Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Freezes In Half Of Startup Animation And Reboot.


  • This topic is locked This topic is locked
22 replies to this topic

#1 Mouad_Games

Mouad_Games

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 25 April 2016 - 02:16 PM

Hi my name is Mouad, and i request a fixlist.txt for FRSTx64 

 

here is my FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-04-2016
Ran by System on MININT-PMIVBTB (04-01-2080 22:53:47)
Runing from E:\
Platform: Windows 7 Ultimate (X64) OS Language: French (France)
Internet Explorer Version 11
Boot Mode: Recovery
 
 
The current controlset is ControlSet001
 
==================== Registry (Whitelisted) ===========================
 
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe 
 
[446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [D-Link D-Link DWA-125] => C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe [1078592 2011-09-08] 
 
(D-Link Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-
 
19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager
 
\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] 
 
(Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-24] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-
 
03-20] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "D:\Programs\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Mouad\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] 
 
(Disc Soft Ltd)
HKU\Mouad\...\Run: [AdobeBridge] => [X]
HKU\Mouad\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3907152 2015-07-24] (Tonec Inc.)
HKU\Mouad\...\Run: [CubeDesktop] => [X]
HKU\Mouad\...\Run: [MediaFire Tray] => [X]
HKU\Mouad\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\Mouad\...\Run: [GoobzoYouTubeAccelerator] => "C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe" 
 
/startup
HKU\Mouad\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
Startup: C:\Users\Mouad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2640 
 
series.lnk [2016-04-11]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2640 series.lnk -> C:\Program Files\HP\HP Deskjet 2640 series\Bin
 
\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Mouad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexonUp.vbs [2016-04-11] ()
Startup: C:\Users\Mouad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2016-01
 
-27]
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (VB-AUDIO Software)
 
==================== Services (Whitelisted) ========================
 
 
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-24] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-10-08] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-10-08] (BlueStack Systems, 
 
Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-10-08] (BlueStack Systems, Inc.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] 
 
(Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft 
 
Ltd)
S2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-07-12] ()
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft 
 
Corporation)
S2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 
 
2014-04-17] (Microsoft Corporation)
S3 MediaFire Desktop Updater Service; C:\Program Files (x86)\MediaFire Desktop\bin\UpdaterLocalCOM.exe [210416 2015-11-05] 
 
()
S2 MF NTFS Monitor; C:\Program Files (x86)\MediaFire Desktop\bin\MFUsnMonitorService.exe [456176 2015-11-05] ()
S2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [12288 2015-07-20] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186560 2015-01-31] 
 
()
S2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-01-26] (Razer Inc.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] 
 
(Microsoft Corporation)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe 
 
[87736 2014-04-30] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
S3 EvoSvc; "C:\Program Files\Echobit\Evolve\EvoSvc.exe" -service -logfile "C:\ProgramData\Echobit\Evolve\EvoSvc.log"
S2 Hamachi2Svc; "D:\Programs\LogMeIn Hamachi\hamachi-2.exe" -s [X]
S2 SEVPNCLIENT; "D:\Programs\SoftEther VPN Client\vpnclient_x64.exe" /service [X]
S2 YouTubeAcceleratorService; No File
 
===================== Drivers (Whitelisted) ==========================
 
 
S1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
S3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [39704 2015-10-07] (Windows ® Win 7 DDK provider)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-24] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-24] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-24] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-24] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-24] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-24] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-24] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-24] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-24] (AVAST Software)
S3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [75584 2015-10-07] (ASUS Corporation)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-10-08] (BlueStack Systems)
S0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24840 2009-01-07] (IVT Corporation.)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [35848 2008-12-07] ()
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-08-04] (Disc Soft Ltd)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-09-02] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [31624 2008-07-02] (IVT Corporation.)
S2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2015-11-05] (Windows ® Win 7 DDK provider)
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0040.sys [38432 2016-01-09] (SoftEther Corporation)
S3 Neo_VPN2; C:\Windows\System32\DRIVERS\Neo_0042.sys [38432 2016-01-09] (SoftEther Corporation)
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-28] (Ralink Technology Corp.)
S0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation             
 
              )
S2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-01-31] (Razer, Inc.)
S3 SEE; C:\Windows\System32\drivers\see.sys [50208 2016-01-09] (SoftEther Corporation)
S1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\softaal64.sys [35128 2016-02-19] (Tencent)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [45368 2016-02-28] (电脑管家)
S2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
S3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-08-31] (Windows ® Win 7 DDK 
 
provider)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-10-02] (Oracle Corporation)
S1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [146584 2015-10-02] (Oracle Corporation)
S3 vmulti; C:\Windows\System32\DRIVERS\vmulti.sys [9728 2012-11-12] ()
S3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [33072 2015-09-10] (Windows ® Win 7 DDK provider)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2015-05-26] (SplitmediaLabs Limited)
S3 ZDCNDIS6a64; C:\Windows\system32\ZDCNDIS6a64.sys [41280 2010-04-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17207.222\QMUdisk64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17207.222\TsNetHlpX64.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Mounth Created Files and Folders ========
 
 
 
==================== One Mounth Modified Files and Folders ========
 
 
2080-01-04 22:53 - 1980-01-04 00:52 - 00000000 ____D C:\FRST
2080-01-04 22:52 - 1980-01-04 23:19 - 00817227 _____ C:\Users\Mouad\Desktop\FRST.txt
 
Some content of TEMP:
====================
C:\Users\Mouad\AppData\Local\Temp\6745.exe
C:\Users\Mouad\AppData\Local\Temp\brastub_amobl_inst.exe
C:\Users\Mouad\AppData\Local\Temp\cabex.dll
C:\Users\Mouad\AppData\Local\Temp\HssInstaller.exe
C:\Users\Mouad\AppData\Local\Temp\jansi-32-git-Bukkit-53fac9f-136803797693289576.dll
C:\Users\Mouad\AppData\Local\Temp\jansi-32-git-Bukkit-53fac9f-1631819190740342987.dll
C:\Users\Mouad\AppData\Local\Temp\jansi-32-git-Bukkit-53fac9f-2319032232402664998.dll
C:\Users\Mouad\AppData\Local\Temp\jansi-32-git-Bukkit-53fac9f-3308722489683272976.dll
C:\Users\Mouad\AppData\Local\Temp\jansi-32-git-Bukkit-53fac9f-3582865826285352102.dll
C:\Users\Mouad\AppData\Local\Temp\jansi-32-git-Bukkit-53fac9f-5743646406786341085.dll
C:\Users\Mouad\AppData\Local\Temp\jansi-32-git-Bukkit-53fac9f-7156379017834368813.dll
C:\Users\Mouad\AppData\Local\Temp\jansi-32-git-Bukkit-53fac9f-883534614991906998.dll
C:\Users\Mouad\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Mouad\AppData\Local\Temp\PCMgr_Setup_11_3_17207_222.exe
C:\Users\Mouad\AppData\Local\Temp\qqpcmgr_v11.1.16923.222_45101_Silence.exe
C:\Users\Mouad\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Mouad\AppData\Local\Temp\unelevate.exe
C:\Users\Mouad\AppData\Local\Temp\Uninstall.exe
C:\Users\Mouad\AppData\Local\Temp\utils.dll
 
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap Check =================
 
 
C:\Windows\System32\winlogon.exe => Le MD5 is legit
C:\Windows\System32\wininit.exe => Le MD5 is legit
C:\Windows\SysWOW64\wininit.exe => Le MD5 is legit
C:\Windows\explorer.exe
[2016-03-24 19:50] - [2016-01-22 06:19] - 3231232 ____A (Microsoft Corporation) 9D77CC4A36FEEA644D002CFB9B2D42C0
 
C:\Windows\SysWOW64\explorer.exe
[2016-03-24 19:50] - [2016-01-22 06:12] - 2973184 ____A (Microsoft Corporation) 2A156D5EBF221EF2A6AE7CE452324DAC
 
C:\Windows\System32\svchost.exe => Le MD5 is legit
C:\Windows\SysWOW64\svchost.exe => Le MD5 is legit
C:\Windows\System32\services.exe => Le MD5 is legit
C:\Windows\System32\User32.dll
[2015-12-09 19:51] - [2015-11-10 19:55] - 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03A
 
C:\Windows\SysWOW64\User32.dll
[2015-12-09 19:51] - [2015-11-10 19:37] - 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722
 
C:\Windows\System32\userinit.exe => Le MD5 is legit
C:\Windows\SysWOW64\userinit.exe => Le MD5 is legit
C:\Windows\System32\rpcss.dll => Le MD5 is legit
C:\Windows\System32\dnsapi.dll => Le MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => Le MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => Le MD5 is legit
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
Restore point made on: 2016-04-11 09:39
Restore point made on: 2016-04-11 09:40
Restore point made on: 2016-04-11 09:50
Restore point made on: 2016-04-11 09:54
Restore point made on: 2016-04-11 10:23
 
==================== Memory Info =========================== 
 
Percentage of memory in use: 55%
Total phisycal RAM: 1010.27 MB   ---------------------(actually i have 4GB ,but i just installed 1GB)
Available phisycal RAM: 447.93 MB
Total Virtual: 1010.27 MB
Available Virtual: 449.13 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:121.76 GB) (Free:5.91 GB) NTFS
Drive e: (Local Disk) (Fixed) (Total:111.03 GB) (Free:6.15 GB) NTFS
Drive g: () (Removable) (Total:7.6 GB) (Free:7.6 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading 
 
drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C7A5ADC1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=121.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7.6 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
 
 
LastRegBack: 2016-04-11 10:23
 
==================== End Of Log ============================
 
 
 
Thank's in advance.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:45 PM

Posted 26 April 2016 - 10:31 AM

Mouad_Games:

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum. My name is Phil and I am a trainee in the Bleeping Computer Malware Removal Study Hall. I would like to address you by your first name, if that is alright with you since we will be working together.

I will be assisting you with your computer issues. All of my proposed fixes and suggestions must be approved by a fully-qualified Malware Removal Instructor. This will delay response times somewhat, but I will endeavor to respond within a reasonable time, normally 48 hours after your last post.

I will need some time to review your FRST logs and consult with the Malware Response Instructor (MRI) who will be assigned to supervise this topic. That could take a few days. Once I have reviewed my proposed response with the assigned MRI, I will reply to you with initial instructions.

PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues. It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.

Thank you and have a great day.

Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#3 Mouad_Games

Mouad_Games
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 26 April 2016 - 06:06 PM

Hi, Phil.

Thank you for the quick response i didin't expect that ,by the way you can just call me Mouad.

 

As you said , i won't make any changes to my computer , and i will make sure to not even turn it on until i get a response and from you.



#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:45 PM

Posted 28 April 2016 - 03:30 AM

Mouad:

 

Thank you for permission to address you by your first name.  I have not forgotten you.  I have completed my review of your FRST logs and I am awaiting comments from the Malware Response Instructor to be assigned to your topic.

 

I thank you for your patience.  I hope to be able to post an initial response today or tomorrow at the latest.

 

Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#5 Mouad_Games

Mouad_Games
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 28 April 2016 - 12:00 PM

Hello, Phil

 

I will be just waiting and thank's, you didn't forgot me.



#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:45 PM

Posted 28 April 2016 - 01:31 PM

Mouad:

Thank you for your patience while I reviewed your FRST.txt log and I consulted with the Malware Response Instructor who will be supervising me while I am resolving your computer issues.

I think that our first step should be to try and get your computer booting normally. The FRST logs running from the Recovery Environment are not as complete as those run from a normal boot; and moreover, I am missing the "Addition.txt" file that FRST can generate, which contains critical information.

You did not provide any details of what is wrong with your computer, other than what is in the title of your topic: "Windows 7 Freezes In Half Of Startup Animation And Reboot". From what I can understand, your computer is unable to boot normally into Windows 7?

It would be very helpful to me to have more details as to the condition of your computer now:

  • Do you know of any reason why your computer may have stopped booting normally?
  • Are there any error messages? If so, what are they?
  • Why to you think that the boot failure might be related to a malware infection?
  • Where exactly during the boot process does it fail and restart, or does it restart?
  • What were doing before it stopped booting normally?
  • Were any new programs installed or removed recently?
  • Did your run any "Registry Cleaners" or "PC Optimizers", for example "SpeedUp MyPC", Wise Care, etc., recently?
  • Did you run any anti-malware tools like Combofix, RogueKiller, etc., recently?

 

 

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only that tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

 

 

OK, let's get started ...



:step1: Please follow the steps in the Bleeping Computer Tutorial here, to attempt to repair your computer, if you can't get it to boot normally.

You can also refer to this Microsoft article here.


If Windows can't repair the computer so that it boots normally, please attempt to boot into Safe Mode. Can you do that?

What error message if any do you get, what happens, if you can't get to the Advanced Startup Options menu or cannot boot into Safe Mode?

Please respond with the results of the Windows attempt to repair the computer and as much information as you can, if booting was unsuccessful.

 

 

:step2: If Windows can successfully repair the computer so that it boots normally, then please follow the instructions below to re-run the FRST and "Addition.txt" scans. If you can't boot your computer normally, please skip this step and respond with details of what is happening and what errors you are getting.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Please ensure that the "Addition.txt" box is checked before running the scan.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also copy and paste that, along with the FRST.txt, into your next reply.

 

 

Good luck! Have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#7 Mouad_Games

Mouad_Games
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 28 April 2016 - 04:01 PM

Hi, Phil

 

yes you are right my computer is unable to boot normally even in safe mode

 

when i boot it , here where exactly freeze and reboot :

 

a2ui5i.jpg

 

responses :

 

1.no i have no idea why. i forgot to say it showed me the "Blue Screen Of Death" twice ;the first time it boots normally but the second time (now) it didn't

2. No error messages.

3. i just want to remove any suspicion that is a malware is the problem.

4. here when i  boot in safe mode freeze and reboot.2hf1993.png

5.i was just browsing the internet normally ,NO downloads NO installations NO suspicious websites or something....

6.i didn't remember ,probably no recent programs 

7.NO

8.NO

 

NOTE : i can acces to Advanced Startup Options ,but i can't boot in safe mode as you can see above.

 

Thank's in advance.



#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:45 PM

Posted 29 April 2016 - 02:57 PM

Mouad:
 
Thank you very much for your detailed response and screenshots.  That is all very helpful to me.  :thumbup2:


:step1: That is great news that your computer to boot into the "System Recovery Options" menu.  Let's try the "Repair Your Computer" option.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until "Advanced Boot Options" appears.
  • Use the arrow keys to select the "Repair your computer" menu item.
  • Select the "keyboard language" setting, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

 

 

:step2: If that doesn't work, reboot and in the "Advanced Boot Options" menu, please select "Last Known Good Configuration (advanced).

 

 

:step3: Do you have any restore points that you can use to restore your computer to an earlier time?

 

 

:step4: Do you have any recent system images, either Windows images or those made by third-party backup software, such as EaseusTodo Backup, Macrium Reflect, Acronis, etc.? If you have one or more C: drive images from third-party backup software, do you have (did you create) a WinPE or Linux recovery disk with that backup software application? You could boot from those backup recovery disks and restore your hard disk to the date and time of the last system image, but be sure it is a system image, not just a file backup, because restoring your data files is not going to help us to get your computer booting normally again.

 

 

Please let me know how you make out. We have other options available to us, but let's see if any of the above steps can get your computer back to booting normally.

Have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#9 Mouad_Games

Mouad_Games
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 01 May 2016 - 06:00 AM

Phil:

 

1.i don't know what to do next .... it shows me a list :

 

Startup Repair

 

System Restoring

 

System Image Restoring

 

Diagnostic Windows Memory

 

Commands

 

2.it didn't work it just boot and same thing.... freezes in half of animation

a2ui5i.jpg

 

 

3.i have but i think it takes forever to repair

 

4.i don't have

 

By the way GG For 1000 posts

 

THANK'S



#10 Mouad_Games

Mouad_Games
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 01 May 2016 - 06:40 AM

NOTE : I may need to replace the onboard battery !



#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:45 PM

Posted 02 May 2016 - 11:24 AM

Mouad:

Thank you very much for your replies. The simplest, and therefore best, approach is to see if Windows can repair the computer itself. Getting a replacement battery can't hurt, but I would be surprised if a weak battery was causing your issue.


:step1: Let's try the "Startup Repair" option first.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until "Advanced Boot Options" appears.
  • Use the arrow keys to select the "Startup Repair" menu item.
  • Please make note of any error messages that might be reported.

 

 

:step2: If the "Startup Repair" doesn't work, then please reboot your computer and enter "System Recovery Options", as described in  :step1:. Let's see if we can restore your computer from a system Restore Point. For more information on using System Restore Points to restore your computer to an earlier date and time, please see this article.

  • As soon as the BIOS is loaded begin tapping the F8 key until "Advanced Boot Options" appears.
  • Use the arrow keys to select the "System Restoring" menu item.
  • Select a recent "restore point", before your computer became unbootable, and start the system restore. This could take some time, usually not more than an hour or so, depending on your computer.
  • Please make note of any error messages that might be reported.

 

 

Thank you, Mouad. Have a great day, ... and good luck!

Regards,
-Phil

PS Thank you for the congratulations on achieving more than a 1,000 Bleeping Computer posts!    :busy:

 

Member of the Unified Network of Instructors and Trusted Eliminators


#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:45 PM

Posted 05 May 2016 - 07:39 AM

Mouad:

 

It has been three days since I posted the above instructions.  I have not heard back from you.

 

Do you still require assistance.  If so, please respond within 48 hours, or a Moderator will conclude and lock this topic.

 

Thank you.  Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#13 Mouad_Games

Mouad_Games
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 07 May 2016 - 04:08 AM

Hello Phil,

no i still need help ,i'm just moving my pc because it was placed in THE SETTING ROOM. "WeiRd" right ?

 

so i will do the steps you said.

 

Thank you.



#14 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:45 PM

Posted 07 May 2016 - 11:41 AM

Mouad:

 

Thank you for your post.  That's great that you are still with us.  I will await your next post.

 

Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:45 PM

Posted 11 May 2016 - 07:06 AM

Mouad:

 

Are you still there?  Do you still require assistance?  Please respond in the next day, or a Moderator will conclude your topic, as per Forum rules.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users