Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Black screen, won't boot, have run FRST scan - need help with what


  • Please log in to reply

#1
Louiseh

Louiseh

    New Member

  • Member
  • Pip
  • 1 posts
Hi,
My Samsung laptop is stuck on start up with a black screen and cursor, and won't boot even in safe mode. I downloaded the FRST application & have performed a scan. If anyone can help me with what I should do next re: running a fix, I'd be very grateful. Thank you.

Here's the frst.txt output:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by SYSTEM on MININT-GABU2RE (06-01-2016 10:03:14)
Running from g:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-12] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1593640 2015-01-30] (Sophos Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\InprocServer32: [Default-wbemess] <==== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] <==== ATTENTION
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] <==== ATTENTION
HKU\Lou\...\Run: [f.lux] => C:\Users\Lou\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\Lou\...\Run: [Dropbox Update] => C:\Users\Lou\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-30] (Dropbox, Inc.)
HKU\Lou\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\Lou\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\Lou\...\Policies\Explorer: []
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217672 2015-01-19] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2015-01-19] (Sophos Limited)
Startup: C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-06]
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Victorian Calendar.lnk [2016-01-04]
ShortcutTarget: JL Victorian Calendar.lnk -> C:\Program Files (x86)\JL Victorian Calendar\JL Victorian Calendar.exe ()

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-06] (Autodesk, Inc.)
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-17] (Malwarebytes Corporation)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-11-30] ()
S2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2015-08-31] (Sophos Limited)
S2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2015-01-19] (Sophos Limited)
S2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [340776 2015-01-30] (Sophos Limited)
S2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2015-01-19] (Sophos Limited)
S2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3274536 2015-01-19] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2015-01-19] (Sophos Limited)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-17] (Malwarebytes Corporation)
S1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2015-08-31] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2015-08-31] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2015-08-31] (Sophos Limited)
S3 btmaux; system32\DRIVERS\btmaux.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-06 10:01 - 2016-01-06 10:03 - 00000000 ____D C:\FRST
2016-01-04 21:02 - 2011-07-28 20:23 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2016-01-04 21:02 - 2011-07-28 20:23 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2016-01-04 21:02 - 2011-07-28 20:23 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2016-01-04 21:02 - 2011-07-28 20:23 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2016-01-04 21:02 - 2011-07-28 20:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2016-01-04 21:02 - 2011-07-28 16:15 - 00174640 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2016-01-04 21:02 - 2011-07-28 16:15 - 00007440 _____ C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2016-01-04 21:02 - 2009-06-10 12:45 - 00000003 _____ C:\Windows\System32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2016-01-04 21:01 - 2011-07-28 20:23 - 00267776 _____ (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2016-01-04 21:01 - 2011-07-28 20:23 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2016-01-04 21:01 - 2011-07-28 20:23 - 00160256 _____ (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2016-01-04 21:01 - 2011-07-28 20:23 - 00114176 _____ (Microsoft Corporation) C:\Windows\System32\admparse.dll
2016-01-04 12:42 - 2016-01-04 12:42 - 00003288 ____N C:\bootsqm.dat
2016-01-04 12:25 - 2016-01-04 13:15 - 01438780 _____ C:\Windows\ntbtlog.txt
2015-12-21 01:30 - 2015-12-21 01:30 - 00000000 __SHD C:\found.001
2015-12-18 13:19 - 2015-12-18 13:19 - 00000000 ____D C:\Users\Lou\AppData\Local\{59D0256D-2309-4726-AB64-C88372C4650E}
2015-12-18 08:45 - 2015-12-18 08:45 - 00131877 _____ C:\Users\Lou\Downloads\18th December 2015.pdf
2015-12-18 08:44 - 2015-12-18 08:44 - 00320333 _____ C:\Users\Lou\Downloads\Library Newsletter December 2015.pdf
2015-12-16 14:00 - 2015-12-16 14:00 - 00031431 _____ C:\Users\Lou\Desktop\myHermeslabel.pdf
2015-12-16 06:40 - 2015-12-16 06:40 - 00000000 ____D C:\Users\Lou\AppData\Local\{9BCE48C6-D675-436B-935C-FB9C46CBD552}
2015-12-15 14:42 - 2015-12-19 10:29 - 00000000 ____D C:\Users\Lou\Desktop\to print dec 15
2015-12-15 13:37 - 2015-12-15 13:37 - 00000000 ____D C:\Users\Lou\AppData\Local\{D50B4BEC-3E32-4036-9194-5D0253055C6A}
2015-12-15 03:35 - 2015-12-15 03:35 - 01546921 _____ C:\Users\Lou\Documents\IMG_20151215_0005.pdf
2015-12-15 03:35 - 2015-12-15 03:35 - 00776800 _____ C:\Users\Lou\Downloads\IMG_20151215_0004.pdf
2015-12-15 03:34 - 2015-12-15 03:34 - 00776800 _____ C:\Users\Lou\Documents\IMG_20151215_0004.pdf
2015-12-15 01:37 - 2015-12-15 01:37 - 00000000 ____D C:\Users\Lou\AppData\Local\{0ED26ACE-0741-4813-876A-C9A220805FCE}
2015-12-14 14:18 - 2015-12-14 14:18 - 00394928 _____ C:\Users\Lou\Downloads\4th December 2015 (1).pdf
2015-12-14 14:18 - 2015-12-14 14:18 - 00147823 _____ C:\Users\Lou\Downloads\Home School Agreement November 2015 consultation with parents (1) (1).pdf
2015-12-14 14:17 - 2015-12-14 14:17 - 00193207 _____ C:\Users\Lou\Downloads\27th November 2015 (1).pdf
2015-12-14 14:16 - 2015-12-14 14:16 - 00324374 _____ C:\Users\Lou\Downloads\20th November 2015.pdf
2015-12-14 14:16 - 2015-12-14 14:16 - 00208974 _____ C:\Users\Lou\Downloads\6th November 2015.pdf
2015-12-14 14:15 - 2015-12-14 14:15 - 00335008 _____ C:\Users\Lou\Downloads\16th October 2015 (1).pdf
2015-12-14 11:02 - 2015-12-14 11:02 - 00169169 _____ C:\Users\Lou\Desktop\Smile account statement Harriss Parrack 2.pdf
2015-12-14 11:02 - 2015-12-14 11:02 - 00169015 _____ C:\Users\Lou\Desktop\Smile account statement Harriss Parrack 1.pdf
2015-12-09 13:48 - 2016-01-04 10:52 - 08888512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-12-08 03:25 - 2015-12-08 03:25 - 00000000 ____D C:\Users\Lou\AppData\Local\{70EFFED7-52DA-45CC-9DF7-4EFE3D28641F}
2015-12-08 03:25 - 2015-12-08 03:25 - 00000000 ____D C:\Users\Lou\AppData\Local\{5377FA1D-AD94-4191-8C45-22AB484BD44E}
2015-12-07 23:45 - 2015-12-07 23:45 - 00000000 ____D C:\Users\Lou\AppData\Local\ElevatedDiagnostics
2015-12-07 10:04 - 2015-12-07 10:04 - 00394928 _____ C:\Users\Lou\Downloads\4th December 2015.pdf
2015-12-07 10:01 - 2015-12-07 10:02 - 00147823 _____ C:\Users\Lou\Downloads\Home School Agreement November 2015 consultation with parents (1).pdf
2015-12-07 03:59 - 2015-12-07 04:00 - 00000000 ____D C:\Program Files (x86)\EndNote X6
2015-12-07 02:56 - 2015-12-07 02:57 - 00028772 _____ C:\Users\Lou\Downloads\arpaper.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-06 01:35 - 2013-11-29 06:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-06 01:35 - 2009-07-13 20:45 - 00021200 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-06 01:35 - 2009-07-13 20:45 - 00021200 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-06 01:27 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-04 21:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-01-04 21:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2016-01-04 21:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\com
2016-01-04 13:27 - 2009-07-13 20:45 - 00528152 _____ C:\Windows\System32\FNTCACHE.DAT
2016-01-04 12:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2016-01-04 12:11 - 2015-06-30 12:04 - 00000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-592597040-2687735098-3077039613-1000Core.job
2016-01-04 12:11 - 2013-11-11 04:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-04 10:50 - 2015-06-30 12:04 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-592597040-2687735098-3077039613-1000UA.job
2016-01-04 10:50 - 2013-11-11 04:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-23 15:29 - 2015-08-31 10:47 - 00000542 _____ C:\Windows\Tasks\Wednesday 9pm Scan.job
2015-12-21 08:41 - 2014-03-19 04:08 - 00000000 ___RD C:\Users\Lou\Dropbox
2015-12-21 01:37 - 2014-03-19 03:52 - 00000000 ____D C:\Users\Lou\AppData\Roaming\Dropbox
2015-12-18 07:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-17 03:16 - 2013-11-17 07:18 - 00000000 ____D C:\Users\Lou\AppData\Local\CrashDumps
2015-12-16 07:34 - 2015-03-17 00:43 - 00000000 ____D C:\Users\Lou\Desktop\DCIM
2015-12-15 05:34 - 2013-11-11 04:07 - 00674304 ___SH C:\Users\Lou\Desktop\Thumbs.db
2015-12-15 05:15 - 2014-07-07 07:50 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-12-09 13:48 - 2013-11-29 06:18 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 13:48 - 2013-11-29 06:18 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-09 13:48 - 2013-11-29 06:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-08 03:39 - 2009-07-13 21:13 - 00782492 _____ C:\Windows\System32\PerfStringBackup.INI
2015-12-08 03:23 - 2015-01-06 11:53 - 00691200 ___SH C:\Users\Lou\Documents\Thumbs.db
2015-12-07 11:56 - 2013-11-11 03:46 - 00000000 ____D C:\Users\Lou\Documents\Outlook Files
2015-12-07 04:55 - 2014-01-10 07:37 - 00000000 ____D C:\Users\Lou\AppData\Roaming\EndNote
2015-12-07 04:00 - 2014-01-10 07:32 - 00000000 ____D C:\ProgramData\Thomson.ResearchSoft.Installers

Files to move or delete:
====================
C:\Users\Lou\survey_486817_SPSS_data_file.dat


Some files in TEMP:
====================
C:\Users\Lou\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfzakoj.dll
C:\Users\Lou\AppData\Local\Temp\Risweb32.exe


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2015-10-26 23:50
Restore point date: 2015-11-06 08:51
Restore point date: 2015-11-28 04:36
Restore point date: 2015-11-28 07:06
Restore point date: 2015-12-05 14:50
Restore point date: 2015-12-05 14:52
Restore point date: 2015-12-07 03:58
Restore point date: 2015-12-22 02:23
Restore point date: 2016-01-04 21:03

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 4009.55 MB
Available physical RAM: 3355.76 MB
Total Virtual: 4007.75 MB
Available Virtual: 3348.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:442.3 GB) (Free:280.46 GB) NTFS
Drive e: (SAMSUNG_REC) (Fixed) (Total:23.36 GB) (Free:0.94 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (KINGSTON) (Removable) (Total:1.92 GB) (Free:1.85 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 010722F6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=442.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=23.4 GB) - (Type=27)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT.


LastRegBack: 2016-01-04 10:50

==================== End of FRST.txt ============================
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,659 posts
  • MVP
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP