[DianneH2014]

"Do you mean unable to boot up the machine with the disk upon a restart and or initial boot depressing the F12 key >> select CD/DVD/CD-RW Drive >> Press any key to Boot from CD or DVD"

Sorry for the confusion. I meant to say that I could not "create a Windows 7 Startup Repair Disk" on the Desktop computer we are trying to fix. My DVD/CD drive is acting funny as well. It will not open when a disc is in there in order to eject the disc. The only way to eject the disc is to re-boot.

The Repair file was almost to the end of being copied on on to the disc (on the PC we are working on) when it said it could not finish writing the file to the disk. Hence, my question as to whether I could copy the file via another computer onto the disc (via my Laptop PC).

Next:

"Is you machine a either a Dell or HP modal?"

The machine we are trying to fix is a Dell i570 Desktop.

The Laptop I am referring to (for making a rescue disc) is an HP model.

[Advertisements]

"Download/run a Batch File:

Download the attached multi.bat below and save to your Desktop:-

Attached File multi.bat (1.21K)
Number of downloads: 1

Now right-click on the desktop multi.bat and select Run as Administrator to run the batch file(A blank command window will open on your desktop, then close in a few minutes. This is normal). It will self-delete when completed.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file in your next reply."

I followed instructions, right-clicked and here is what happened ( I did not go any further):

Command Prompt Window:

ERROR: Access is denied.

ERROR: The system was unable to find the specified registry key or value. The operation completed successfully.

ERROR: The system was unable to find the specified registry key or value. The operation completed successfully.

Value exists, overwrite (YES/NO)?

[DianneH2014]

"Download/run a Batch File:

Download the attached multi.bat below and save to your Desktop:-

Attached File multi.bat (1.21K)
Number of downloads: 1

Now right-click on the desktop multi.bat and select Run as Administrator to run the batch file(A blank command window will open on your desktop, then close in a few minutes. This is normal). It will self-delete when completed.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file in your next reply."

I followed instructions, right-clicked and here is what happened ( I did not go any further):

Command Prompt Window:

ERROR: Access is denied.

ERROR: The system was unable to find the specified registry key or value. The operation completed successfully.

ERROR: The system was unable to find the specified registry key or value. The operation completed successfully.

Value exists, overwrite (YES/NO)?

[Dakeyras]

Hi.

Your machine certainly does not like to play nice eh...

Just click on the Y key, if any further problems just close the command window and carry on with the rest of my instructions please.

[DianneH2014]

The type of the file system is NTFS.
Volume label is OS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
672 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
32127 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

473863167 KB total disk space.
84347724 KB in 152932 files.
93496 KB in 32128 indexes.
0 KB in bad sectors.
445519 KB in use by the system.
65536 KB occupied by the log file.
388976428 KB available on disk.

4096 bytes in each allocation unit.
118465791 total allocation units on disk.
97244107 allocation units available on disk.

[DianneH2014]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2013 2
Ran by DIANNE at 2013-12-07 09:00:32 Run:4
Running from C:\Users\DIANNE\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
MountPoints2: {b798088b-13ad-11e2-967f-842b2b93a010} - I:\Autorun.exe
HKLM-x32\...\Run: [] - [x]
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
C:\Users\DIANNE\AppData\Local\Temp\AutoRun.exe
C:\Users\DIANNE\AppData\Local\Temp\mpam-952adaa.exe
C:\Users\DIANNE\AppData\Local\Temp\mpam-df887640.exe
C:\Users\DIANNE\AppData\Local\Temp\MSNAB1F.exe
C:\Program Files (x86)\Java
End
*****************

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b798088b-13ad-11e2-967f-842b2b93a010} => Key deleted successfully.
HKCR\CLSID\{b798088b-13ad-11e2-967f-842b2b93a010} => Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => Key deleted successfully.
HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2 => Key deleted successfully.
C:\Windows\SysWOW64\npDeployJava1.dll => Moved successfully.
C:\Users\DIANNE\AppData\Local\Temp\AutoRun.exe => Moved successfully.
C:\Users\DIANNE\AppData\Local\Temp\mpam-952adaa.exe => Moved successfully.
C:\Users\DIANNE\AppData\Local\Temp\mpam-df887640.exe => Moved successfully.
C:\Users\DIANNE\AppData\Local\Temp\MSNAB1F.exe => Moved successfully.
"C:\Program Files (x86)\Java" => File/Directory not found.

==== End of Fixlog ====

[DianneH2014]

No, my machine does not like to play nice right now. I think it is possessed

Here was the message after going forward with the Batch File Command Prompt:

Value exists, overwrite (YES/NO)? and I pressed Y:

The operation completed successfully.

The operation completed successfully.

The operation completed successfully.

The operation completed successfully.

The operation completed successfully.

The requested operation cannot be performed on a file with a user-mapped section open.

Ok.

Ok.


Then the command prompt screen disappeared just as you said it would.

Edited by DianneH2014, 07 December 2013 - 10:23 AM.

[DianneH2014]

Next:

When completed the above, please post back the following in the order asked for:

"How is your computer performing now, any further symptoms and or problems encountered?"

Answer: Machine appears to be playing nice at the moment. I do not see any symptoms or problems yet.


"Answer to my computer modal query. Is you machine a either a Dell or HP modal?"

Answer: The machine we are trying to fix is a Dell i570 Desktop.

The Laptop I am referring to (for making a rescue disc) is an HP model.


"Attach the contents of checkhd.txt"

Answer: see above post


"Attached Custom FRST Script Log."

Answer: see above post

Edited by DianneH2014, 07 December 2013 - 10:24 AM.

[DianneH2014]

As a side note, this little window popped up:

Update Available

Application update

A new version of Dell System Detect is available. Do you want to download it now?

Name: Dell System Detect

From: downloads.dell.com

OK or SKIP

I did neither at this point....

[Dakeyras]

Hi.

I did neither at this point....

If not done so, fine to update the software.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please download the installer for Registry Backup from here or here and save to your desktop.
• Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
• Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
• Once the GUI(graphical user interface) has appeared/loaded:-

• Click on Backup Now >> once the process is complete, similar to the below will displayed in the GUI:-

• Close Tweaking.com - Registry Backup

Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features can be viewed here.


Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

Alternate downloads are here or here.

• Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
• Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
• Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

Reset Firefox:

Note: You can also refer to this Mozzilla Support article.

• Launch Firefox >> Help >> Troubleshooting Information

Note: If no Menu bar visble >> right click on the top of the browser >> Menu Bar to make it show.

• Near the top of the new window that appears under Reset Firefox to its default state
• Click on Reset Firefox >> in the Reset Firefox window that appears >> click on Reset Firefox >> Finish.

Note: There will now be a folder on your desktop called Old Firefox Data, this is a backup of bookmarks/settings and you will need to reapply any custom settings you may have had etc.

[DianneH2014]

Tweaking.com/Registry Backup:

Successful 13/13 Registry Files Backed Up

[DianneH2014]

Scan with ADW Cleaner Log:

# AdwCleaner v3.014 - Report created 08/12/2013 at 13:51:17
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : DIANNE - DH-INC
# Running from : C:\Users\DIANNE\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\DIANNE\AppData\Roaming\Mozilla\Firefox\Profiles\maq970wp.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\DIANNE\AppData\Roaming\Mozilla\Firefox\Profiles\maq970wp.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1759 octets] - [08/12/2013 13:48:51]
AdwCleaner[S0].txt - [1698 octets] - [08/12/2013 13:51:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1758 octets] ##########

[DianneH2014]

Firefox: Reset via instructions.

Question: Is all the data in the "Old Firefox Data" file on the desktop safe? (i.e. not infected?)

[Dakeyras]

Hi.

Question: Is all the data in the "Old Firefox Data" file on the desktop safe? (i.e. not infected?)

At this juncture it would appear so.

Now before addressing the other issues with your machine I would like to perform a final check/sweep for malware as follows...

Note: If you wish to use Google Chrome for the online scan below, merely inform myself and I will provide alternate/the appropriate instructions for that etc.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

• Please go here to run the scan...
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then right click on it and select Run as Administrator to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the log file first!
• Now click on:
• Use notepad to open the log file located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

My friendly advice is you consider keeping the online scanner installed then run it say once per month as a extra check. A quick easy way to do so would be via:-

Click on Start(Windows 7 Orb) >> Computer >> C: >> Program Files (x86) >> ESET >> ESET Online Scanner >> then right click on OnlineScannerApp and select Run as Administrator.

[DianneH2014]

I am about to run the ESET program in IE but instead of it saying "Allow Add-On/Active X to Install" it says:

The website wants to install the following add-on: 'Online Scanner.cab' from 'ESET, spol. s r.o'

Proceed?

[Dakeyras]

Aye.