Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Black screen w/ cursor


  • This topic is locked This topic is locked
4 replies to this topic

#1 lukey25

lukey25

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 15 June 2015 - 06:39 AM

hello,

i have my friends laptop and the system boots normally but after few sec i see only black screen with cursor. It is the same in all boot options it doesnt matter if i start system in safe mode or normal. I already scanned system partition with malwarebytes software and it did find only one thingy. Already tried to restore registry etc but it didnt help same as sfc / scannow etc. ( hdd is fine no bad sectors ). Few min ago i scanned it with frst. If some1 can help me with this problem i would really appreciate that.

 

thx in advance

 

ps sorry for my english ;)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by SYSTEM on MININT-I2GCQAE on 15-06-2015 13:17:25
Running from G:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [BEWINTERNET-PLSessionManager] => "C:\Program Files (x86)\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-04-20] (RealNetworks, Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-24] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-24] (Avast Software s.r.o.)
S2 CSHelper; C:\Program Files\Common Files\ArtistScope\CSHelper64.exe [361552 2013-09-22] (ArtistScope Pty Ltd)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-24] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-24] (Avast Software s.r.o.)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-24] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-24] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-24] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-03-24] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-24] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-03-24] ()
S1 CSDriver; C:\Program Files\Common Files\ArtistScope\CSDriver64.sys [61424 2013-09-22] ()
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [110592 2009-08-04] (Option NV)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [70656 2009-08-04] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [10624 2009-08-04] (Option N.V.)
S3 orange_zte_cdc_acm; C:\Windows\System32\DRIVERS\orange_zte_cdc_acm.sys [77824 2012-12-13] (ZTE)
S3 orange_zte_cdc_ecm; C:\Windows\System32\DRIVERS\orange_zte_cdc_ecm.sys [36352 2012-12-13] (ZTE)
S3 orange_zte_ecm_enum; C:\Windows\System32\DRIVERS\orange_zte_ecm_enum.sys [52224 2012-12-13] (ZTE)
S3 orange_zte_ecm_enum_filter; C:\Windows\System32\DRIVERS\orange_zte_ecm_enum_filter.sys [52224 2012-12-13] (ZTE)
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-15 16:48 - 2015-06-15 16:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-15 13:17 - 2015-06-15 13:17 - 00000000 ____D C:\FRST
2015-06-11 23:53 - 2015-06-11 23:54 - 00000000 ____D C:\Users\Alan\New folder
2015-06-11 20:10 - 2015-06-11 20:10 - 00000000 ____D C:\Windows\Microsoft Antimalware
2015-06-11 06:17 - 2015-06-11 06:18 - 00265600 _____ C:\Windows\Minidump\061115-24570-01.dmp
2015-06-10 09:51 - 2015-06-10 09:52 - 00454440 _____ C:\Windows\Minidump\061015-23961-01.dmp
2015-06-08 22:39 - 2015-06-08 22:43 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-08 22:34 - 2015-05-22 18:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2015-06-08 22:34 - 2015-05-22 18:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2015-06-08 22:34 - 2015-05-22 18:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2015-06-08 22:34 - 2015-05-22 18:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2015-06-08 22:34 - 2015-05-22 18:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2015-06-08 22:34 - 2015-05-22 18:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2015-06-08 22:34 - 2015-05-22 18:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2015-06-08 22:34 - 2015-05-21 13:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2015-06-08 22:01 - 2015-06-09 10:41 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2060648681-4072167990-2932781598-1000
2015-06-08 22:01 - 2015-06-09 10:41 - 00003204 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2060648681-4072167990-2932781598-1000
2015-05-18 21:09 - 2015-05-18 21:10 - 00454440 _____ C:\Windows\Minidump\051815-25740-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-15 20:57 - 2010-12-24 11:24 - 00000000 ____D C:\users\Alan
2015-06-12 10:15 - 2009-07-14 04:45 - 00003072 _____ C:\Windows\System32\umstartup.etl
2015-06-11 06:17 - 2011-06-01 10:51 - 220036482 _____ C:\Windows\MEMORY.DMP
2015-06-11 06:17 - 2011-06-01 10:51 - 00000000 ____D C:\Windows\Minidump
2015-06-10 23:56 - 2010-12-25 16:07 - 00000000 ____D C:\Users\Alan\AppData\Roaming\Sony Corporation
2015-06-10 08:34 - 2012-08-31 10:35 - 00327680 _____ C:\Windows\System32\Ikeext.etl
2015-06-10 08:33 - 2013-03-23 23:48 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-10 08:33 - 2010-12-24 11:21 - 01072043 _____ C:\Windows\WindowsUpdate.log
2015-06-10 08:33 - 2010-07-28 12:38 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-10 08:32 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\tracing
2015-06-10 07:33 - 2009-07-14 04:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-10 07:33 - 2009-07-14 04:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-10 07:25 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-10 07:25 - 2009-07-14 04:51 - 00337770 _____ C:\Windows\setupact.log
2015-06-10 06:40 - 2010-07-21 00:14 - 00740688 _____ C:\Windows\System32\perfh015.dat
2015-06-10 06:40 - 2010-07-21 00:14 - 00156230 _____ C:\Windows\System32\perfc015.dat
2015-06-10 06:40 - 2009-07-14 05:13 - 01670590 _____ C:\Windows\System32\PerfStringBackup.INI
2015-06-09 14:08 - 2011-11-04 20:07 - 00000000 ____D C:\ProgramData\GameXN
2015-06-09 14:08 - 2011-11-02 12:07 - 00000000 ____D C:\Users\Alan\AppData\Roaming\go
2015-06-09 13:01 - 2011-12-28 11:23 - 00001074 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2060648681-4072167990-2932781598-1000UA.job
2015-06-09 11:34 - 2013-09-20 22:27 - 00000000 ____D C:\Users\Alan\AppData\Roaming\iolo
2015-06-09 11:30 - 2010-12-24 11:36 - 00000000 ____D C:\Users\Alan\AppData\Local\Sony Corporation
2015-06-09 10:41 - 2013-12-17 07:17 - 00000000 ____D C:\Users\Alan\AppData\Roaming\ViberPC
2015-06-09 10:38 - 2013-12-17 07:16 - 00000000 ____D C:\Users\Alan\AppData\Local\Viber
2015-06-09 10:37 - 2015-03-24 18:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-09 10:35 - 2011-02-27 14:43 - 00000342 _____ C:\Windows\Tasks\RegistryBooster.job
2015-06-09 10:35 - 2010-07-28 12:38 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-09 10:34 - 2014-12-10 21:59 - 00000000 ____D C:\Windows\System32\appraiser
2015-06-09 10:34 - 2014-07-10 01:05 - 00000000 ___SD C:\Windows\System32\CompatTel
2015-06-08 22:43 - 2012-06-26 01:18 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-08 22:35 - 2013-03-23 23:48 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-08 22:35 - 2013-02-26 18:31 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-08 22:35 - 2013-02-26 18:31 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-08 22:01 - 2011-12-28 11:23 - 00001052 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2060648681-4072167990-2932781598-1000Core.job
2015-06-08 21:57 - 2014-08-14 17:31 - 00000000 ____D C:\Users\Alan\AppData\Local\GameXN
2015-06-08 21:57 - 2011-07-07 20:28 - 00000000 ____D C:\ProgramData\Real
2015-06-08 21:57 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2015-06-08 21:26 - 2010-12-24 11:29 - 00003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{034CD579-9567-4F34-AA44-3B66100A2E0C}
2015-05-23 19:46 - 2015-01-20 18:55 - 00000000 ____D C:\Users\Alan\Desktop\Auto
2015-05-20 01:01 - 2015-04-04 17:15 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-20 01:01 - 2015-04-04 17:15 - 00000000 ___SD C:\Windows\System32\GWX
2015-05-18 23:08 - 2009-07-14 07:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-05-18 22:23 - 2010-07-28 12:38 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 22:23 - 2010-07-28 12:38 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 17:46 - 2014-12-21 11:18 - 00000000 ____D C:\Users\Alan\Desktop\Haki
 
Some files in TEMP:
====================
C:\Users\Alan\AppData\Local\Temp\bassmod.dll
C:\Users\Alan\AppData\Local\Temp\conduitcbi.exe
C:\Users\Alan\AppData\Local\Temp\CT2776682.exe
C:\Users\Alan\AppData\Local\Temp\EAD10B2.exe
C:\Users\Alan\AppData\Local\Temp\EAD1795.exe
C:\Users\Alan\AppData\Local\Temp\EAD1C4.exe
C:\Users\Alan\AppData\Local\Temp\EAD1CF2.exe
C:\Users\Alan\AppData\Local\Temp\EAD276D.exe
C:\Users\Alan\AppData\Local\Temp\EAD2970.exe
C:\Users\Alan\AppData\Local\Temp\EAD2DF2.exe
C:\Users\Alan\AppData\Local\Temp\EAD4E0.exe
C:\Users\Alan\AppData\Local\Temp\EAD75CB.exe
C:\Users\Alan\AppData\Local\Temp\EAD8813.exe
C:\Users\Alan\AppData\Local\Temp\EAD979D.exe
C:\Users\Alan\AppData\Local\Temp\EADA9D5.exe
C:\Users\Alan\AppData\Local\Temp\EADB808.exe
C:\Users\Alan\AppData\Local\Temp\EADC023.exe
C:\Users\Alan\AppData\Local\Temp\EADCD6B.exe
C:\Users\Alan\AppData\Local\Temp\EADCDAA.exe
C:\Users\Alan\AppData\Local\Temp\EADD9BB.exe
C:\Users\Alan\AppData\Local\Temp\EADE667.exe
C:\Users\Alan\AppData\Local\Temp\EADF49A.exe
C:\Users\Alan\AppData\Local\Temp\gg10.upgr.exe
C:\Users\Alan\AppData\Local\Temp\gg10_upgr_to_13096_from_12444.exe
C:\Users\Alan\AppData\Local\Temp\GLFA7CC.tmp.ConduitEngineSetup.exe
C:\Users\Alan\AppData\Local\Temp\i4jdel0.exe
C:\Users\Alan\AppData\Local\Temp\installerdll.dll
C:\Users\Alan\AppData\Local\Temp\installerdll283282.dll
C:\Users\Alan\AppData\Local\Temp\installerdll486114.dll
C:\Users\Alan\AppData\Local\Temp\installerdll532400.dll
C:\Users\Alan\AppData\Local\Temp\installerdll713018.dll
C:\Users\Alan\AppData\Local\Temp\installerdll750130.dll
C:\Users\Alan\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Alan\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Alan\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\lowproc.exe
C:\Users\Alan\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Alan\AppData\Local\Temp\nie-z-tego-swiata-instalator.exe
C:\Users\Alan\AppData\Local\Temp\prxGLFA7CC.tmp.tbBrot.dll
C:\Users\Alan\AppData\Local\Temp\Refresh.exe
C:\Users\Alan\AppData\Local\Temp\rootsupd.exe
C:\Users\Alan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Alan\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Alan\AppData\Local\Temp\stubhelper.dll
C:\Users\Alan\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Alan\AppData\Local\Temp\t.dll
C:\Users\Alan\AppData\Local\Temp\tbBrot.dll
C:\Users\Alan\AppData\Local\Temp\uninst1.exe
C:\Users\Alan\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Alan\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Alan\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Alan\AppData\Local\Temp\_isAB9D.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 16%
Total physical RAM: 3950.1 MB
Available physical RAM: 3284.19 MB
Total Pagefile: 3948.25 MB
Available Pagefile: 3275.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:450 GB) (Free:361.64 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:15.66 GB) (Free:0.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (HBCD152) (Removable) (Total:7.45 GB) (Free:4.58 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0383C72C)
Partition 1: (Not Active) - (Size=15.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: CAD4EBEA)
Partition 4: (Active) - (Size=7.5 GB) - (Type=0B)
 
 
LastRegBack: 2015-05-22 12:28
 
==================== End of log ============================

Attached Files

  • Attached File  FRST.txt   17.72KB   1 downloads

Edited by xXToffeeXx, 15 June 2015 - 07:13 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:48 AM

Posted 19 June 2015 - 11:36 AM

Greetings lukey25 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run the following for me.
===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
C:\Users\Alan\AppData\Local\Temp\bassmod.dll
C:\Users\Alan\AppData\Local\Temp\conduitcbi.exe
C:\Users\Alan\AppData\Local\Temp\CT2776682.exe
C:\Users\Alan\AppData\Local\Temp\EAD10B2.exe
C:\Users\Alan\AppData\Local\Temp\EAD1795.exe
C:\Users\Alan\AppData\Local\Temp\EAD1C4.exe
C:\Users\Alan\AppData\Local\Temp\EAD1CF2.exe
C:\Users\Alan\AppData\Local\Temp\EAD276D.exe
C:\Users\Alan\AppData\Local\Temp\EAD2970.exe
C:\Users\Alan\AppData\Local\Temp\EAD2DF2.exe
C:\Users\Alan\AppData\Local\Temp\EAD4E0.exe
C:\Users\Alan\AppData\Local\Temp\EAD75CB.exe
C:\Users\Alan\AppData\Local\Temp\EAD8813.exe
C:\Users\Alan\AppData\Local\Temp\EAD979D.exe
C:\Users\Alan\AppData\Local\Temp\EADA9D5.exe
C:\Users\Alan\AppData\Local\Temp\EADB808.exe
C:\Users\Alan\AppData\Local\Temp\EADC023.exe
C:\Users\Alan\AppData\Local\Temp\EADCD6B.exe
C:\Users\Alan\AppData\Local\Temp\EADCDAA.exe
C:\Users\Alan\AppData\Local\Temp\EADD9BB.exe
C:\Users\Alan\AppData\Local\Temp\EADE667.exe
C:\Users\Alan\AppData\Local\Temp\EADF49A.exe
C:\Users\Alan\AppData\Local\Temp\gg10.upgr.exe
C:\Users\Alan\AppData\Local\Temp\gg10_upgr_to_13096_from_12444.exe
C:\Users\Alan\AppData\Local\Temp\GLFA7CC.tmp.ConduitEngineSetup.exe
C:\Users\Alan\AppData\Local\Temp\i4jdel0.exe
C:\Users\Alan\AppData\Local\Temp\installerdll.dll
C:\Users\Alan\AppData\Local\Temp\installerdll283282.dll
C:\Users\Alan\AppData\Local\Temp\installerdll486114.dll
C:\Users\Alan\AppData\Local\Temp\installerdll532400.dll
C:\Users\Alan\AppData\Local\Temp\installerdll713018.dll
C:\Users\Alan\AppData\Local\Temp\installerdll750130.dll
C:\Users\Alan\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Alan\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Alan\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\lowproc.exe
C:\Users\Alan\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Alan\AppData\Local\Temp\nie-z-tego-swiata-instalator.exe
C:\Users\Alan\AppData\Local\Temp\prxGLFA7CC.tmp.tbBrot.dll
C:\Users\Alan\AppData\Local\Temp\Refresh.exe
C:\Users\Alan\AppData\Local\Temp\rootsupd.exe
C:\Users\Alan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Alan\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Alan\AppData\Local\Temp\stubhelper.dll
C:\Users\Alan\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Alan\AppData\Local\Temp\t.dll
C:\Users\Alan\AppData\Local\Temp\tbBrot.dll
C:\Users\Alan\AppData\Local\Temp\uninst1.exe
C:\Users\Alan\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Alan\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Alan\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Alan\AppData\Local\Temp\_isAB9D.exe
cmd: copy C:\Windows\Minidump\061115-24570-01.dmp e:\
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • You should also see a 061115-24570-01.dmp file on your USB device. Please attach that file to your reply
  • Please attempt to successfully boot your computer into Normal Mode or, if not, Safe Mode
  • If your computer goes to black screen again please describe what happens and what the last thing is that you see on the screen
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Attached .dmp file
  • Does your computer boot properly?
  • If not, please describe what you see

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#3 lukey25

lukey25
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 21 June 2015 - 12:00 PM

Thanks for help but somehow i fixed it by myself.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:48 AM

Posted 21 June 2015 - 02:49 PM

Thanks for letting us know.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:48 AM

Posted 21 June 2015 - 02:49 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users