Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Black Screen with Cursor NO BOOT


  • This topic is locked This topic is locked
3 replies to this topic

#1 Mrunreal

Mrunreal

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 15 October 2014 - 06:06 AM

Hello,

I have a laptop that will not boot neither in normal mode nor safe mode. It gets past the Windows logo, but then the screen turns black with just a white cursor. If I wait long enough, the laptop will eventually reboot.

 

I have managed to boot to OTLPE and do a FRST scan.

Any help would be much apreciated.

Here is the FRST LOG:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-10-2014
Ran by SYSTEM on REATOGO on 15-10-2014 12:44:43
Running from B:\Documents and Settings\Default User\Desktop
Platform: Windows 7 Home Premium (X86) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-24] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4133072 2012-07-04] (ESET)
HKU\Tracy\...\Run: [Livedrive] => C:\Program Files (x86)\Livedrive\Livedrive.exe [1798144 2013-03-14] (Livedrive Internet Ltd)
HKU\Tracy\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257928 2014-03-31] (Adobe Systems Incorporated)
S2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [1136640 2011-04-21] (Intel Corporation)
S2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336 2014-08-28] (Apple Inc.)
S2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [923984 2011-03-30] (Intel Corporation)
S3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1321296 2011-03-30] (Intel Corporation)
S2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [1001808 2011-03-30] (Intel Corporation)
S2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [134928 2011-04-21] (Intel® Corporation)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-11] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [35720 2012-07-04] (ESET)
S2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [999704 2012-07-04] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [190208 2012-07-04] (ESET)
S2 FFPCAutoSave; C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe [94208 2013-02-28] (FUJIFILM Corporation.)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)
S3 GameConsoleService; C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe [246520 2010-06-03] (WildTangent, Inc.)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176 2012-08-28] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176 2012-08-28] (Google Inc.)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [859280 2014-06-30] (Microsoft Corporation)
S2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [325656 2010-12-20] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 NAUpdate; C:\Program Files (x86)\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [117392 2014-07-10] (Microsoft Corporation)
S2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [150600 2013-10-17] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()
S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [166704 2010-08-09] (Samsung Electronics CO., LTD.)
S2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2656280 2010-12-20] (Intel Corporation)
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [294912 2011-04-21] (Windows ® Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [294912 2011-04-21] (Windows ® Win 7 DDK provider)
S1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [289704 2011-07-06] (Atheros)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [46592 2011-03-08] (Intel Corporation)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [51712 2011-03-08] (Intel Corporation)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [274944 2011-03-08] (Intel Corporation)
S1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2012-07-04] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [152136 2012-03-29] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [140752 2012-03-29] (ESET)
S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [138024 2010-11-12] (ELAN Microelectronics Corp.)
S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [59904 2011-03-22] (Intel Corporation)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12256512 2010-12-16] (Intel Corporation)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2905320 2011-06-24] (Realtek Semiconductor Corp.)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
S3 MEIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2010-10-19] (Intel Corporation)
S3 NETwNs64; C:\Windows\System32\DRIVERS\NETwNs64.sys [8593920 2011-05-01] (Intel Corporation)
S3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [425064 2011-01-27] (Realtek                                            )
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-12-10] (Windows ® 2003 DDK 3790 provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.)
S5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [179920 2012-07-04] (ESET)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-15 12:44 - 2014-10-15 12:44 - 00000000 ____D () C:\FRST
2014-10-14 18:50 - 2014-10-14 18:51 - 00000000 ____D () C:\Windows\System32\config\backup
2014-10-14 05:40 - 2014-10-14 05:40 - 00000000 ____D () C:\Windows\System32\%LOCALAPPDATA%
2014-10-14 05:38 - 2014-10-14 05:38 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-10-11 11:29 - 2014-08-17 00:00 - 02239488 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-10-11 11:29 - 2014-08-17 00:00 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-10-11 11:29 - 2014-08-16 23:59 - 19280384 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-10-11 11:29 - 2014-08-16 23:59 - 01407488 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-10-11 11:29 - 2014-08-16 23:59 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-10-11 11:29 - 2014-08-16 23:59 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-10-11 11:29 - 2014-08-16 23:59 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-10-11 11:29 - 2014-08-16 23:58 - 15399424 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-10-11 11:29 - 2014-08-16 23:58 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-10-11 11:29 - 2014-08-16 23:58 - 02655232 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-10-11 11:29 - 2014-08-16 23:58 - 01508864 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-10-11 11:29 - 2014-08-16 23:58 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-10-11 11:29 - 2014-08-16 23:58 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-10-11 11:29 - 2014-08-16 23:58 - 00451584 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-10-11 11:29 - 2014-08-16 23:58 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-10-11 11:29 - 2014-08-16 23:58 - 00255488 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-10-11 11:29 - 2014-08-16 23:58 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2014-10-11 11:29 - 2014-08-16 23:58 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-10-11 11:29 - 2014-08-16 23:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-10-11 11:29 - 2014-08-16 23:58 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-10-11 11:29 - 2014-08-16 03:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-10-11 11:29 - 2014-08-16 02:34 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2014-10-11 10:45 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2014-10-11 10:41 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\System32\icardres.dll
2014-10-11 10:41 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe
2014-10-11 10:41 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\System32\icardagt.exe
2014-10-11 10:41 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\System32\infocardapi.dll
2014-10-11 10:39 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-10-11 10:39 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-10-11 10:39 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-10-11 10:39 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-10-11 10:39 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-10-11 10:39 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-10-11 10:39 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2014-10-11 10:39 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\System32\objsel.dll
2014-10-11 10:39 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2014-10-11 10:39 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\wincredprovider.dll
2014-10-11 10:39 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2014-10-11 10:39 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\cngprovider.dll
2014-10-11 10:39 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\adprovider.dll
2014-10-11 10:39 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\capiprovider.dll
2014-10-11 10:39 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\dpapiprovider.dll
2014-10-11 10:39 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\dimsroam.dll
2014-10-11 10:38 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-10-11 10:38 - 2013-11-22 18:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2014-10-11 10:38 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-10-11 10:37 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2014-10-11 10:37 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2014-10-11 10:37 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2014-10-11 10:37 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2014-10-11 10:37 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2014-10-11 10:37 - 2013-10-11 22:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2014-10-11 10:37 - 2013-10-11 22:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2014-10-11 10:37 - 2013-10-11 21:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2014-10-11 10:37 - 2013-10-11 21:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2014-10-11 10:37 - 2013-09-07 22:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2014-10-11 10:37 - 2013-08-28 22:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2014-10-11 10:37 - 2013-08-28 22:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2014-10-11 10:37 - 2013-08-28 22:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2014-10-11 10:36 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2014-10-11 10:36 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2014-10-11 10:36 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-10-11 10:36 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll
2014-10-11 10:36 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2014-10-11 10:36 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2014-10-11 10:36 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-10-11 10:36 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2014-10-11 10:36 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-10-11 10:36 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2014-10-11 10:36 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2014-10-11 10:36 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2014-10-11 10:36 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2014-10-11 10:36 - 2013-12-31 19:04 - 00420008 _____ () C:\Windows\System32\locale.nls
2014-10-11 10:36 - 2013-11-26 21:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2014-10-11 10:36 - 2013-11-26 21:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2014-10-11 10:36 - 2013-11-26 21:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2014-10-11 10:36 - 2013-11-26 21:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2014-10-11 10:36 - 2013-11-26 21:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2014-10-11 10:36 - 2013-11-26 21:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2014-10-11 10:36 - 2013-11-26 21:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2014-10-11 10:36 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2014-10-11 10:36 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2014-10-11 10:35 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-10-11 10:35 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2014-10-11 10:35 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\osk.exe
2014-10-11 10:35 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-10-11 10:35 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-10-11 10:35 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2014-10-11 10:35 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2014-10-11 10:35 - 2013-12-03 22:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\System32\secproc.dll
2014-10-11 10:35 - 2013-12-03 22:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
2014-10-11 10:35 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll
2014-10-11 10:35 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll
2014-10-11 10:35 - 2013-12-03 22:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
2014-10-11 10:35 - 2013-12-03 22:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
2014-10-11 10:35 - 2013-12-03 22:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe
2014-10-11 10:35 - 2013-12-03 22:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe
2014-10-11 10:35 - 2013-11-26 07:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2014-10-11 10:34 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-10-11 10:33 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-10-11 10:33 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-10-11 10:32 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-10-11 10:32 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-10-11 10:32 - 2013-10-11 22:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2014-10-11 10:32 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2014-10-11 10:31 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2014-10-11 10:31 - 2013-10-11 22:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2014-10-11 10:31 - 2013-10-11 22:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2014-10-11 10:29 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2014-10-06 09:36 - 2014-10-06 09:36 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-02 04:29 - 2014-10-02 04:29 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-09-15 06:07 - 2014-09-15 06:07 - 00009349 _____ () C:\Users\Tracy\Downloads\Amazon-MP3-1410775643.amz
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-15 12:24 - 2013-06-12 05:28 - 00001113 _____ () C:\Users\Tracy\Desktop\Hayling Trader.lnk
2014-10-14 05:40 - 2009-07-14 00:45 - 00469536 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-10-14 05:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64
2014-10-14 05:37 - 2009-07-14 00:51 - 00094147 _____ () C:\Windows\setupact.log
2014-10-11 11:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-11 11:24 - 2009-07-14 01:13 - 00745066 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-10-11 11:22 - 2012-07-02 18:04 - 00000000 ____D () C:\Users\Tracy\AppData\Roaming\Skype
2014-10-11 11:06 - 2014-03-17 03:49 - 00000000 ____D () C:\Windows\System32\MRT
2014-10-11 10:26 - 2011-10-19 20:25 - 01598759 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 10:14 - 2009-07-14 00:45 - 00021200 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-11 10:14 - 2009-07-14 00:45 - 00021200 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-09 04:02 - 2013-05-24 05:53 - 00000000 ____D () C:\Users\Tracy\Documents\Outlook Files
2014-09-25 07:02 - 2012-08-28 13:50 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-15 04:06 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\Tracy\AppData\Local\Temp\3.1.53.0-EasyShrx.Dll
C:\Users\Tracy\AppData\Local\Temp\bstrapInstall.exe
C:\Users\Tracy\AppData\Local\Temp\c39e61ca08e8%2fvcredist_x64.exe
C:\Users\Tracy\AppData\Local\Temp\install_flashplayer11x32ax_chrd_awa_aih.exe
C:\Users\Tracy\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Tracy\AppData\Local\Temp\LD3393.tmp.exe
C:\Users\Tracy\AppData\Local\Temp\LD5527.tmp.exe
C:\Users\Tracy\AppData\Local\Temp\LD56CC.tmp.exe
C:\Users\Tracy\AppData\Local\Temp\LD65D9.tmp.exe
C:\Users\Tracy\AppData\Local\Temp\LD8F78.tmp.exe
C:\Users\Tracy\AppData\Local\Temp\LDC36.tmp.exe
C:\Users\Tracy\AppData\Local\Temp\LDD0FA.tmp.exe
C:\Users\Tracy\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Tracy\AppData\Local\Temp\oi_{090885D5-875A-4DD8-A52C-0C355AF650D6}.exe
C:\Users\Tracy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tracy\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Tracy\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe
[2011-10-19 05:05] - [2011-02-25 02:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3
 
C:\Windows\System32\winlogon.exe
[2014-10-11 10:39] - [2014-03-04 05:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
 
C:\Windows\System32\wininit.exe
[2009-07-13 19:52] - [2009-07-13 21:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA
 
C:\Windows\System32\svchost.exe
[2011-10-19 05:12] - [2011-03-01 04:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759
 
C:\Windows\System32\services.exe
[2009-07-13 19:19] - [2009-07-13 21:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
 
C:\Windows\System32\User32.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B
 
C:\Windows\System32\userinit.exe
[2010-11-20 23:24] - [2010-11-20 23:24] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53
 
C:\Windows\System32\rpcss.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2011-10-19 05:11] - [2011-02-25 02:25] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B
 
 
==================== Restore Points  =========================
 
Restore point made on: 2014-09-11 07:55:24
Restore point made on: 2014-09-13 11:47:08
Restore point made on: 2014-09-13 11:50:42
Restore point made on: 2014-09-13 12:31:10
Restore point made on: 2014-09-13 13:45:19
Restore point made on: 2014-09-13 14:00:15
Restore point made on: 2014-09-13 14:46:15
Restore point made on: 2014-09-15 07:15:09
Restore point made on: 2014-09-25 10:19:30
Restore point made on: 2014-10-11 10:40:43
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 3499.48 MB
Available physical RAM: 3144.21 MB
Total Pagefile: 3321.59 MB
Available Pagefile: 3244.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 2000.53 MB
 
==================== Drives ================================
 
Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:177 GB) (Free:20.54 GB) NTFS
Drive d: () (Fixed) (Total:265.61 GB) (Free:265.45 GB) NTFS
Drive e: () (Fixed) (Total:177 GB) (Free:20.54 GB) NTFS
Drive f: (SARDU) (Removable) (Total:7.43 GB) (Free:2.8 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D939CB7C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=177 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=265.6 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.1 GB) - (Type=27)
 
========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 20AC7DDA)
No partition Table on disk 1.
 
 
LastRegBack: 2014-09-25 10:21
 
==================== End Of Log ============================

Edited by hamluis, 15 October 2014 - 08:46 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:05 AM

Posted 19 October 2014 - 06:12 PM

Greetings Mrunreal and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I would like to get a fresh FRST report. Please delete any existing FRST program and do this.

===================================================

Farbar's Recovery Scan Tool in Recovery Environment

--------------------

For this step you will need a USB flash drive and start on a clean computer.
  • Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
===================================================

Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:Option #2

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Option #3

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
===================================================

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.[/b]
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:05 AM

Posted 22 October 2014 - 08:53 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:05 AM

Posted 24 October 2014 - 11:10 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users