Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 frozen black screen with white blinking cursor


  • This topic is locked This topic is locked
7 replies to this topic

#1 iceke

iceke

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 11 June 2016 - 07:43 AM

After a OS restart i get a blinking cursor and nothing happens, i can't get into safe mode...

 

FRTS log : 

 

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie:10-06-2016
Gestart door SYSTEM (Beheerder) op MININT-8E4C39J (11-06-2016 14:37:43)
Gestart vanaf D:\
Geladen Profielen: False (Beschikbare Profielen: ) <==== AANDACHT (Tijdelijke Profiel?)
Platform: Windows ™ 8 Preinstallation Environment (X64) Taal: Nederlands (Nederland)
Boot Modus: Normal
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(Microsoft Corporation) X:\Windows\System32\winpeshl.exe
(Microsoft Corporation) X:\Windows\System32\WallpaperHost.exe
(Microsoft Corporation) X:\setup.exe
(Microsoft Corporation) X:\sources\recovery\RecEnv.exe
(Microsoft Corp.) X:\sources\recovery\tools\MSDartTools.exe
(Microsoft Corp.) X:\Windows\System32\Explorer.exe
 
 
==================== Register (gefilterd) ===========================
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
 
HKLM-x32\...\Winlogon: [Userinit]  [X]
HKLM\...\Winlogon: [Shell] cmd.exe /k start cmd.exe [ ] () <=== AANDACHT
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== AANDACHT
BootExecute: 
 
==================== Internet (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)
 
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll Geen bestand 
Winsock: Catalog9 01 %SystemRoot%\system32\mswsock.dll Geen bestand 
Winsock: Catalog9 02 %SystemRoot%\system32\mswsock.dll Geen bestand 
Winsock: Catalog9 03 %SystemRoot%\system32\mswsock.dll Geen bestand 
Winsock: Catalog9 04 %SystemRoot%\system32\mswsock.dll Geen bestand 
Winsock: Catalog9 05 %SystemRoot%\system32\mswsock.dll Geen bestand 
Winsock: Catalog9 06 %SystemRoot%\system32\mswsock.dll Geen bestand 
Winsock: Catalog9 07 %SystemRoot%\system32\mswsock.dll Geen bestand 
ManualProxies: 
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope waarde ontbreekt
SearchScopes: HKLM-x32 -> DefaultScope waarde ontbreekt
DefaultPrefix: =>  <==== AANDACHT
Prefixes: [home]=>  <==== AANDACHT
Prefixes: [www]=>  <==== AANDACHT
DefaultPrefix-x32: =>  <==== AANDACHT
Prefixes-x32: [home]=>  <==== AANDACHT
Prefixes-x32: [www]=>  <==== AANDACHT
 
==================== Services (gefilterd) ========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
S3 sacsvr; X:\Windows\system32\sacsvr.dll [16896 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (gefilterd) ==========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R0 bfadfcoei; X:\Windows\System32\drivers\bfadfcoei.sys [2279264 2015-10-30] (QLogic Corporation)
R0 bfadi; X:\Windows\System32\drivers\bfadi.sys [2279264 2015-10-30] (QLogic Corporation)
R0 bxfcoe; X:\Windows\System32\drivers\bxfcoe.sys [194912 2015-10-30] (QLogic Corporation)
R0 bxois; X:\Windows\System32\drivers\bxois.sys [541536 2015-10-30] (QLogic Corporation)
S3 cht4vbd; X:\Windows\System32\drivers\cht4vx64.sys [1326568 2015-10-30] (Chelsio Communications)
R0 elxfcoe; X:\Windows\System32\drivers\elxfcoe.sys [732512 2015-10-30] (Emulex)
R0 FBWF; X:\Windows\System32\DRIVERS\fbwf.sys [103456 2015-10-30] (Microsoft Corporation)
R0 ql2300i; X:\Windows\System32\drivers\ql2300i.sys [1508704 2015-10-30] (QLogic Corporation)
R0 ql40xx2i; X:\Windows\System32\drivers\ql40xx2i.sys [475488 2015-10-30] (QLogic Corporation)
R0 qlfcoei; X:\Windows\System32\drivers\qlfcoei.sys [1300320 2015-10-30] (QLogic Corporation)
R0 Ramdisk; X:\Windows\System32\DRIVERS\ramdisk.sys [39264 2015-10-30] (Microsoft Corporation)
R3 rt640x64; X:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S0 sacdrv; X:\Windows\System32\DRIVERS\sacdrv.sys [95584 2015-10-30] (Microsoft Corporation)
R0 WimFsf; X:\Windows\System32\Drivers\WimFsf.sys [66400 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
NETSVC: sacsvr -> X:\Windows\system32\sacsvr.dll (Microsoft Corporation)
 
==================== Een Maand Aangemaakt bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2016-06-11 14:37 - 2016-06-11 14:37 - 00000000 ____D X:\FRST
2016-06-11 14:08 - 2016-06-11 14:08 - 00393216 ____N X:\OfflineRecEnvTrace.etl
2016-06-11 14:08 - 2016-06-11 14:08 - 00000011 _____ X:\windows\system32\dart.config
2016-06-11 14:08 - 2016-06-11 14:08 - 00000000 __SHD X:\RecoveryLogs
2016-06-11 14:07 - 2016-06-11 14:07 - 00000958 _____ X:\windows\CompatibilityIssues.txt
2016-06-11 14:07 - 2016-06-11 14:07 - 00000000 ____D X:\windows\panther
2016-06-11 14:06 - 2016-06-11 14:06 - 00063232 _____ X:\windows\system32\FNTCACHE.DAT
2016-06-11 14:06 - 2016-06-11 14:06 - 00003363 _____ X:\windows\diagwrn.xml
2016-06-11 14:06 - 2016-06-11 14:06 - 00001890 _____ X:\windows\diagerr.xml
2016-06-11 14:06 - 2016-06-11 14:06 - 00000000 ____D X:\windows\ServiceProfiles
2016-06-11 14:06 - 2015-10-30 08:09 - 00589824 _____ (Realtek ) X:\windows\system32\Drivers\rt640x64.sys
2016-06-11 14:06 - 2015-10-30 08:09 - 00023040 _____ (Microsoft Corporation) X:\windows\system32\Drivers\kdnic.sys
 
==================== Een Maand Gewijzigd bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
 
==================== Bamital & volsnap =================
 
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
 
X:\windows\system32\winlogon.exe => Bestand is getekend
X:\windows\system32\wininit.exe => Bestand is getekend
X:\windows\explorer.exe ONTBREEKT <==== AANDACHT
X:\windows\SysWOW64\explorer.exe ONTBREEKT <==== AANDACHT
X:\windows\system32\svchost.exe => Bestand is getekend
X:\windows\SysWOW64\svchost.exe ONTBREEKT <==== AANDACHT
X:\windows\system32\services.exe => Bestand is getekend
X:\windows\system32\User32.dll => Bestand is getekend
X:\windows\SysWOW64\User32.dll ONTBREEKT <==== AANDACHT
X:\windows\system32\userinit.exe => Bestand is getekend
X:\windows\SysWOW64\userinit.exe ONTBREEKT <==== AANDACHT
X:\windows\system32\rpcss.dll => Bestand is getekend
X:\windows\system32\dnsapi.dll => Bestand is getekend
X:\windows\SysWOW64\dnsapi.dll ONTBREEKT <==== AANDACHT
X:\windows\system32\Drivers\volsnap.sys => Bestand is getekend
X:\windows\system32\codeintegrity\Bootcat.cache ONTBREEKT <==== AANDACHT
 
==================== Eind van FRST.txt ============================

 

 

 



BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 4,004 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 AM

Posted 12 June 2016 - 02:54 PM

Hi iceke :)

 

My name is polskamachina and I would like to welcome you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

In order for me to give you the best assistance possible, I will need to see an English version of the FRST report.

  • Right-click the FRST64 icon.
  • Select Rename.
  • Change the name of the program to either: EnglishFRST64.exe or FRSTEnglish64.exe.
  • Press the Enter key to accept the name change.
  • Double-click the newly named icon and the program should start in English.
  • Check the box for Addition.txt. Note: This option is not available if you're running the program from the Recovery Environment.
  • Click on the Scan button.
  • When the scan has completed, copy and paste the FRST.txt and Addition.txt if available into your next reply to me.

Let me know if you have any questions.

 

polskamachina



#3 iceke

iceke
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 13 June 2016 - 01:25 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-06-2016 01
Ran by SYSTEM (administrator) on MININT-51NASDO (13-06-2016 20:25:39)
Running from F:\
Loaded Profiles: False (Available Profiles: ) <==== ATTENTION (Temporary Profile?)
Platform: Windows ™ 8 Preinstallation Environment (X64) Language: Nederlands (Nederland)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) X:\Windows\System32\winpeshl.exe
(Microsoft Corporation) X:\Windows\System32\WallpaperHost.exe
(Microsoft Corporation) X:\setup.exe
(Microsoft Corporation) X:\sources\recovery\RecEnv.exe
(Microsoft Corp.) X:\sources\recovery\tools\MSDartTools.exe
(Microsoft Corp.) X:\Windows\System32\Explorer.exe
(Farbar) F:\EnglishFRST64.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Winlogon: [Userinit]  [X]
HKLM\...\Winlogon: [Shell] cmd.exe /k start cmd.exe [ ] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
BootExecute: 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll No File 
Winsock: Catalog9 01 %SystemRoot%\system32\mswsock.dll No File 
Winsock: Catalog9 02 %SystemRoot%\system32\mswsock.dll No File 
Winsock: Catalog9 03 %SystemRoot%\system32\mswsock.dll No File 
Winsock: Catalog9 04 %SystemRoot%\system32\mswsock.dll No File 
Winsock: Catalog9 05 %SystemRoot%\system32\mswsock.dll No File 
Winsock: Catalog9 06 %SystemRoot%\system32\mswsock.dll No File 
Winsock: Catalog9 07 %SystemRoot%\system32\mswsock.dll No File 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{63bc3d9b-8554-48d7-9505-1bb8cc82cee8}: [DhcpNameServer] 192.168.0.1
ManualProxies: 
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
DefaultPrefix: =>  <==== ATTENTION
Prefixes: [home]=>  <==== ATTENTION
Prefixes: [www]=>  <==== ATTENTION
DefaultPrefix-x32: =>  <==== ATTENTION
Prefixes-x32: [home]=>  <==== ATTENTION
Prefixes-x32: [www]=>  <==== ATTENTION
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 sacsvr; X:\Windows\system32\sacsvr.dll [16896 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 bfadfcoei; X:\Windows\System32\drivers\bfadfcoei.sys [2279264 2015-10-30] (QLogic Corporation)
R0 bfadi; X:\Windows\System32\drivers\bfadi.sys [2279264 2015-10-30] (QLogic Corporation)
R0 bxfcoe; X:\Windows\System32\drivers\bxfcoe.sys [194912 2015-10-30] (QLogic Corporation)
R0 bxois; X:\Windows\System32\drivers\bxois.sys [541536 2015-10-30] (QLogic Corporation)
S3 cht4vbd; X:\Windows\System32\drivers\cht4vx64.sys [1326568 2015-10-30] (Chelsio Communications)
R0 elxfcoe; X:\Windows\System32\drivers\elxfcoe.sys [732512 2015-10-30] (Emulex)
R0 FBWF; X:\Windows\System32\DRIVERS\fbwf.sys [103456 2015-10-30] (Microsoft Corporation)
R0 ql2300i; X:\Windows\System32\drivers\ql2300i.sys [1508704 2015-10-30] (QLogic Corporation)
R0 ql40xx2i; X:\Windows\System32\drivers\ql40xx2i.sys [475488 2015-10-30] (QLogic Corporation)
R0 qlfcoei; X:\Windows\System32\drivers\qlfcoei.sys [1300320 2015-10-30] (QLogic Corporation)
R0 Ramdisk; X:\Windows\System32\DRIVERS\ramdisk.sys [39264 2015-10-30] (Microsoft Corporation)
R3 rt640x64; X:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S0 sacdrv; X:\Windows\System32\DRIVERS\sacdrv.sys [95584 2015-10-30] (Microsoft Corporation)
R0 WimFsf; X:\Windows\System32\Drivers\WimFsf.sys [66400 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: sacsvr -> X:\Windows\system32\sacsvr.dll (Microsoft Corporation)
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-13 20:25 - 2016-06-13 20:25 - 00000000 ____D X:\FRST
2016-06-13 20:24 - 2016-06-13 20:24 - 00000011 _____ X:\windows\system32\dart.config
2016-06-13 20:23 - 2016-06-13 20:23 - 00000000 __SHD X:\RecoveryLogs
2016-06-13 20:22 - 2016-06-13 20:22 - 00262144 ____N X:\OfflineRecEnvTrace.etl
2016-06-13 20:18 - 2016-06-13 20:18 - 00063232 _____ X:\windows\system32\FNTCACHE.DAT
2016-06-13 20:18 - 2016-06-13 20:18 - 00004488 _____ X:\windows\diagwrn.xml
2016-06-13 20:18 - 2016-06-13 20:18 - 00001890 _____ X:\windows\diagerr.xml
2016-06-13 20:18 - 2016-06-13 20:18 - 00000000 ____D X:\windows\ServiceProfiles
2016-06-13 20:18 - 2015-10-30 08:09 - 00589824 _____ (Realtek ) X:\windows\system32\Drivers\rt640x64.sys
2016-06-13 20:18 - 2015-10-30 08:09 - 00023040 _____ (Microsoft Corporation) X:\windows\system32\Drivers\kdnic.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
X:\windows\system32\winlogon.exe => File is digitally signed
X:\windows\system32\wininit.exe => File is digitally signed
X:\windows\explorer.exe IS MISSING <==== ATTENTION
X:\windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION
X:\windows\system32\svchost.exe => File is digitally signed
X:\windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION
X:\windows\system32\services.exe => File is digitally signed
X:\windows\system32\User32.dll => File is digitally signed
X:\windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION
X:\windows\system32\userinit.exe => File is digitally signed
X:\windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION
X:\windows\system32\rpcss.dll => File is digitally signed
X:\windows\system32\dnsapi.dll => File is digitally signed
X:\windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
X:\windows\system32\Drivers\volsnap.sys => File is digitally signed
X:\windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-06-2016 01
Ran by SYSTEM (2016-06-13 20:25:50)
Running from F:\
Windows ™ 8 Preinstallation Environment (X64)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile
DefaultAccount (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
Gast (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1091CA06-0387-463D-8668-100BA78A7714} - \Microsoft\Windows\Plug and Play\Device Install Reboot Required -> No File <==== ATTENTION
Task: {123C029A-488A-44F9-AC39-120D3DC9CB5E} - \Microsoft\Windows\Shell\CreateObjectTask -> No File <==== ATTENTION
Task: {1E774501-04F4-425E-AA28-71D496C3ECBB} - \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange -> No File <==== ATTENTION
Task: {61354EA3-4DF7-4E83-8C64-01729603DA51} - \Microsoft\Windows\Ras\MobilityManager -> No File <==== ATTENTION
Task: {87AEAD53-867C-4F08-BC49-FC7B68E9F429} - \Microsoft\Windows\Wininet\CacheTask -> No File <==== ATTENTION
Task: {9A5552FF-BBB9-4C08-A251-7D29FE505897} - \Microsoft\Windows\Time Synchronization\SynchronizeTime -> No File <==== ATTENTION
Task: {F8A0B6D6-A8D2-473E-99AF-580D0801B574} - \Microsoft\Windows\Windows Error Reporting\QueueReporting -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 08:10 - 2015-10-30 08:09 - 00000824 ____A X:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Name: Videocontroller (VGA-compatibel)
Description: Videocontroller (VGA-compatibel)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Audio Device on High Definition Audio Bus
Description: Audio Device on High Definition Audio Bus
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 23%
Total physical RAM: 3191.18 MB
Available physical RAM: 2435.37 MB
Total Virtual: 3191.18 MB
Available Virtual: 2481.35 MB
 
==================== Drives ================================
 
Drive c: (Door systeem gereserveerd) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:465.66 GB) (Free:415.4 GB) NTFS
Drive e: (W.1511.GiGA.AiO.x64x86.Mei.16) (CDROM) (Total:6.16 GB) (Free:0 GB) UDF
Drive f: (W_7_SP1_AIO) (Removable) (Total:7.19 GB) (Free:4.29 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.49 GB) (Free:0.49 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9F91F73B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7.2 GB) (Disk ID: 08908C2C)
Partition 1: (Active) - (Size=7.2 GB) - (Type=0C)
 
==================== End of Addition.txt ============================


#4 polskamachina

polskamachina

  • Malware Response Team
  • 4,004 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 AM

Posted 15 June 2016 - 04:24 PM

Hi iceke :)

 

I've looked over your logs and have a few questions about what you see when you power on your computer:

  1. Does your computer POST?
  2. Do you hear any extra beeps from the speaker during startup?
  3. Do you see the manufacturer's logo appear right after the system powers on with perhaps instructions on how to enter the setup menu?
  4. Do you see the Windows logo and then does the system hang before the login screen?
  5. How are you attempting to enter Safe mode?
  6. Are you able to see a boot menu by pressing the F8 key at startup?
  7. How were you able to run the FRST program?
  8. Do you have access to either another Windows 8, Windows 7, or Windows Vista, 64-bit computer so that you can make a recovery disk?
  9. Do you have a Windows Vista, 7,or 8 full installation disk?
  10. If your answer is yes to either of the last two questions, that would be quite helpful.

polskamachina


Edited by polskamachina, 15 June 2016 - 04:38 PM.


#5 iceke

iceke
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 16 June 2016 - 06:05 AM

1 yes

2 No

3. yes

4 No

5 pressing f8 key

6. No

7. Windows 10 setup USB/Dvd, intel recovery tools ->recovery mode

8 Yes

9 Yes



#6 polskamachina

polskamachina

  • Malware Response Team
  • 4,004 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 AM

Posted 17 June 2016 - 01:03 PM

Hi iceke,
 
Good job with the survey questions. :thumbsup:
 
Please read the following directions carefully before proceeding.
Now use your Windows Vista/7/8 full installation disk to perform the following:

  • Note that the prompts and screens shown vary depending on the version and type of Windows boot media used, but the basics are the same.
  • Insert the Windows installation disc/UFD, Repair Disc, or Recovery Drive and restart the computer.
  • Press a key when the Press any key to boot from CD or DVD message appears (this prompt is not shown on some types of Windows boot media). If you don't press a key quickly enough, you will need to wait until the computer has finished booting and then reboot the computer and try again.
  • After the initialization process completes, you may be prompted to select a Language to install, Time and currency format, and Keyboard or input method.  Configure each of these settings and then click Next.
  • If shown, click the Repair your computer option that appears near the bottom of the window to access Windows RE.
  • If Windows RE scans for existing Windows installations, let it finish. If using the Windows 7 RE, make sure the Use recovery tools that can help fix problems starting Windows option is selected.
  • In Windows Vista RE and Windows 7 RE click Next. In the Windows 8.x RE click on Troubleshooting and then Advanced options to access the repair options.
  • Important: Please cancel any automatic repair options offered by Windows RE and instead select the option to run the Command Prompt.
  • Insert your USB drive with the FRST64 program installed
  • In the command window type in notepad and press Enter.
  • When notepad opens, click the File menu and select Open.
  • Select Computer and find your flash drive letter.
  • Close notepad.
  • In the command window type f:\frst64 and press Enter
    Note: Replace letter f with the drive letter of your flash drive which was discovered while in notepad.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Click the Scan button.
  • When the scan completes, please copy and paste the FRST.txt log (which will also be written to your flash drive) into your next reply to me.

Let me know if you have any questions.

polskamachina



#7 polskamachina

polskamachina

  • Malware Response Team
  • 4,004 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 AM

Posted 20 June 2016 - 02:38 PM

Hi iceke :)

 

It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.

 

polskamachina



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,469 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:25 AM

Posted 22 June 2016 - 07:22 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users