Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't boot,Blue screen,


  • This topic is locked This topic is locked
30 replies to this topic

#1 gwaan83

gwaan83

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 20 January 2015 - 08:54 AM

I have a acer aspire 7741z 3 GB DDR3 Memory,250 GB HDD.My problem is,my computer will not boot up .I left the computer on & I left to go to the store and came back,my computer was looping to the windows logo and then blue screen.I get the blue screen once the windows logo pop up.I tried all options in the F8 menu and sometimes it hangs on the screen where the drivers are loading and sometimes it'll just go to the blue screen and restart.I've tried the repair disk and that doesn't work.I tried restore but there's no restore point set and i don't have an image to restore with.I have no idea where to start.Any advice? Thanks in advance.



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:39 PM

Posted 20 January 2015 - 10:57 PM

Greetings gwaan83 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

Farbar's Recovery Scan Tool

--------------------

For this step you will need a USB flash drive and start on a clean computer.
  • From a working computer please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool
----------

Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:Option #2

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Option #3

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • FRST log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 gwaan83

gwaan83
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 21 January 2015 - 03:18 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by SYSTEM on MININT-7FL2D16 on 21-01-2015 13:13:46
Running from g:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe [886592 2013-12-16] (IObit)
S2 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe [647488 2013-12-10] (IOBit)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-06-10] (Kaspersky Lab ZAO)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-09-16] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-09-16] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-09-16] (BlueStack Systems, Inc.)
S3 digiSPTIService; C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe [159744 2008-12-03] (Digidesign, A Division of Avid Technology, Inc.)
S3 GSService; C:\Windows\SysWOW64\GSService.exe [490208 2013-07-26] ()
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151232 2013-12-02] (IObit)
S2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 mi-raysat_3dsmax2014_64; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-14] ()
S2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
S3 PSPRSERV; C:\Program Files (x86)\Elcomsoft Password Recovery\Proactive System Password Recovery\psprserv64.exe [84648 2013-08-16] (ElcomSoft Co. Ltd.)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-11] ()
S2 SCM_Service; C:\Windows\SysWOW64\WinService.exe [186848 2010-05-10] ()
S2 Synchro Arts License Manager; C:\Program Files (x86)\Common Files\Synchro Arts Shared\License.exe [175488 2008-02-22] (Synchro Arts Ltd)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -s [X]
S2 HPSLPSVC; C:\Users\Dondalos\AppData\Local\Temp\7zS573D\hpslpsvc64.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 bdfsfltr; C:\Windows\system32\Drivers\bdfsfltr.sys [431176 2011-03-24] (BitDefender)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-09-16] (BlueStack Systems)
S3 DGUSBAP; C:\Windows\System32\DRIVERS\dgmbx2.sys [194864 2011-02-13] (Avid Technology, Inc.)
S3 DrmRAudio; C:\Windows\System32\drivers\DrmRAudio.sys [34528 2013-07-26] (Windows ® Win 7 DDK provider)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-10-10] (DT Soft Ltd)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-06-10] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-06-10] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-06-10] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-06-10] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-06-10] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-06-10] (Kaspersky Lab ZAO)
S3 MADFULEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [28680 2010-02-09] (M-Audio)
S3 MAUSBLEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard.sys [196616 2010-02-09] (M-Audio)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-28] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 MBX2DFU; C:\Windows\System32\DRIVERS\dgmbx2fu.sys [32944 2011-02-13] (Avid Technology, Inc.)
S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2008-12-04] (Digidesign, A Division of Avid Technology, Inc.)
S3 mlkumidi; C:\Windows\System32\drivers\mlkumidi.sys [57408 2012-08-29] (MusicLab, Inc.)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2010-07-15] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [32512 2005-08-02] (CACE Technologies)
S1 pskkords; C:\Windows\system32\drivers\pskkords.sys [55104 2014-11-14] (Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-08-26] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-08-26] ()
S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [450048 2010-04-06] (NETGEAR Inc.)
S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (Atola)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2014-01-03] (Duplex Secure Ltd.)
S0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-01-04] (Acronis International GmbH)
S0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-01-04] (Acronis)
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [329800 2011-11-21] (BitDefender S.R.L.)
S0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-01-04] (Acronis International GmbH)
S1 {25d71abf-7776-46f5-a269-9951331f9030}w64; C:\Windows\System32\drivers\{25d71abf-7776-46f5-a269-9951331f9030}w64.sys [61112 2014-04-24] (StdLib)
S1 gllvlfvj; \??\C:\Windows\system32\drivers\gllvlfvj.sys [X]
S0 kl1; system32\DRIVERS\kl1.sys [X]
S3 swmidi; No ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-20 07:48 - 2015-01-20 07:48 - 00000000 __SHD () C:\found.001
2015-01-20 03:06 - 2015-01-21 13:13 - 00000000 ____D () C:\FRST
2015-01-01 19:19 - 2015-01-01 19:19 - 00000000 ____D () C:\Users\Dondalos\Downloads\Sylenth VSTi v2.2 [PC 32&64Bit] #MrAcapellaRelease
2014-12-28 21:10 - 2014-12-28 21:12 - 00000000 ____D () C:\Windows\System32\config\backup
2014-12-28 21:01 - 2014-12-28 21:05 - 00000000 ___SD () C:\ComboFix
2014-12-28 21:01 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-28 21:01 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-28 21:01 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-28 21:01 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-28 21:01 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-28 21:01 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-28 21:01 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-28 21:01 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-28 20:57 - 2014-12-28 21:01 - 00000000 ____D () C:\Qoobox
2014-12-28 20:56 - 2014-12-28 21:01 - 00000000 ___SD () C:\32788R22FWJFW
2014-12-28 20:56 - 2014-12-28 20:56 - 00000000 ____D () C:\Windows\erdnt
2014-12-28 20:38 - 2014-12-28 20:38 - 00000000 ____D () C:\AdwCleaner
2014-12-28 20:27 - 2014-12-28 20:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-28 16:09 - 2014-12-28 17:41 - 00018132 _____ () C:\Windows\wsusofflineupdate.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-20 12:07 - 2014-12-11 09:41 - 00001787 _____ () C:\Windows\setupact.log
2015-01-20 12:04 - 2014-07-05 11:36 - 00019585 _____ () C:\Windows\mlkumidi.log
2015-01-20 07:32 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-07 15:36 - 2013-09-24 22:21 - 00000000 ____D () C:\Users\Dondalos\Desktop\Stuff_3
2014-12-28 22:06 - 2014-05-03 07:36 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-12-28 22:06 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-28 21:28 - 2014-12-11 09:40 - 00009198 _____ () C:\Windows\PFRO.log
2014-12-28 20:55 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-12-28 20:27 - 2014-12-16 00:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-12-28 20:27 - 2014-12-16 00:49 - 00000911 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-28 17:41 - 2013-08-19 22:45 - 01104240 _____ () C:\Windows\WindowsUpdate.log
2014-12-28 17:40 - 2013-08-28 14:00 - 00000000 ____D () C:\ProgramData\Package Cache
 
Some content of TEMP:
====================
C:\Users\Dondalos\AppData\Local\Temp\Quarantine.exe
C:\Users\Dondalos\AppData\Local\Temp\sqlite3.dll
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 21%
Total physical RAM: 2804.5 MB
Available physical RAM: 2195.05 MB
Total Pagefile: 2802.7 MB
Available Pagefile: 2195.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
 
==================== Drives ================================
 
Drive c: (ACER) (Fixed) (Total:219.6 GB) (Free:1.98 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:13.18 GB) (Free:0.88 GB) NTFS
Drive f: (Windows_7_Home_P_64_Bit) (CDROM) (Total:2.96 GB) (Free:0 GB) UDF
Drive g: (MULTIBOOT) (Removable) (Total:1.86 GB) (Free:1.8 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 4C6B4C6A)
Partition 1: (Not Active) - (Size=13.2 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)
 
 
LastRegBack: 2014-12-06 06:56
 
==================== End Of Log ============================


#4 gwaan83

gwaan83
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 21 January 2015 - 03:19 PM

Thanks for the help by the way



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:39 PM

Posted 21 January 2015 - 03:50 PM

Greetings and thank you for the information. You are quite welcome.

Please review the initial instructions on how to Follow this Topic so you will be notified when I reply.

Please do this. The second set of instructions is contingent on how we do with the first step.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -s [X]
S2 HPSLPSVC; C:\Users\Dondalos\AppData\Local\Temp\7zS573D\hpslpsvc64.dll [X]
S1 {25d71abf-7776-46f5-a269-9951331f9030}w64; C:\Windows\System32\drivers\{25d71abf-7776-46f5-a269-9951331f9030}w64.sys [61112 2014-04-24] (StdLib)
S1 gllvlfvj; \??\C:\Windows\system32\drivers\gllvlfvj.sys [X]
S0 kl1; system32\DRIVERS\kl1.sys [X]
S3 swmidi; No ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Windows\System32\drivers\{25d71abf-7776-46f5-a269-9951331f9030}w64.sys
C:\Users\Dondalos\AppData\Local\Temp\Quarantine.exe
C:\Users\Dondalos\AppData\Local\Temp\sqlite3.dll
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode or, if not, Safe Mode
  • If your computer does not boot properly please complete the next step
===================================================

Diagnose Blue Screen of Death (BSOD) Errors

--------------------
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select Disable Automatic Restart on System Failure, as shown here:

advancedoptions.png

  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not.

bsod_c.jpg

  • Please include this information in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Does your computer boot properly?
  • Blue Screen information, if applicable

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 gwaan83

gwaan83
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 21 January 2015 - 04:06 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by SYSTEM at 2015-01-21 13:57:30 Run:7
Running from g:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -s [X]
S2 HPSLPSVC; C:\Users\Dondalos\AppData\Local\Temp\7zS573D\hpslpsvc64.dll [X]
S1 {25d71abf-7776-46f5-a269-9951331f9030}w64; C:\Windows\System32\drivers\{25d71abf-7776-46f5-a269-9951331f9030}w64.sys [61112 2014-04-24] (StdLib)
S1 gllvlfvj; \??\C:\Windows\system32\drivers\gllvlfvj.sys [X]
S0 kl1; system32\DRIVERS\kl1.sys [X]
S3 swmidi; No ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Windows\System32\drivers\{25d71abf-7776-46f5-a269-9951331f9030}w64.sys
C:\Users\Dondalos\AppData\Local\Temp\Quarantine.exe
C:\Users\Dondalos\AppData\Local\Temp\sqlite3.dll
*****************
 
DigiRefresh => Service deleted successfully.
HPSLPSVC => Service deleted successfully.
{25d71abf-7776-46f5-a269-9951331f9030}w64 => Service deleted successfully.
gllvlfvj => Service deleted successfully.
kl1 => Service deleted successfully.
swmidi => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Windows\System32\drivers\{25d71abf-7776-46f5-a269-9951331f9030}w64.sys => Moved successfully.
C:\Users\Dondalos\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Dondalos\AppData\Local\Temp\sqlite3.dll => Moved successfully.
 
==== End of Fixlog 13:57:30 ====
 
 
It booted to the user account screen then when to blue screen.I selected the Disable Automatic Restart on System Failure then It went back to the user accounts again then it froze on that screen


#7 gwaan83

gwaan83
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 21 January 2015 - 04:20 PM

I restarted again and got this on the blue screen:

 

Texhnical information:
 
*** STOP: 0x000000024 (0x00000000001904FB, 0xFFFFF88002CC88D8, 0xFFFFF88002CC8130, 0xFFFFF880014DAC96)
 
*** Ntfs.sys - Address FFFFF880014DAC96 base at FFFFF8800143C000, DateStamp


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:39 PM

Posted 21 January 2015 - 04:22 PM

Thanks, let's do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
LastRegBack: 2014-12-06 06:56
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode or, if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Does your computer boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:39 PM

Posted 21 January 2015 - 04:22 PM

Ooops, hang on don't run my last instructions yet. I just saw your Blue Screen information......
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:39 PM

Posted 21 January 2015 - 04:37 PM

Please do this instead.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
CMD: copy /y c:\windows\minidump\*.dmp g:\
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt).
  • Please attach the 3 most recent Minidump files to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached Minidump files

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 gwaan83

gwaan83
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 21 January 2015 - 04:50 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015

Ran by SYSTEM at 2015-01-21 14:46:42 Run:8
Running from g:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
CMD: copy /y c:\windows\minidump\*.dmp g:\
*****************
 
 
=========  copy /y c:\windows\minidump\*.dmp g:\ =========
 
c:\windows\minidump\*.dmp 
The system cannot find the file specified.
        0 file(s) copied.
 
========= End of CMD: =========
 
 
==== End of Fixlog 14:46:43 ====
 
 
 
 
 
I didn't see any dump files


#12 gwaan83

gwaan83
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 21 January 2015 - 09:31 PM

It's finally in safe mode now.I'll let the computer stay on until I know what to do from there.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:39 PM

Posted 21 January 2015 - 10:13 PM

Please rerun FRST and make sure to place a check mark in Addition.txt. Copy and paste both logs please.

 

Did it just finally boot into Safe Mode for no apparent reason?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 gwaan83

gwaan83
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 21 January 2015 - 10:21 PM

Yes I kept trying then it booted into safe mode.I just ran FRST and it started scanning then went to blue screen before it finished scanning



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:39 PM

Posted 21 January 2015 - 10:31 PM

Unfortunately I expected that. Please do this.

===================================================

Seagate Seatools for DOS

----------
  • Please download SeaTools for DOS and create a bootable CD as instructed here and save it to your desktop
  • NOTE: If you have any difficulty booting up with this version, please use one of the legacy versions of SeaTools for DOS
  • If you do not have ISO burning software on your computer download and install Active@ ISO Burner then create a bootable disk with the downloaded file
  • Boot your troubled computer using the CD you just created. If necessary see here for instructions about how to boot to CD
  • After the program loads click I Accept
  • Left Click on your hard drive listed under Drive List (if you have a Seagate hard drive take special note of the caution below)
  • Click Basic Tests, then select Long Generic
  • Allow the process to run, which may take up to 3 hours, and report the findings in your reply
  • If the results indicate your hard drive failed the test and you have a Seagate hard drive installed DO NOT follow up on the suggestion to allow the program to attempt to resolve the issue. Doing so may cause permanent loss of data
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Hard drive test results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users