Help with MBR partion4

[vxl1313]

That also failed.  Windows will not start

[essexboy]

OK let me know how that goes ..  If it does not work I will delete the bad partition and reset the boot order

[essexboy]

Oops cross posted

Download the attached fix.txt to the same USB as Listparts
Run Listparts as previously then press fix
Once done reboot, you may need to run startup repair  again

[vxl1313]

ok, now avast is runnig its preboot scan which it couldn't do before.  Should i let it scan or hit esc to cancel?  it is scanning now.

[vxl1313]

ok, it was running while i was waiting and it came back that a file in my $RECYCLE.BIN is infected by win32:malware-gen what do i do?

[vxl1313]

ok, never mind i stepped away came back the screen was dark, restarted and windows is now open

[vxl1313]

Ok, windows restarted, i ran avast and it found
c:\$recycle.Bin\S-1-5-21-2144862953-1091124084-318524989-1000\$RV4Zip5.txt
Severity-High               Status-Threat: Win32:Malware-gen

C:\ProgramData\Microsoft\\Windows\\WERReportQueue\Kernel_0_0_cab_028d0c3f\Report.wer

Severity-                      Status-Error: The system cannot find the path specified (3)

I was reluctant to do anything due to what happened yesterday, so i just losed the lid and left the screen there.  Please advise as to what action i should take if any.   Thank you for walking me through this, so far this has gone rather well and even though i have know idea what i am doing, you have made the process very easy to follow.

[mikaelrask]

hey essexbox will help you when i comes online agian.

you could try a malwarebyte scan and see what it comes up with. don't forget to update it before you scan.

[essexboy]

OK could you now run OTL and I will see what else there is to remove

Download OTL  to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Post  both logs

[vxl1313]

here are the logs.  i will be unavailable for the next 3 hours, but will follow whatever instructions you leave when i return.

[essexboy]

How is the computer behaving now ?  Any alerts or problems ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=8055833600754315&q={searchTerms}
IE - HKU\S-1-5-21-2144862953-1091124084-318524989-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2144862953-1091124084-318524989-1000\..\URLSearchHook: {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\entrusted\prxtbentr.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2144862953-1091124084-318524989-1000\..\SearchScopes,DefaultScope = {D642C9A7-208C-4798-BA75-0F0B7BBEAC67}
IE - HKU\S-1-5-21-2144862953-1091124084-318524989-1000\..\SearchScopes\{D642C9A7-208C-4798-BA75-0F0B7BBEAC67}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN28546319402864361&UM=2
IE - HKU\S-1-5-21-2144862953-1091124084-318524989-1000\..\SearchScopes\{EFE54472-A1AC-4D79-9133-73F1C9613DC0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BCPA&o=16145&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^QK&apn_dtid=^YYYYYY^YY^US&apn_uid=E35FCE09-8914-42CD-B8F6-210A3F72E0F5&apn_sauid=7ACAA283-75A7-4523-9E0C-492DC6B13B2D
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (entrusted Toolbar) - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\entrusted\prxtbentr.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (entrusted Toolbar) - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\entrusted\prxtbentr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2144862953-1091124084-318524989-1000\..\Toolbar\WebBrowser: (entrusted Toolbar) - {E44A1809-4D10-4AB8-B343-3326B64C7CDD} - C:\Program Files (x86)\entrusted\prxtbentr.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe File not found
[2013/03/25 18:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\entrusted
[2013/03/25 16:41:12 | 000,000,000 | ---D | C] -- C:\Users\Amy W\AppData\Roaming\OpenCandy

:Files
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\SearchProtect

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[vxl1313]

fix and scan are done, log is attached.  things are seeming more normal, only thing i noticed prior to the scan were some pop ads on the side of my web browser.

[essexboy]

Which browser was this in ?

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

[vxl1313]

The pop up adds were in is 9.  They have stopped since I ran otl fix.  I used computer quite a bit last night with no issues that I could see.  I will run adw cleaner in 2 hrs and post log.

[vxl1313]

Ran ADW Cleaner, the log is attached