Hi, I have a zero access infection for which I could get FRST logs for. I have labeled the logs as one is the old infected system and the other is the failed new install. Windows 7, 64bit. I have been offline so the files are older, but the last time system was attempted.
Can you do what is shown here and attach the logs please? When possible…
http://forum.avast.com/index.php?topic=53253.0
When done malware removers will be notified. 
These were the reports I was able to save just before the zero access completely took over. Now I can not boot. First set.
Second.
Ive notified magna86, he is online right now, maybe he will help you.
Or maybe another malware remover.
Hi,
I am looking at your logs and I will be respond quickly. 
Hi,
You have been running all kind of malware removal things in an attempt to clean up yourself and you’re quite mess up logs.
Please first read disclaimer here:
http://forum.avast.com/index.php?topic=53253.0
------------- then -------------
=Running FRST via FixList::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
-
Download attached FixList.txt from my post and save it to your Desktop.
NOTE. It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
- Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
------ next ------
=Checking USB storage devices / removable drives::
Download MCShield from one of the following links:
MyCity - Official download link
Softpedija - Mirror download link
[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When all scanning is done, you need to attach a logreport that MCShield has created.
Start → All Programs → MCShield → Logs
Attach here → AllScans.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
----- next -----
=ComboFix::
- Please download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.
- Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.
Instructions how to disable avast:
[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
[*]=> Again, right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.
- Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.
- When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
----- next -----
=Re-check with FRST scan::
Re-run FRST,
If tools alert you for downloading fresh FRST.exe versions, please update FRST.
Click on Scan button and post here fresh created FRST.txt logreport.
I booted infected system with OTLPENet and ran FRST, log is attached. The system did not restart for me to do the other items you listed. The infected system is not online.
Why did you run FRST Fix via OTLPE? I did not tell you to run FRST Fix like that?
Above logs has been created in normal ( boot ) mode. I do not understand what was forced you to run FRST Fix in RE (OTLPE).
System will not boot, only black screen with cursor and freeze.
How did you made logs from Reply#2 and Reply#3, I don’t follow ?
Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.
[*]Plug the flashdrive into the infected PC.
[*]Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer
[*]Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.
In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
[*] In the command window type in notepad and press Enter.
[*] When notepad opens, click File and select Open.
[*]Select “Computer” and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter.
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please attach it to your reply.
I got the logs from #2 and #3 just before it restarted by itself (updates?) and this restart it came up with the black screen. I was unable to load and run MBAM and this is why that report is missing.
I got the last FRST logs from using the F8 key. Now I can not get it to F8 and open Advance menu. On this system I have a bios password. I have tried tapping once, repeated taps and held down the F8 key, no luck.
OTLPE isn’t good for running FRST on 64bits 'cos Windows XP in OTLPE is 32bit based system.
[*]On a clean machine, please download new&fresh Farbar Recovery Scan Tool and save it to a flash drive.
Don’t use old FRST copy.
Note: You need to run the version compatible with your system.
Plug the flashdrive into the infected PC.
[*]If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
If you are using Vista or Windows 7 enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
[*]Restart the computer.
[*]As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
[*]Use the arrow keys to select the Repair your computer menu item.
[*]Select US as the keyboard language settings, and then click Next.
[*]Select the operating system you want to repair, and then click Next.
[*]Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html
To enter System Recovery Options by using Windows installation disc:
[*]Insert the installation disc.
[*]Restart your computer.
[*]If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.[/*]
[*]Click Repair your computer.
[*]Select US as the keyboard language settings, and then click Next.
[*]Select the operating system you want to repair, and then click Next.
[*]Select your user account and click Next.
[*]On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Select Command Prompt
[*]Once in the Command Prompt:
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select “Computer” and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
The install disk froze at the windows startup when the logo was still dots; I made a repair disk and it froze at the black screen after windows started and the progress dots quit. I used another windows 7 upgrade disk and got on.
REPORT:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-09-2013
Ran by SYSTEM on MININT-73HAEUA on 13-09-2013 19:05:46
Running from H:
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
==================== Services (Whitelisted) =================
==================== Drivers (Whitelisted) ====================
S3 VGPU; System32\drivers\rdvgkmd.sys
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-04 03:07 - 2013-09-04 02:09 - 00000000 ____D C:\Windows\Panther
2013-09-04 02:57 - 2013-09-04 03:06 - 00000000 ____D C:$WINDOWS.~LS
2013-09-04 02:57 - 2013-09-04 02:57 - 00000000 ____D C:\Windows.old
2013-09-04 02:57 - 2013-09-04 02:57 - 00000000 ____D C:$WINDOWS.~BT
2013-09-04 02:10 - 2013-09-04 02:10 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-09-01 09:15 - 2013-09-01 09:15 - 00000000 ____D C:\avast! sandbox
2013-08-22 07:46 - 2013-09-02 19:13 - 00000000 ____D C:\AdwCleaner
==================== One Month Modified Files and Folders =======
2013-09-04 03:06 - 2013-09-04 02:57 - 00000000 ____D C:$WINDOWS.~LS
2013-09-04 03:06 - 2009-07-13 21:38 - 00025600 ___SH C:\Windows\System32\config\BCD-Template.LOG
2013-09-04 03:06 - 2009-07-13 21:32 - 00028672 _____ C:\Windows\System32\config\BCD-Template
2013-09-04 02:57 - 2013-09-04 02:57 - 00000000 ____D C:\Windows.old
2013-09-04 02:57 - 2013-09-04 02:57 - 00000000 ____D C:$WINDOWS.~BT
2013-09-04 02:55 - 2009-07-13 20:45 - 00274320 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-04 02:11 - 2009-07-13 20:51 - 00019008 _____ C:\Windows\setupact.log
2013-09-04 02:10 - 2013-09-04 02:10 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-09-04 02:09 - 2013-09-04 03:07 - 00000000 ____D C:\Windows\Panther
2013-09-04 02:09 - 2011-04-12 00:28 - 00000000 ____D C:\Windows\CSC
2013-09-04 02:09 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-02 19:18 - 2013-06-15 12:04 - 00000000 ___HD C:\ControlCenterCount
2013-09-02 19:18 - 2013-06-01 06:42 - 00000000 ____D C:\SuperChargerProfile
2013-09-02 19:13 - 2013-08-22 07:46 - 00000000 ____D C:\AdwCleaner
2013-09-01 09:15 - 2013-09-01 09:15 - 00000000 ____D C:\avast! sandbox
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
==================== EXE ASSOCIATION =====================
HKLM.….exe: exefile => OK
HKLM.…\exefile\DefaultIcon: %1 => OK
HKLM.…\exefile\open\command: “%1” %* => OK
==================== Restore Points =========================
5
Restore point made on: 2013-08-14 17:53:05
Restore point made on: 2013-08-20 01:57:24
Restore point made on: 2013-08-26 23:22:30
Restore point made on: 2013-09-02 00:43:57
Restore point made on: 2013-09-02 09:50:16
==================== Memory info ===========================
Percentage of memory in use: 7%
Total physical RAM: 16353.04 MB
Available physical RAM: 15164.88 MB
Total Pagefile: 16351.19 MB
Available Pagefile: 15167.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:697.38 GB) NTFS
Drive d: (DRV4_VOL1) (Fixed) (Total:232.88 GB) (Free:232.49 GB) NTFS
Drive f: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
Drive h: () (Removable) (Total:0.47 GB) (Free:0.44 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F0103014)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 077049F2)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 484 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=484 MB) - (Type=07 NTFS)
LastRegBack: 2013-09-04 02:08
==================== End Of Log ============================
Ok, tell me will this Fix make your system bootable again. If don’t, just report back here.
Open notepad.
[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[] Copy/Paste the contents of the code box below into Notepad.
Start
cmd: bootrec /FixMbr
cmd: bootrec /fixBoot
Control:
Restore point made on: 2013-09-02 09:50:16
End
Or just download attached fixlist …
[*] Save it to your USB flashdrive as fixlist.txt
Boot into Recovery Environment
Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …
[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.
Exit out of Recovery Environment and post me the log please.
Log attached, froze at starting windows.
Repeat Fix with this fixlist. Procedure is the same.
Will type message:
windows boot manager
Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:
1. Insert your windows installation disc and restart your computer.
2. Choose your language settings, and then click “Next.”
3. Click “Repair your computer.”
If you do not have this disc, contact your system administrator or computer manufacturer for assistance.
File: \windows\system32\config\system
Status: 0xc0000225
Info: windows failed to load because the system registry file is missing, or corrupt.
Trust me, this message is welcome in your case.
I have few tricks with FRST script but I doubt that will help.
My recommendation is just that: Repair your computer or do a fresh install.
Since OTLPE and repair disk may boot it means that system is mest up. Fresh install is the best solutions.
I will try to install again.