-b4ec-87d65a71fa91}
displayorder {c018e821-a939-11df-b4ec-87d65a71fa91}
{c018e824-a939-11df-b4ec-87d65a71fa91}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {c018e821-a939-11df-b4ec-87d65a71fa91}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {c018e822-a939-11df-b4ec-87d65a71fa91}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {c018e820-a939-11df-b4ec-87d65a71fa91}
nx OptIn
safeboot Network
bootlog Yes

Real-mode Boot Sector
---------------------
identifier {c018e824-a939-11df-b4ec-87d65a71fa91}
device partition=\Device\HarddiskVolume1
path \grldr.mbr
description Panda Cloud Cleaner Repair

[Advertisements]

Please enter System Recovery Options as you did before but this time choose Command Prompt option.

When you see Command Prompt window write

bcdedit /deletevalue {c018e821-a939-11df-b4ec-87d65a71fa91} safeboot

Please note spaces between bcdedit, /deletevalue, {c018e821-a939-11df-b4ec-87d65a71fa91} and safeboot

Now press Enter to execute command.

Restart you system and and it should be able to boot Normal mode now.

[maliprog]

Please enter System Recovery Options as you did before but this time choose Command Prompt option.

When you see Command Prompt window write

bcdedit /deletevalue {c018e821-a939-11df-b4ec-87d65a71fa91} safeboot

Please note spaces between bcdedit, /deletevalue, {c018e821-a939-11df-b4ec-87d65a71fa91} and safeboot

Now press Enter to execute command.

Restart you system and and it should be able to boot Normal mode now.

[steveAA]

I double checked that I typed correctly and spaces. Upon enter, it responded with a Not a recognized internal or external command, or something similar.
I restarted and it's still in safe mode and Task Manager is still in miniature script. I'll try the command one more time.

[steveAA]

same result 'bcedit' is not recognized

[maliprog]

Let's try this:

Step 1

Download

 runbcd.bat   68bytes   169 downloads

And copy it on USB memory stick.
Please enter System Recovery Options as you did before and select Command Prompt option.
Once in the Command Prompt:

• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\runbcd.bat and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.

If all goes well restart your system and see if it boots normally.

Step 2

Please restart in safe mode:

• If the computer is running, shut down Windows, and then turn off the power
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.

Please tell me how is your system (is it usable) if you start it in Safe mode this way. If you can use it from here we could run some tools from this environment.

[steveAA]

BINGO!! Success. Started in normal windows. Took a long time to come up and also to go down. Restarted in safe mode now. I did check TM while in windows and it is still in micro mode. What's next?

[maliprog]

OK. Good job. Let's try to run Combofix again in Normal mode and get logs.

Step 1

Run Combofix again.

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion just reboot your system once, that will cure it.


Please make sure you include the combo fix log in your next reply

Step 2

Can you print screen Task Manager so I can take a look and see how it looks.

To print screen please download ClickShoot.exe on your desktop
Start Task Manager and when you are ready press [Print Screen] button on your keyboard
Post ClickShoot_HHMMSS.jpg it creates here for me.

Step 3

Please don't forget to include these items in your reply:

• Combofix log
• Printscreen

It would be helpful if you could post each log in separate post using "Add Reply" button

[steveAA]

Well. I started in normal mode and after a long time of black screen, a 1"x3" box appeared and said "Please Wait". I've never seen it before and it made me nervous, so I cont/alt/del to TM and did a restart in safe mode. If the "Please wait" is OK, I'll restart in Normal. I got the Please wait in Safe Mode, but felt it was safer to proceed so I could try for the screen shot. It doesn't work in Safe.

[maliprog]

That is strange. This is windows message but I can't tell you why is it showing you now. I will sugest you to wait and let it boot in Normal mode. If all goes well just let me know. Don't do any steps for now.

[steveAA]

Well, I hope I didn't mess up. But it looks like Combofix is finally running after several attempts. At least the big blue box says it is at Step 4,so that's good.
The booting to Normal was very long and slow. I uninstalled Hitman and SpyDoctor to eliminate their possible interference. I turned off Panda, then Iobit to get Combofix to run. It looked like it was killed several times as it would disappear and nothing would be shown. After turning everything off I could find and uninstalling, It looked to start running.
But, I couldn't get IE or Fox to open Geekstogo. Mixi and conduit were not helping, I think and the redirects were terrible. I was so frustrated, I tried to uninstall Mixi, but it wouldn't uninstall. I couldn't get a way to send the screenshots to you. Finally, and now Bad Me for breaking the rule, but I went to regedit and deleted Mixi where I could find it to try and get IE or Fox to work. I haven't tried it until Combofix finishes it run, so I'm not sure when I can send the screen shots yet. But the dialog boxes on Combofix had no words either. Your screen shots showed which box was "Agree" and that's the only I knew which box to click and go forward. I'm writing this on my laptop and will send the Combofix log file when it's done.

[steveAA]

ClickShoot_131354file:///c:/users/new/desktop/Clickshoot_13154.jpg
I couldn't copy and paste the screen shot. mmmm
And I'm not sure what really happened but it's not what we wanted. My local internet went down when I was working with Combofix, and it shouldn't affect it. But the Browsers when nuts with messages, etc. I called and it's back up. But it looks like Combo fix stopped at Step 4. No Log. How do we re-run, or what's next?
The Conduit browser is back with an attitude, so not sure what to do there. I may have messed up in the registry, and I wasn't supposed to make any changes there, but I messed up. What can we do now?

[steveAA]

Well, it just did a normal start up and faster than it's been in awhile. Combofix must have done something. The annoying MiXi and Conduit are still here and probably a few other baddies , but it's running in normal mode now. Hurray.

[steveAA]

[maliprog]

Hi steveAA,

We have progress and that's good.

Step 1

• Go to Start -> My Computer
• Right click on C: disk and clik on Properties
• Click on tab Tools and click on Check now... button
• Check Automatically fix system errors and Scan for and attempt recovery of bad sectors
• Click Start button
• Confirm schedule disk check next time computer starts with Yes button
• Restart your system and wait while system checks your disk for errors

This step usually fix some errors related to BSOD.

Step 2

• Click on the Start button and in the search box, type Command Prompt
• When you see Command Prompt on the list, right-click on it and select Run as administrator
• When command prompt opens, copy and paste the following commands into it, press enter after each
  
  

  sfc /scannow

  
  Wait for this to finish before you continue
  
  

  copy   %windir%\logs\cbs\cbs.log   %userprofile%\Desktop\cbs.txt

  
  
• This will create a file, cbs.txt on your Desktop. Please attach this to your next post.

Step 3

Please don't forget to include these items in your reply:

• cbs.txt

It would be helpful if you could post each log in separate post using "Add Reply" button

[steveAA]

Well,, The cbt.txt file is huge. I thought a select all and paste would work, but GTG stopped responding.
Then I thought I'd try attaching, but everything locked up. I checked and it was 15.5MB!!!I think we need to do a ftp site or zip it.
Anyhow, GTG has locked up. So, I just left it trying to upload and went to my other computer for this message. The zip file is about 1/2 MB and as soon as I can unlock things, I'll try to attach the zip file.
BTW, I couldn't use Task Manager to stop things as the graphics are still miniature.

Edited by steveAA, 20 September 2013 - 01:00 AM.