Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 frozen black screen with white blinking cursor


  • This topic is locked This topic is locked
7 replies to this topic

#1 endercase

endercase

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Antonio Texas
  • Local time:07:30 AM

Posted 09 January 2015 - 07:49 PM

Home built computer running Widow 7 64bit ult, computer randomly shut down and refused to recognize the boot sector, and would not recognize that I had recovery points.

 

I have followed the steps up to fixtlist from http://www.bleepingcomputer.com/forums/t/487382/windows-7-frozen-black-screen-with-white-blinking-cursor/ 

bios>recovery dsk>Cmd Prompt>farbar

I am hesitant to run the fixlist without confirmation.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by SYSTEM on MININT-THSJFIP on 09-01-2015 18:09:58
Running from h:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Intel\bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [PrintDisp] => C:\Windows\system32\PrintDisp.exe [870400 2012-10-29] (ActMask Co.,Ltd - http://www.all2pdf.com)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-12] (AVAST Software)
HKLM-x32\...\Run: [Immunet Protect] => C:\Program Files\Immunet\3.1.13\iptray.exe [3232464 2014-09-12] (Immunet)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-03] (Autodesk Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\deadlog3\...\Run: [GoogleChromeAutoLaunch_ED5E2F83519E2099AF09863D1279F4C3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\deadlog3\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\deadlog3\...\Run: [f.lux] => C:\Users\deadlog3\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\deadlog3\...\Run: [SkyDrive] => C:\Users\deadlog3\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\deadlog3\...\Run: [Google Update] => C:\Users\deadlog3\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-09-16] (Google Inc.)
HKU\deadlog3\...\Run: [MusicManager] => C:\Users\deadlog3\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2014-11-13] (Google Inc.)
HKU\deadlog3\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\deadlog3\...\Policies\Explorer: [] 
Startup: C:\Users\deadlog3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\deadlog3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: dfboottime \??\C:\Windows\System32\dfboottime.cfgautocheck autochk * 
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-03] (Autodesk Inc.)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-06] (Autodesk, Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-12] (AVAST Software)
S2 CFD 2015 Server; C:\Program Files\Autodesk\Simulation CFD 2015\SimCFDServer.exe [392192 2014-07-31] (Autodesk, Inc.)
S4 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2014-09-13] (Arainia Solutions)
S2 ImmunetProtect; C:\Program Files\Immunet\3.1.13\sfc.exe [546208 2014-09-12] (Sourcefire, Inc.)
S4 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [997664 2014-10-22] (Overwolf LTD)
S3 scan; C:\Program Files\Immunet\tetra\scan.dll [447744 2014-09-12] (BitDefender)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-12] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-12] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-12] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-12] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-12] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-12] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-12] ()
S1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2014-09-13] (Arainia Solutions LLC)
S2 ImmunetNetworkMonitorDriver; C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys [100048 2014-09-12] (Sourcefire, Inc.)
S1 ImmunetProtectDriver; C:\Windows\System32\Drivers\immunetprotect.sys [58064 2014-09-12] (Windows ® Win 7 DDK provider)
S1 ImmunetSelfProtectDriver; C:\Windows\System32\Drivers\immunetselfprotect.sys [32976 2014-09-12] (Windows ® Win 7 DDK provider)
S3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3483112 2014-07-22] (Intel Corporation)
S3 Trufos; C:\Windows\System32\Drivers\trufos.sys [329800 2014-09-12] (BitDefender S.R.L.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-09 18:09 - 2015-01-09 18:09 - 00000000 ____D () C:\FRST
2015-01-05 11:49 - 2015-01-05 11:49 - 00000000 ____D () C:\Users\deadlog3\Desktop\Data
2015-01-04 18:57 - 2015-01-04 23:36 - 00000000 ____D () C:\Users\deadlog3\Documents\Orcs Must Die
2015-01-04 18:06 - 2015-01-04 18:06 - 00000000 ____D () C:\Users\deadlog3\AppData\Roaming\3909
2015-01-03 18:11 - 2015-01-03 18:11 - 00001180 _____ () C:\Users\deadlog3\Desktop\NASA's Eyes.lnk
2015-01-03 18:01 - 2015-01-03 18:01 - 00000000 ____D () C:\Users\deadlog3\AppData\Roaming\JPL-NASA-Caltech
2015-01-02 18:46 - 2015-01-02 18:46 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-19 21:04 - 2014-12-19 21:05 - 00000000 ____D () C:\Users\deadlog3\D-Fend Reloaded
2014-12-19 21:04 - 2014-12-19 21:04 - 00001086 _____ () C:\Users\Public\Desktop\D-Fend Reloaded.lnk
2014-12-19 21:04 - 2014-12-19 21:04 - 00000000 ____D () C:\Program Files (x86)\D-Fend Reloaded
2014-12-19 21:03 - 2014-12-19 21:04 - 16033389 _____ (Written by Alexander Herzog) C:\Users\deadlog3\Downloads\D-Fend-Reloaded-1.4.2-Setup.exe
2014-12-19 21:00 - 2014-12-19 21:00 - 01630589 _____ () C:\Users\deadlog3\Downloads\wolfenstein-3d (1).zip
2014-12-19 20:59 - 2014-12-19 20:59 - 00003008 _____ () C:\Windows\System32\Tasks\{AE9BB655-EFB5-48D8-8413-FEE9C7BDC614}
2014-12-19 20:59 - 2014-12-19 20:59 - 00003008 _____ () C:\Windows\System32\Tasks\{89928632-DD1B-4C2C-B314-E63BFED52856}
2014-12-19 20:59 - 2014-12-19 20:59 - 00003008 _____ () C:\Windows\System32\Tasks\{8328E6B3-0F92-43C0-AB6A-9D1C9B3F50E1}
2014-12-19 20:59 - 2014-12-19 20:59 - 00003008 _____ () C:\Windows\System32\Tasks\{7F2AD87C-6CA6-4C1C-9FC1-FD5418269EF4}
2014-12-19 20:59 - 2014-12-19 20:59 - 00003008 _____ () C:\Windows\System32\Tasks\{2DEEE757-9BB0-43A7-B939-47BF568AAAF8}
2014-12-19 20:58 - 2014-12-19 20:58 - 00003008 _____ () C:\Windows\System32\Tasks\{7A8FCB2C-F67E-45AF-BD3F-5A47A4F6978B}
2014-12-19 20:58 - 2014-12-19 20:58 - 00003008 _____ () C:\Windows\System32\Tasks\{73500662-C787-4E73-8D89-9ACB73F37D2B}
2014-12-19 20:57 - 2014-12-19 20:57 - 00000000 ____D () C:\Users\deadlog3\Documents\wolfenstein-3d
2014-12-19 19:37 - 2014-12-19 19:37 - 00196848 _____ () C:\Users\deadlog3\Downloads\sram-2-fr.zip
2014-12-19 19:36 - 2014-12-19 19:36 - 01195026 _____ () C:\Users\deadlog3\Downloads\wolfenstein-3d.zip
2014-12-18 00:25 - 2014-12-18 00:25 - 00000000 ____D () C:\Users\deadlog3\AppData\OICE_15_974FA576_32C1D314_145D
2014-12-18 00:14 - 2014-12-18 00:14 - 00057857 _____ () C:\Users\deadlog3\Desktop\Excel file Midterm 4.xlsx
2014-12-17 14:16 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-12-17 14:16 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 16:30 - 2014-12-16 16:30 - 00000000 ____D () C:\Users\deadlog3\Documents\WBGames
2014-12-16 15:48 - 2014-12-16 15:48 - 00000000 ____D () C:\Users\deadlog3\Documents\4a games
2014-12-15 22:29 - 2014-12-15 22:29 - 00000000 ____D () C:\Users\deadlog3\Documents\Petroglyph
2014-12-15 22:29 - 2010-05-26 09:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-12-15 22:28 - 2010-05-26 09:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-12-15 13:44 - 2014-12-15 13:45 - 22505784 _____ () C:\Users\deadlog3\Desktop\Anth, note, 2014 fall of.onepkg
2014-12-15 09:15 - 2014-12-15 09:32 - 00000000 ____D () C:\Users\deadlog3\Desktop\finals fall 2014
2014-12-10 02:25 - 2014-12-10 02:25 - 00001495 _____ () C:\Users\deadlog3\AppData\Local\recently-used.xbel
2014-12-10 01:44 - 2014-12-10 01:44 - 02497485 _____ (SingularLabs ) C:\Users\deadlog3\Desktop\ninja-setup-3.0.4.exe
2014-12-10 01:32 - 2014-12-10 01:32 - 00000000 ____D () C:\Windows\System32\appraiser
2014-12-10 01:04 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2014-12-10 01:04 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 01:04 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2014-12-10 01:04 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
2014-12-10 01:04 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2014-12-10 01:04 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
2014-12-10 01:04 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 01:04 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 01:04 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 01:04 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 00:45 - 2014-12-03 18:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2014-12-10 00:45 - 2014-12-03 18:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2014-12-10 00:45 - 2014-12-03 18:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2014-12-10 00:45 - 2014-12-03 18:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2014-12-10 00:45 - 2014-12-03 18:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-12-10 00:45 - 2014-12-03 18:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2014-12-10 00:45 - 2014-12-03 18:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-12-10 00:45 - 2014-12-01 15:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2014-12-10 00:45 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 00:45 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-12-10 00:45 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-12-10 00:45 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-12-10 00:45 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-12-10 00:45 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 00:45 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 00:45 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-12-10 00:45 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 00:45 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 00:45 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 00:45 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-12-10 00:45 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 00:45 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 00:45 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 00:45 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 00:45 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 00:45 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 00:45 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2014-12-10 00:45 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 00:45 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2014-12-10 00:44 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-12-10 00:44 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-12-10 00:44 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-12-10 00:44 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-12-10 00:44 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-12-10 00:44 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-12-10 00:44 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-12-10 00:44 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-12-10 00:44 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-12-10 00:44 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-12-10 00:44 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-12-10 00:44 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-12-10 00:44 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-12-10 00:44 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-12-10 00:44 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-12-10 00:44 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 00:44 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-12-10 00:44 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 00:44 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 00:44 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 00:44 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 00:44 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 00:44 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-12-10 00:44 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-12-10 00:44 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-12-10 00:44 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 00:44 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-12-10 00:44 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 00:44 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 00:44 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-12-10 00:44 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 00:44 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 00:44 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-12-10 00:44 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 00:44 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-12-10 00:44 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 00:43 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-12-10 00:43 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 00:43 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\System32\charmap.exe
2014-12-10 00:43 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 00:43 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll
2014-12-10 00:43 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\System32\WSManMigrationPlugin.dll
2014-12-10 00:43 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\System32\WsmWmiPl.dll
2014-12-10 00:43 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\System32\WsmAuto.dll
2014-12-10 00:43 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\System32\WSManHTTPConfig.exe
2014-12-10 00:43 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 00:43 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 00:43 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 00:43 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 00:43 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-07 10:31 - 2014-09-16 21:12 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2442156428-424647234-1737229991-1000UA.job
2015-01-07 10:09 - 2014-09-12 23:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-07 10:02 - 2014-09-12 23:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 09:46 - 2014-11-08 10:31 - 00004968 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for OTHER-PC-deadlog3 Other-PC
2015-01-07 09:26 - 2014-09-16 19:19 - 00000000 ___RD () C:\Users\deadlog3\Dropbox
2015-01-07 09:26 - 2014-09-16 19:17 - 00000000 ____D () C:\Users\deadlog3\AppData\Roaming\Dropbox
2015-01-07 09:26 - 2014-09-12 22:40 - 02092988 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 09:25 - 2014-09-12 23:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 09:20 - 2014-09-12 23:39 - 00000000 ____D () C:\Program Files\Immunet
2015-01-07 09:07 - 2009-07-13 20:45 - 00026576 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 09:07 - 2009-07-13 20:45 - 00026576 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-07 08:58 - 2014-10-28 17:53 - 00010634 _____ () C:\Windows\setupact.log
2015-01-07 08:58 - 2014-09-12 23:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-07 08:58 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-06 17:31 - 2014-09-16 21:12 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2442156428-424647234-1737229991-1000Core.job
2015-01-06 10:40 - 2014-11-08 14:35 - 00000418 _____ () C:\Windows\Tasks\Defraggler Volume C Task.job
2015-01-05 10:00 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-01-05 00:00 - 2014-09-23 01:48 - 00000000 ____D () C:\Users\deadlog3\AppData\Local\Adobe
2015-01-04 18:58 - 2014-09-13 15:44 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-04 18:57 - 2014-12-04 11:06 - 00165100 _____ () C:\Windows\DirectX.log
2015-01-04 14:25 - 2014-09-17 01:24 - 00000000 ____D () C:\Users\deadlog3\AppData\Roaming\vlc
2015-01-03 09:30 - 2014-11-08 14:35 - 00000418 _____ () C:\Windows\Tasks\Defraggler Volume E Task.job
2015-01-02 20:56 - 2014-09-13 16:47 - 00000000 ____D () C:\Users\deadlog3\AppData\Local\Warframe
2014-12-19 21:06 - 2014-09-12 22:57 - 00000000 ____D () C:\Users\deadlog3\AppData\Local\VirtualStore
2014-12-19 21:04 - 2014-09-12 22:57 - 00000000 ____D () C:\users\deadlog3
2014-12-18 00:10 - 2009-07-13 21:13 - 00006206 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-12-16 17:27 - 2014-12-03 20:04 - 00000000 ____D () C:\Users\deadlog3\Documents\My Games
2014-12-15 23:57 - 2014-11-04 13:28 - 00466456 _____ (Creative Labs) C:\Windows\System32\wrap_oal.dll
2014-12-15 23:57 - 2014-11-04 13:28 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-12-15 23:57 - 2014-11-04 13:28 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2014-12-15 23:57 - 2014-11-04 13:28 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-12-15 14:22 - 2014-09-17 00:18 - 00000000 ____D () C:\Users\deadlog3\AppData\Roaming\jEdit
2014-12-12 01:54 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 01:01 - 2014-09-13 12:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 02:25 - 2014-10-17 10:05 - 00000000 ____D () C:\Users\deadlog3\AppData\Local\gtk-2.0
2014-12-10 02:25 - 2014-09-23 04:23 - 00000000 ____D () C:\Users\deadlog3\.gimp-2.8
2014-12-10 01:49 - 2014-09-13 00:05 - 00000000 ____D () C:\Program Files (x86)\System Ninja
2014-12-10 01:42 - 2014-11-13 12:34 - 00000000 ____D () C:\Users\deadlog3\AppData\Roaming\Raptr
2014-12-10 01:32 - 2014-09-13 12:15 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-12-10 01:32 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 01:32 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 01:14 - 2014-09-16 19:38 - 00000000 ____D () C:\Windows\System32\MRT
2014-12-10 01:09 - 2014-09-16 19:38 - 112710672 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\deadlog3\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvatak3.dll
C:\Users\deadlog3\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2015-01-06 18:25:08
Restore point made on: 2015-01-06 23:27:16
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 8089.45 MB
Available physical RAM: 7246.39 MB
Total Pagefile: 8087.65 MB
Available Pagefile: 7248.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: (My Main Man) (Fixed) (Total:596.07 GB) (Free:404.35 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Windows_7_SP1_Ultimate_x64) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
Drive h: (GS Drive) (Removable) (Total:7.46 GB) (Free:7.27 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (XD clouds and stuffs) (Fixed) (Total:465.76 GB) (Free:398.92 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 000147D9)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 0008F690)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
 
LastRegBack: 2015-01-04 00:38
 
==================== End Of Log ============================

Attached Files


Edited by hamluis, 10 January 2015 - 12:38 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:30 AM

Posted 13 January 2015 - 08:49 PM

Greetings endercase and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run the following for me.

===================================================

Bootrec /fixboot Windows 7/Vista

--------------------
  • Boot your computer into the Recovery Environment
  • Select Repair your computer
  • Select Command Prompt
  • Type the following after the Command Prompt, pressing Enter after each line

bootrec.exe /fixboot

  • Attempt to boot your computer into Normal Boot
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Does your computer boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 endercase

endercase
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Antonio Texas
  • Local time:07:30 AM

Posted 15 January 2015 - 01:35 AM

Hello Gary I am James,

X:\Sources>bootrect.exe /fixboot

Element not found.

X:\Sources>bootrect.exe /ScanOs 

...

Succesfully scanned Windows Installations.

Total Identified Windows installation:1

[1] E:\Windows

(E is my main hard-drive this most likely showed up after running repair the first time)

(mapped as C on the log file)

 

And when I look at my files using

System image recovery>{can't find}>cancel>>next>advanced>install a driver>ok (opens file explorer (which I could not get to run using cmd))

Everything appears to be in order.. but it will not boot (black screen {with blinking cursor} of death), so during the first repair it claimed that the boot sector was non existent and attempted to create one > also what happens if you run the repair again. (boot>disk>next>repair>{does not see windows}>next>Start-up repair)


Edited by endercase, 15 January 2015 - 01:39 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:30 AM

Posted 15 January 2015 - 10:04 AM

Hi James, nice to meet you. Please do this.

===================================================

Last Known Good Configuration

--------------------
  • Reboot your computer
  • Gently tap the F8 key repeatedly until you are presented with a Windows Advanced Options menu
  • Select Last Known Good Configuration using the arrow keys
  • Press Enter on your keyboard and attempt to boot into Normal Mode or, if unable to, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Are you able to boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 endercase

endercase
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Antonio Texas
  • Local time:07:30 AM

Posted 15 January 2015 - 11:46 AM


Thank you Gary, :busy:
TL;DR: I tried it and nothing happened ... just a black screen with the white blinking cursor.  _
 
 
Relevant links:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
^says I need a custom fixlog for each/any computer; How do I make that?  
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
^where I got the tool from.

Edited by Oh My!, 15 January 2015 - 05:36 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:30 AM

Posted 15 January 2015 - 05:35 PM

No you can not use the fixlist you attached (which addresses malware entries) nor is there any malware related fixlist (there is no malware present in your log) I can provide that will overcome your issue.

I would recommend you either reformat/reinstall or post in the Windows 7 or Internal Hardware Forum for assistance.

Edited by Oh My!, 15 January 2015 - 05:36 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:30 AM

Posted 16 January 2015 - 08:07 PM

Since I can't offer you any further assistance I will close this topic.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:30 AM

Posted 16 January 2015 - 08:07 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users