Black Screen after Windows Logo - waits 2 minutes, then able to login

Thanks.

The log does show that you used the correct parameter -

The red time stamped are from the 1st run. The 20:16 lines (most recent log) clearly show that the TDSS File System is not present. Perhaps the utility cleared it on the 1st run and the suspicious object reported was something different. Did TDSSKiller flag something as suspicious on this run?

20:16:59.0074 0x0850 ================ Scan MBR ==================================

---

19:07:47.0238 0x0cc4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:07:47.0424 0x0cc4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 - ok

20:16:59.0075 0x0850 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:16:59.0271 0x0850 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 - ok

---

19:07:47.0428 0x0cc4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:07:47.0511 0x0cc4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 - detected TDSS File System ( 1 )
19:07:47.0511 0x0cc4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 ( TDSS File System ) - warning

20:16:59.0274 0x0850 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:16:59.0394 0x0850 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 - ok

---

20:16:59.0408 0x0850 [ 35C6B2FCDE68FACBEFE0A4A7200BAE58 ] \Device\Harddisk6\DR6
20:16:59.0957 0x0850 [ 35C6B2FCDE68FACBEFE0A4A7200BAE58 ] \Device\Harddisk6\DR6 - ok

---

You're going to have to be a bit more help solving the issue on your machine.
What are Disk 2 - 5 and
what's below the CD drive.

Your disk management shows a number of issues, first and foremost are multiple ACTIVE partitions.
Without knowing why, its very difficult to advise. Normally this occurs when people improperly re-install Windows. But the Seagate drive also has an Active flag on it.

Let's address that now.

See this tutorial first: System Repair Disc - Create
Just in case.


Open an Elevated Command Prompt

   Tip

Standard keyboard shortcuts for Copy (Ctrl-C) and Paste (Ctrl-V) shortcuts do not work in Command Prompt.

Enabling the Quick Edit Mode in Command Prompt makes Copy and Paste operations easier.
See step 4 in Command Prompt - Copy to Clipboard to enable it.

Copy in Command Prompt: hightlight the text you want to copy, then press ENTER.
Paste in Command Prompt: right click with your mouse.

You're going to have to identify the drives or post what diskpart reports. The idea is to remove the active flag from every drive except for C:

lis dis: lists the disks (after an object has been selected, an asterisk appears to indicate that is the selected object - carefully verify that the correct object is selected BEFORE issuing the command that follows.)

sel dis: selects the disk

sel par: selects the partition

I entered the commands based on the Disk Management screen shot you posted - any changes to the disks INVALIDATES everything below. You'll have to stay with one configuration until you complete an operation.

If anything changes (like adding disk 6) you really have to let this side of the monitor know what you're doing. I have a lot of patience and will work with you, but this is like changing tires on a moving truck.

In the command window type:

diskpart
lis dis

sel dis 0
sel par 2
lis dis
inactive

sel dis 6
sel par 1
lis dis
inactive

exit

Restart your machine.

BE EXTREMELY CAUTIOUS - Windows needs an active partition to boot - it should be on the C: partition as far as I can tell.

Most likely the TDSSKiller worked as advertised and cleaned your system of a nasty.

See this tutorial first: System Repair Disc - Create
It's always a good idea to have a System Repair Disc
Just in case.

Yes, the ACTIVE flag on more than one drive will cause you problems. BUT..... you have to make sure you're working on the correct drive / partition when you issue the command.

Got it, flash drives. But....
Why are they still showing in Disk Manager? Are they all plugged in?
They don't show any other data than the drive letter.

It's probably best if you disconnect all external drives for this exercise and post another Disk management screenshot.

Work with that until that operation is completed and you know that your system can restart.

I expect that I will see Disk 0 and Disk 1

Disk 6 will come later, I don't want to see that at first. OK?

I don't want to see disks 2-5 really, but that's another issue to solve. You might know why - did you set any configurations to retain the drive letter?

Great news, though as I mentioned you should probably run a few more malware scans after the ACTIVE flags are corrected.

Bill
.

Ok, the odd thing is that the drive letters 'stick' when there doesn't seem to be any drive connected.

I was helping in another thread and saw something similar (drive 5 with letter, but no drive connected). That member was using a docking station. So I'll simply ask "Do you connect these drives in a docking station?".

Normally the drive letter is released when the device is disconnected. I know you can associate a drive letter with a drive, so that applications can always expect the data on a certain drive letter. I'll have to read a bit if you can't answer the question for me.

Actually two questions
Do you use a docking station?
Do you use software that keeps the drive in the list when it is disconnected?
or -> have you intentionally configured Windows not to release the drive?

In the meantime, you might want to run the following scans and post the output results.

---

Click here to download Malwarebytes Anti-Malware (Mbam) (select the free version)

Save the install package to your Desktop
Double click the mbam-setup file on your desktop to install and run Mbam

Answer YES to all authorization prompts and then follow the Mbam setup prompts.
Do not make any changes to default settings.
When the install is finished, verify that only the following two options have checkmarks,
change to match if necessary.
[a] Update Malwarebytes’ Anti-Malware
[a] Launch Malwarebytes’ Anti-Malware

Make sure that there is NOT a checkmark next to:
[..] Enable free trial of Malwarebytes Anti-Malware PRO

Then click the Finish button.

Allow Mbam to update, then
Select Perform Quick Scan from the options on the Scanner tab, then
Click the Scan button.

After the scan is complete
Click on Show Results
A window displaying any detected malware is shown
Select all malware (make sure all objects are ticked [a]), then
Click on Remove Selected

The Mbam report file pops up in your text editor when Mbam has completed the removal process.

Select all of the text in the report (Ctrl+A) and paste the text in a new post on this thread.

   Note

If MBAM encounters a file that is difficult to remove, you are asked to restart the computer.
The restart is REQUIRED to allow Mbam to complete the removal of the malware.
Failure to restart means that the malware is still present on your machine.

You want to restart in Normal mode, not in Safe mode.

---

AdwCleaner is a two step process. Scan then Clean
Just run the scan for now.

Step 1: Download and Scan

Click here to download AdwCleaner (author: Xplode)
>> save the application to your Desktop.

• Right-click AdwCleaner.exe on your Desktop and select Run As Administrator to run the scanner with full privilege rights.
  AdwCleaner is a standalone executable, there is no install.
  .
• Click on the Scan button.
  >> AdwCleaner begins scanning your system. It might take some time to complete, be patient
  .
• When the scan has finished, click on the Report button
  >> the AdwCleaner log: AdwCleaner[R#].txt is opened in your default Text editor.
  [R#] gets incremented every time you run AdwCleaner - the highest number is the most recent.
  .
• Look through the log for any recognizable entries - don't worry about other details in the log.
  i.e. I use Textpad on my system and AdwCleaner flags it as a possible threat because I configured Textpad to replace Notepad. AdwCleaner says "Hey, that's not quite right - you should take a look a this - did you make this change"
  .
• Paste the entire AdwCleaner log in your next post.
  AdwCleaner logs are located in the C:\AdwCleaner folder if you need to reference them again.

A respected member once told me "It's not magic if you know the trick".

15 GB of junk! You're not alone.. I've seen entire SSD drives chewed up with junk.... my magic finger presses uninstall followed by disk clean and... there ya go 60-80 GBs

---

Yes, go ahead and run Part 2 of AdwCleaner.

AdwCleaner Step 2: Scan and Clean

• Right-click, Run as administrator AdwCleaner.exe
  
• Click on the Scan button.
  >> AdwCleaner begins scanning your system. It might take some time to complete.
  >> You can review the objects that will be cleaned at this point of the process. Objects are grouped under the tabs. If there is something you KNOW should not be cleaned, untick the box next to the object. Otherwise, go to the next step.
  .
• After the scan has finished... click on the Clean button.
  
  • Answer OK to the "close all programs" prompt, then follow the onscreen prompts.
  • Answer OK to the "restart the computer" prompt to complete the removal process.
    >> The AdwCleaner[S#].txt log is opened in your default Text editor when the machine has restarted.
    [R#] gets incremented every time you run AdwCleaner - the highest number is the most recent.
  
  .
• Paste the entire AdwCleaner log in your next post.
  AdwCleaner logs are located in the C:\AdwCleaner folder if you need to reference them again

Work getting in the way of ..... sheesh! :)

It's hard to say if you did anything wrong, because you really didn't tell me anything in detail.
... I built up the courage to sort out the drives ...
Are you referring to Diskpart or post# 24

Have I done something wrong? I haven't done anything on the drives yet I promise...!
I gather from the above statement that you simply booted your machine, got some morning beverage, and came back to actually make some changes only to find the BSOD.

You had not changed the ACTIVE flag and you had not changed anything in Disk Management - is that correct?

Can you boot up at all? Safe mode?
If you can start your machine, please follow these instructions: Blue Screen of Death (BSOD) Posting Instructions

My initial diagnosis (not much to go on yet) is that there is a hardware hiccup. Members will know more after you post the SF Diagnostics. I'll have to ask for help from the BSOD team since I don't read dumps.

I think we're back to post# 1 (BSOD) and in post# 4 where Arc pointed to memory. So no... I don't think you did anything wrong.

Bill
.