Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WIndows 7 black screen with white cursor


  • This topic is locked This topic is locked
13 replies to this topic

#1 abailey

abailey

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 13 January 2015 - 08:22 AM

Having some issues with my laptop. It boot to a black screen with white cursor. I'm not able to do anything. I tried system restore and I get an error. I ran CHkdsk and it didn't help.

 

I ran Farbar Recovery Scan and this is what I got. 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by SYSTEM on MININT-1EB4P7D on 13-01-2015 07:28:44
Running from F:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet003
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\user\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-29] (Google Inc.)
HKU\user\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk ->  (No File)
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-16] (SUPERAntiSpyware.com)
S2 AntiSpywareService; C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] ()
S2 ITMRTSVC; C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe [283912 2007-09-26] (CA, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
S2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-09-22] (Symantec Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141216.001\IDSvia64.sys [637656 2014-11-17] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141216.016\ENG64.SYS [129752 2014-11-30] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141216.016\EX64.SYS [2137304 2014-11-30] (Symantec Corporation)
S2 regi; C:\windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-05] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-13] (Microsoft Corporation)
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
S1 BHDrvx86; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-13 07:28 - 2015-01-13 07:28 - 00000000 ____D () C:\FRST
2014-12-16 16:54 - 2014-12-16 16:54 - 00236011 _____ () C:\Users\user\Desktop\Mail Hold confirmation.xps
2014-12-15 17:59 - 2014-12-15 17:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-13 04:11 - 2010-11-30 15:00 - 00000050 _____ () C:\Windows\System32\SupplicantTest.log
2014-12-20 05:11 - 2012-06-24 06:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-20 05:11 - 2011-08-03 18:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\ID Vault
2014-12-20 05:11 - 2010-11-30 14:40 - 01597143 _____ () C:\Windows\WindowsUpdate.log
2014-12-20 05:09 - 2011-08-09 19:26 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3822170678-2528215092-1697599759-1000UA.job
2014-12-20 05:09 - 2010-08-29 20:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-20 05:08 - 2011-12-24 15:44 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3822170678-2528215092-1697599759-1000UA.job
2014-12-20 00:41 - 2011-08-09 19:26 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3822170678-2528215092-1697599759-1000Core.job
2014-12-20 00:38 - 2011-12-24 15:44 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3822170678-2528215092-1697599759-1000Core.job
2014-12-20 00:36 - 2010-08-29 20:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-19 13:04 - 2009-07-13 20:51 - 00097787 _____ () C:\Windows\setupact.log
2014-12-18 19:05 - 2011-08-03 18:29 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2014-12-18 17:39 - 2009-07-13 20:45 - 00016080 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-18 17:39 - 2009-07-13 20:45 - 00016080 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-18 17:36 - 2009-07-13 21:13 - 00726316 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-12-18 17:32 - 2011-02-20 06:59 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2014-12-18 17:31 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-18 02:36 - 2014-08-29 20:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-18 02:36 - 2010-08-29 21:00 - 00860172 _____ () C:\Windows\PFRO.log
2014-12-18 00:38 - 2014-06-15 08:44 - 00000000 ___RD () C:\Users\user\Dropbox
2014-12-17 03:52 - 2011-07-26 19:00 - 00280760 _____ () C:\Users\user\Documents\MONTHLY2.xlsx
2014-12-14 20:39 - 2014-06-15 08:42 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox
 
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\user\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz_tsmq.dll
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (whitelisted) =============
 
 
==================== Restore Points  =========================
 
Restore point made on: 2014-10-18 03:16:41
Restore point made on: 2014-10-25 07:33:53
Restore point made on: 2014-11-08 09:58:46
Restore point made on: 2014-11-09 16:15:29
Restore point made on: 2014-12-16 19:26:21
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 3890.67 MB
Available physical RAM: 3305.96 MB
Total Pagefile: 3888.82 MB
Available Pagefile: 3289.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: (TI105957W0F) (Fixed) (Total:452.7 GB) (Free:211.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:29.8 GB) (Free:23.16 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: D0CECDEE)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=452.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.6 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
 
LastRegBack: 2014-10-06 20:55
 
==================== End Of Log ============================

Edited by hamluis, 13 January 2015 - 09:12 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:05 AM

Posted 14 January 2015 - 10:41 AM

Hey my friend. :)

Which error do you get when you want to access System Restore?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 abailey

abailey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 15 January 2015 - 03:34 PM

Hi. Thanks for replying. This is the error: 

 

System restore failed while mounting the registry point.

An unspecified error occurred during System Restore. (0x800703f1)



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:05 AM

Posted 15 January 2015 - 04:14 PM

Are you able to access Safe Mode?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 abailey

abailey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 15 January 2015 - 04:29 PM

I can not. It does the same thing in safe mode



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:05 AM

Posted 15 January 2015 - 04:36 PM

Hey, :)
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFaUDItUkJSUFItN0dOTVUtQUJITjktU1A5Q1YtSQ"&"inst=NzYtODM1NjY1MDA0LVhPMTArMTItRkwxMCsxLUxJQysyLVNQMSsxLVNQMVRCKzEtU1AxUzIrMS1TVUQrMS1TMUkrMS1TVTMrMS1UVUcrMy1TVTNUKzEtTFNEKzI"&"prod=94"&"ver=10.0.1382
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    ShortcutTarget: Verizon Wireless Software Utility Application for Android  Samsung.lnk ->  (No File)
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Flashdrive! (where you have also downloaded FRST)
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe in RE again [like you did before] and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 abailey

abailey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 15 January 2015 - 06:50 PM

I ran it. This is the log it created.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2015 02
Ran by SYSTEM at 2015-01-15 18:47:57 Run:2
Running from F:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
ShortcutTarget: Verizon Wireless Software Utility Application for Android  Samsung.lnk ->  (No File)
EmptyTemp:
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => value deleted successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => Moved successfully.
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
ShortcutTarget: Verizon Wireless Software Utility Application for Android  Samsung.lnk ->  (No File) not found.
EmptyTemp: => Error: This directive works only outside recovery mode.
 
==== End of Fixlog 18:47:57 ====


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:05 AM

Posted 16 January 2015 - 07:59 AM

Does the system boot now? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 abailey

abailey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 16 January 2015 - 09:32 AM

No it does not boot.



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:05 AM

Posted 16 January 2015 - 10:19 AM

Do a new FRST Scan and post the logs.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 abailey

abailey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 16 January 2015 - 12:04 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by SYSTEM on MININT-OFO9QJK on 16-01-2015 12:02:11
Running from F:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet003
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\user\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-29] (Google Inc.)
HKU\user\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk ->  (No File)
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-16] (SUPERAntiSpyware.com)
S2 AntiSpywareService; C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] ()
S2 ITMRTSVC; C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe [283912 2007-09-26] (CA, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
S2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-09-22] (Symantec Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141216.001\IDSvia64.sys [637656 2014-11-17] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141216.016\ENG64.SYS [129752 2014-11-30] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141216.016\EX64.SYS [2137304 2014-11-30] (Symantec Corporation)
S2 regi; C:\windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-05] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-13] (Microsoft Corporation)
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
S1 BHDrvx86; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 17:01 - 2015-01-15 17:01 - 00450616 _____ () C:\Windows\Minidump\011515-53118-01.dmp
2015-01-13 07:28 - 2015-01-16 12:02 - 00000000 ____D () C:\FRST
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 18:47 - 2010-11-30 15:07 - 00000000 ____D () C:\ProgramData\Best Buy pc app
2015-01-15 17:02 - 2010-11-30 15:00 - 00000050 _____ () C:\Windows\System32\SupplicantTest.log
2015-01-15 17:01 - 2013-06-05 18:16 - 226373545 _____ () C:\Windows\MEMORY.DMP
2015-01-15 17:01 - 2013-06-05 18:16 - 00000000 ____D () C:\Windows\Minidump
2014-12-20 05:11 - 2012-06-24 06:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-20 05:11 - 2011-08-03 18:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\ID Vault
2014-12-20 05:11 - 2010-11-30 14:40 - 01597143 _____ () C:\Windows\WindowsUpdate.log
2014-12-20 05:09 - 2011-08-09 19:26 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3822170678-2528215092-1697599759-1000UA.job
2014-12-20 05:09 - 2010-08-29 20:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-20 05:08 - 2011-12-24 15:44 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3822170678-2528215092-1697599759-1000UA.job
2014-12-20 00:41 - 2011-08-09 19:26 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3822170678-2528215092-1697599759-1000Core.job
2014-12-20 00:38 - 2011-12-24 15:44 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3822170678-2528215092-1697599759-1000Core.job
2014-12-20 00:36 - 2010-08-29 20:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-19 13:04 - 2009-07-13 20:51 - 00097787 _____ () C:\Windows\setupact.log
2014-12-18 19:05 - 2011-08-03 18:29 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2014-12-18 17:39 - 2009-07-13 20:45 - 00016080 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-18 17:39 - 2009-07-13 20:45 - 00016080 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-18 17:36 - 2009-07-13 21:13 - 00726316 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-12-18 17:32 - 2011-02-20 06:59 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2014-12-18 17:31 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-18 02:36 - 2014-08-29 20:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-18 02:36 - 2010-08-29 21:00 - 00860172 _____ () C:\Windows\PFRO.log
2014-12-18 00:38 - 2014-06-15 08:44 - 00000000 ___RD () C:\Users\user\Dropbox
2014-12-17 03:52 - 2011-07-26 19:00 - 00280760 _____ () C:\Users\user\Documents\MONTHLY2.xlsx
 
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\user\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz_tsmq.dll
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (whitelisted) =============
 
 
==================== Restore Points  =========================
 
Restore point made on: 2014-10-18 03:16:41
Restore point made on: 2014-10-25 07:33:53
Restore point made on: 2014-11-08 09:58:46
Restore point made on: 2014-11-09 16:15:29
Restore point made on: 2014-12-16 19:26:21
 
==================== Memory info =========================== 
 
Percentage of memory in use: 25%
Total physical RAM: 1906.67 MB
Available physical RAM: 1413.16 MB
Total Pagefile: 1906.67 MB
Available Pagefile: 1395.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: (TI105957W0F) (Fixed) (Total:452.7 GB) (Free:214.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:29.8 GB) (Free:23.13 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: D0CECDEE)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=452.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.6 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
 
LastRegBack: 2014-10-06 20:55
 
==================== End Of Log ============================


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:05 AM

Posted 16 January 2015 - 12:06 PM

I think that this is more a hardware issue than a Malware issue.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 abailey

abailey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 16 January 2015 - 12:06 PM

ok. Thanks



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:05 AM

Posted 16 January 2015 - 12:33 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users