[Mr Lucky]

Hi guys. The usual black death of win7 starter edition reached my laptop Samsung nc110. After switching on the laptop the black screen came up with moving mouse cursor. I couldnt even switch it off only with holding the button for 6 seconds and giving another hit to the OS. However, that part was fixed when I did a boot fix in dos from a Win7 usb. I went through the usual F8 items, non of them worked (no image file). Then went into bios to start booting from my external hdd where I uploaded the Win7 starter cd to. From there windows repair couldnt find any problems on my e: (without the external this is c:). I even started a memory scan,it took 20hours. the only useable thing from this window is Dos, this is the starting point. There I see that everything is in place. Went to regedit to change in Reg Sz Shell file from "cmd.exe /k start cmd.exe" to "explorer.exe". Still the same black screen with the cursor.then tried in "blind mode", I call it blind as trying to make magic with commands without seeing whats behind the black layer on my scree. when window was running I pressed shift5x and sticky window came up. Winkey+P showed me the screen options so it proved me win works well. Then typed Winkey+R for the run dialog, typed shutdown but didnt shutdown. win doesnt work well. Only when i press the shutdown button then win7 shuts down after 30sec. So here I am now , after 3days reading everything on the internet the only person fixed his laptop who didnt had the easy way -those F8 options - was from this forum, with Brian's help. So any of u can also suggest something, please write in a comment here. Thank you

Edited by Mr Lucky, 25 August 2016 - 06:42 AM.

[Advertisements]

Hi and welcome to G2G. We'll see what we can do. Do you have a USB drive and another working computer that you could download FRST on to?
 
If so please follow the instructions below. If you don't, let me know.

Step#1 
1. From a working computer, please download Farbar Recovery Scan Tool and save it to a USB thumb drive.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
    Only one of them will run on your system, that will be the right version.
2. Plug this USB thumb drive into your "sick" computer.
 
  
Step#2
1. Shut down your "sick" computer and leave it off for a good 10 seconds.
2. Power on your computer and then repeatedly tap the F8 key on your keyboard (about a second apart for each tap). This will open up the Advanced Boot Options screen which will look similar
    to what is shown below.
   
 
3. At the above screen you will see a variety of options that can be used to boot Windows. Using the arrow keys on your keyboard, highlight the option labeled Repair Your Computer.
    Once it is highlighted, click on the Enter key on your keyboard. Note: If you don't have a Repair Your Computer option please skip the rest of the steps in this section and go below to the next
    section after step#14.
4. Select US as the keyboard language settings, and then click Next.
5. Select the operating system you want to repair, and then click Next.
6. Select your user account and click Next and you will be at the System Recovery Options menu showing the following options. Please use the arrow keys on your keyboard to select
    Command Prompt and then hit Enter.
 
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
 
7. In the command window type the word notepad and press Enter.
8. Notepad opens. Under the File menu select Open.
9. Select "Computer" and find out what your USB drive letter is and then close notepad.
10. In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your USB drive that you identified in step#9.
11. The tool will start to run.
12. When the tool opens click Yes to disclaimer.
13. Press Scan button.
14. It will make a log (FRST.txt) on the USB drive. Please plug in the USB drive into your working computer and copy and paste the contents of it into your reply.
 
Items for your next post
1. Contents of the FRST log.

[BrianDrab]

Hi and welcome to G2G. We'll see what we can do. Do you have a USB drive and another working computer that you could download FRST on to?
 
If so please follow the instructions below. If you don't, let me know.

Step#1 
1. From a working computer, please download Farbar Recovery Scan Tool and save it to a USB thumb drive.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
    Only one of them will run on your system, that will be the right version.
2. Plug this USB thumb drive into your "sick" computer.
 
  
Step#2
1. Shut down your "sick" computer and leave it off for a good 10 seconds.
2. Power on your computer and then repeatedly tap the F8 key on your keyboard (about a second apart for each tap). This will open up the Advanced Boot Options screen which will look similar
    to what is shown below.
   
 
3. At the above screen you will see a variety of options that can be used to boot Windows. Using the arrow keys on your keyboard, highlight the option labeled Repair Your Computer.
    Once it is highlighted, click on the Enter key on your keyboard. Note: If you don't have a Repair Your Computer option please skip the rest of the steps in this section and go below to the next
    section after step#14.
4. Select US as the keyboard language settings, and then click Next.
5. Select the operating system you want to repair, and then click Next.
6. Select your user account and click Next and you will be at the System Recovery Options menu showing the following options. Please use the arrow keys on your keyboard to select
    Command Prompt and then hit Enter.
 
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
 
7. In the command window type the word notepad and press Enter.
8. Notepad opens. Under the File menu select Open.
9. Select "Computer" and find out what your USB drive letter is and then close notepad.
10. In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your USB drive that you identified in step#9.
11. The tool will start to run.
12. When the tool opens click Yes to disclaimer.
13. Press Scan button.
14. It will make a log (FRST.txt) on the USB drive. Please plug in the USB drive into your working computer and copy and paste the contents of it into your reply.
 
Items for your next post
1. Contents of the FRST log.

[Mr Lucky]

Thank you for your help. Underneath please find the saved txt file. Maybe it would help, before your message I tried different antivirus recovery disks (kaspersky, norton, avg, etc) but upon booting from the usb the following message came up: missing bootmgr , restart: ctrl+alt+del. the only way I could go to the Repair computer list was through Win7 starter /same as installed on the sick laptop/. I even tried to fix with an XP but same missing bootmgr came up. When I went into DOS through the Win7 Starter usb, then tried sfc /scannow, answer was the system is under repair , restart computer and type again sfc - obviously it is not possible to do this due to the black screen.Also came up a message, cant remember how and what I did - it said: explorerframe.dll missing. I also tried to reconstruct bcd but same answer came back.All these happened before I got your message above.  1 more thing just remembered. In the last few years Windows task line regularily disappeared from the bottom, so I had to go to task manager, finding explorer.exe, swithc it off, then  in run starting againg typing explorer.exe. Seemed for me some bug always ate it up. As you see I didnt use the laptop in the last month, if need more info then I can do a new scan for the last 3 months (as I remember there was an option for this in your program)

So here is the feedback from FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-08-2016

Ran by SYSTEM on MININT-UHRR5KQ (28-08-2016 21:10:24)

Running from f:\

Platform: Windows 7 Starter (X86) Language: English (United States)

Internet Explorer Version 8

Boot Mode: Recovery

Default: ControlSet002

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

 

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [185896 2014-05-17] (RealNetworks, Inc.)

Winlogon\Notify\ScCertProp: wlnotify.dll [X]

HKLM\...\InprocServer32: [Default-wbemess]  <==== ATTENTION

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  <==== ATTENTION

HKU\Sandor\...\Run: [Voipwise] => C:\Program Files\Voipwise.com\Voipwise\voipwise.exe [19060176 2013-01-27] (Voipwise)

HKU\Sandor\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\SIDE9S~1.SCR [520192 2012-12-14] (ScreenTime Media)

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [509440 2011-12-05] (Intel Corporation)

S2 AVP15.0.1; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)

S2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104208 2011-12-05] (Intel® Corporation)

S2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)

S2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)

S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2013-01-27] ()

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [241936 2011-12-08] ()

S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()

S2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-06] ()

S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [722704 2011-12-08] (Intel® Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [141312 2011-12-05] (Windows ® Win 7 DDK provider)

S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [141312 2011-12-05] (Windows ® Win 7 DDK provider)

S3 clwvd; C:\Windows\System32\DRIVERS\clwvd.sys [27504 2010-01-25] (Windows ® Win 7 DDK provider)

S0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)

S3 cxbu0wdm; C:\Windows\System32\DRIVERS\cxbu0wdm.sys [126592 2013-03-21] (HID Global Corporation)

S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [143968 2014-03-31] (Kaspersky Lab ZAO)

S2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [36928 2014-07-02] (Kaspersky Lab ZAO)

S3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [119816 2015-01-14] (Kaspersky Lab ZAO)

S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [36536 2014-08-12] (Kaspersky Lab ZAO)

S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [673976 2015-03-14] (Kaspersky Lab ZAO)

S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-02-25] (Kaspersky Lab ZAO)

S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24672 2014-03-28] (Kaspersky Lab ZAO)

S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)

S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)

S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44992 2014-06-05] (Kaspersky Lab ZAO)

S1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [64200 2015-01-14] (Kaspersky Lab ZAO)

S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [146240 2014-07-09] (Kaspersky Lab ZAO)

S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-08-20] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-08-20] ()

S3 samsung_hspa_datacard_dc_enum; C:\Windows\System32\DRIVERS\samsung_hspa_datacard_dc_enum.sys [50816 2011-05-09] (Samsung)

S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]

S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]

S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]

S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]

S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]

S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

S3 massfilter; system32\drivers\massfilter.sys [X]

S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]

S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]

S3 ZTEusbnmeaext; system32\DRIVERS\ZTEusbnmeaext.sys [X]

S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-08-28 21:10 - 2016-08-28 21:10 - 00000000 ____D C:\FRST

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-08-28 11:04 - 2016-06-04 13:25 - 02588928 _____ C:\Windows\ntbtlog.txt

2016-08-28 10:40 - 2015-01-14 05:54 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2016-08-28 10:11 - 2009-07-13 20:34 - 00019344 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-08-28 10:11 - 2009-07-13 20:34 - 00019344 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

 

==================== Known DLLs (Whitelisted) =========================

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\dnsapi.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== Association (Whitelisted) =============

 

 

==================== Restore Points  =========================

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 21%

Total physical RAM: 2037.3 MB

Available physical RAM: 1597.93 MB

Total Virtual: 2037.3 MB

Available Virtual: 1596.32 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:97.56 GB) (Free:3.36 GB) NTFS

Drive d: () (Fixed) (Total:368.1 GB) (Free:4.36 GB) NTFS

Drive f: () (Fixed) (Total:305.76 GB) (Free:304.26 GB) NTFS

Drive g: (win7 temp) (Fixed) (Total:1557.21 GB) (Free:1439.9 GB) NTFS

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CE45CEFE)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=368.1 GB) - (Type=OF Extended)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: DCA1CA9B)

Partition 1: (Active) - (Size=305.8 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=1557.2 GB) - (Type=07 NTFS)

 

 

LastRegBack: 2015-04-16 23:58

 

==================== End of FRST.txt ============================

Edited by Mr Lucky, 28 August 2016 - 01:30 PM.

[BrianDrab]

Thanks for the detailed info. From this point forward, I'm going to request that you only perform the instructions that you are provided so that we don't do too many things at once and potentially cause a problem we can't fix.
 

- General Instructions -

• Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
• I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
• Any fixes provided by myself are for this log file only and should not be used on any other systems.
• Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
• It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
• It is also likely during our cleaning process that your internet browsing history will be removed. Your favorites will be untouched. If you don't want this to happen you need to let me know before running any steps so I can adjust my fixes accordingly.
• You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
• Please feel free to ask any questions, especially if you are having problems with my instructions.

- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

OK, let's perform our first fix.

 

Please follow the instructions below to perform a fix.
 
Note: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
 
Download the Fix
1. From a working machine, please download the attached fixlist.txt.
2. Save it on the flash drive just as you did when you downloaded the Farbar Recovery Scan Tool.
3. Plug your flash drive into the infected machine
 
Run the Fix
1. Open up FRST from the USB drive as you did previously.
2. Click the Fix button just once and wait.
3. The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.
 
 
Items for your Next Post

• Contents of the Fixlog.txt file

 

 

Attached Files

•  fixlist.txt   135bytes   236 downloads

[Mr Lucky]

Just 1 question. As u could see I have a paid Kaspersky Internet Security on the laptop, how this virus-malware could damaged my computer through this program?

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 27-08-2016
Ran by SYSTEM (31-08-2016 16:55:54) Run:1
Running from f:\
Boot Mode: Recovery

==============================================

fixlist content:
*****************
HKLM\...\InprocServer32: [Default-wbemess]  <==== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  <==== ATTENTION

*****************

HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => value restored successfully
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => value restored successfully

==== End of Fixlog 16:55:54 ====

[BrianDrab]

how this virus-malware could damaged my computer through this program?

 

Not exactly sure what you are asking. If you are asking how malware can get past an antivirus software the answer is fairly simply. Antivirus generally can only protect you against malware that it knows about. With well over 100 different ransomware strains that are out there and a ~800 percent increase in phishing emails from 2015 to 2016 antivirus is becoming more reactive than proactive. It's necessary to have but the most important first line of defense is you. We have all of our employees at work trained in Security Awareness which we found much more useful and had better results than relying on Antivirus alone.

 

 

Does your computer boot normally after the fix?

[Mr Lucky]

Unfortunately still black with the cursor. However, now I saw for a short second the little blue circle around the cursor. I tried to start it normally, then in safe mode but the same black screen came up. This virus is very clever, whoever wrote it, even the rescue disks from kaspersky and others are blocked to check the hard drive (tried everything last week before I contacted you). Only the Windows USB can access the system and your Farbar recovery. I really hope you can fix this thing.

Edited by Mr Lucky, 01 September 2016 - 03:06 AM.

[BrianDrab]

Can you please zip up and attach the following file?

 

C:\Windows\ntbtlog.txt

[Mr Lucky]

here is the download link (valid for 48hours), thank you

 

http://expirebox.com...70ac880794.html

Edited by Mr Lucky, 01 September 2016 - 07:56 AM.

[BrianDrab]

Thanks. Make sure your USB drive is plugged in to your sick computer and get to the command-prompt following the instructions from Post#2.

 

Follow it all the way through bullets#12 so that FRST is open. Once it's open, please do the following.

 

File Identification
1. Type explorerframe.dll into the Search box of the FRST window.
2. Click the Search Files button.
3. When the search is done it will open a notepad window with the results. It will also be saved on a text file named search.txt. Can you attach this to your next post?

[Mr Lucky]

here u r:

 

Farbar Recovery Scan Tool (x86) Version: 27-08-2016
Ran by SYSTEM (01-09-2016 20:22:57)
Running from g:\
Boot Mode: Recovery

================== Search Files: "explorerframe.dll" =============

C:\Windows\winsxs\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7601.17514_none_c484734ed212ffe5\ExplorerFrame.dll
[2012-11-12 01:50][2010-11-20 04:19] 1493504 ____A (Microsoft Corporation) E2A17BCC08D92F42E08AF6BA2F93ABA7

C:\Windows\winsxs\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7600.20743_none_c306411fee237118\ExplorerFrame.dll
[2012-11-09 09:01][2010-06-25 21:07] 1495552 ____A (Microsoft Corporation) EB8635C271546A027DCAD0EDF765DE64

C:\Windows\winsxs\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7600.16623_none_c292442cd4f5996c\ExplorerFrame.dll
[2012-11-09 09:00][2010-06-25 21:14] 1495040 ____A (Microsoft Corporation) 8898C95862D03D16B2A06DB4DB6BB6B2

C:\Windows\winsxs\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7600.16385_none_c2535f86d5247c4b\ExplorerFrame.dll
[2009-07-13 15:44][2009-07-13 17:15] 1495040 ____A (Microsoft Corporation) FD13400115D3D0D70E087AB826DF593A

C:\Windows\System32\ExplorerFrame.dll
[2012-11-12 01:50][2010-11-20 04:19] 1493504 ____A (Microsoft Corporation) E2A17BCC08D92F42E08AF6BA2F93ABA7

====== End of Search ======

[BrianDrab]

Thanks. At the command-prompt again, please type the following and hit enter.

 

chkdsk c: /R   <---that's chkdsk followed by a space followed by c: followed by a space followed by /R

 

 

When it finishes, try rebooting your computer again and let me know the results.

[Mr Lucky]

Hi, the same black window with the cursor. It said at rhe end: failed to transfer logged messages to the event log with status 50.

[BrianDrab]

Have you tried Last Known Good Configuration when getting to the Advanced Boot Options menu? You can follow the steps in Post#2 to get to this menu.

 

Please let me know. Thanks.

[Mr Lucky]

Same black screen. So I downloaded fixshell.exe from prevx. It didnt fix, but, after running the fixer I checked in regedit the Shell Reg Sz. And now it is as it should be: explorer.exe. When restarting the computer the same black screen comes back. I also copied the entire C drive in DOS onto an external hdd and did a kaspersky virus scan from the healthy laptop. No viruses found on the C drive. I also rebuilt the bcd (saved the old one) in dos, didnt help. I know it was easier to reinstall winshite, but know I am crazy to find out what changes the Shell upon rebooting the system. Any idea?

Just did a startup repair with the OS , it says startup repair cannot repair this computer automatically.

 

started this for a try...

sfc /scannow /offbootdir=c:\ /offwindir=c:\Windows
 

Windows resource protection didnt find any intergity violations. Restarted in Safe Mode...nothing, still this black screen with cursor.

 

here we go: so fixshell.exe fixed the Shell to explorer.exe. Restart...black screen. Then opened again regedit and now Shell is cmd.exe /k start cmd.exe. So started the fixshell.exe and then checked again regedit/shell....the fixer overwrote it to explorer.exe.

 

As u might remember, I had this ongoing issue with explorer.exe, regularily the bottom tray disappeared. then I had to go to task manager, stop explorer and restart it in the run command. do you think it is the graphic driver? as I can use dos I didnt think about a damaged driver.

Edited by Mr Lucky, 03 September 2016 - 11:38 AM.