New
#21
Anyone has some input?
Anyone has some input?
Anything we missed to try from this list?
- Boot with Last Known Good Configuration (F8 menu)
- Restore to a prior date (System Restore) - System Restore
- Scan for malware (Malwarebytes Anti-Malware free)
- Try a clean startup Troubleshoot Application Conflicts by Performing a Clean Startup
- Check if explorer.exe is running and start from CTRL+ALT+DEL (task manager - new task)
- Verify in registry: HKEY_Local_Machine\Software\Microsot\Windows NT\Current Version\Winlogon to make sure 'shell = explorer.exe'
- Follow SFC /SCANNOW Command - System File Checker
- Try loading defaults in BIOS
I tried under F8 ===> Repair Computer===> Command Prompt ===> Works OK
Here is the result:
- Boot with Last Known Good Configuration (F8 menu) ===> Black screen with cursor in the middle
- Restore to a prior date (System Restore) - System Restore ====> Already reported in previous reply
- Try a clean startup Troubleshoot Application Conflicts by Performing a Clean Startup results in
Clean Start up
D:\Windows\System32>runas /user:administrator msconfig
Enter the password for administrator:
Attempting to start msconfig as user "MININT-84TH5FG\administrator" ...
RUNAS ERROR: Unable to run - msconfig
1060: The specified service does not exist as an installed service.
- Try loading defaults in BIOS - F2, f9, f10 ===> Black screen with cursor in the middle
Follow SFC /SCANNOW Command - System File Checker ====> Already reported the outcome No [SR] tag with errors
Check if explorer.exe is running and start from CTRL+ALT+DEL (task manager - new task) ===> CTRL+ALT+DEL not responding
- Scan for malware (Malwarebytes Anti-Malware free) yet to try. Will this find something, that was not found in Windows Defender offline? Do I able to run this from USB as offline?
Thanks for your input.
Update.
I tried with Farbar Recovery Scan Tool x64
I am attaching FRST.txt for your review.
Last edited by MDRI; 08 Aug 2015 at 15:52.
Hi MDRI,
Please do the following:
Fix with FRST
Plug in the flash drive on the working computer:
- Open notepad (Start orb > type notepad into Start Search > chose notepad from list.
- Please copy the entire contents of the quote box below and paste into notepad.
start
GroupPolicyUsers\S-1-5-21-416909013-2854222796-1658757329-1004\User: Restriction detected <======= ATTENTION
LastRegBack: 2015-07-23 18:28
end- Click on File > Save as.., name it fixlist.txt and save it to the flash drive.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Next:
Plug the flashdrive into the infected PC.
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Click on Repair your computer menu item.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
- Select Command Prompt
Next:- In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.- The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press the Fix button.
- It will make a log (Fix.txt) on the flash drive. Please copy and paste this log in your Topic.
Next:
Try to boot the computer in normal mode. If you are successful....
Please download Farbar Recovery Scan Tool and save it to your desktop. <<< Very Important!
Note: You will need to download the 64-bit version to your desktop.
- Make sure that FRST is on the desktop of the infected system
- Right click and choose Run as administrator. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- Under Optional Scan make sure there is a checkmark in the box for Addition.txt to ensure it creates that 2nd log. Please also paste that along with the FRST.txt into your reply.
Last edited by DonnaB; 07 Aug 2015 at 23:31.
I tried your steps. Do you mind, sharing your insight? What is happening here?
I did the Fix using Farbar Recovery Scan Tool. It created Fixlog.txt
I booted the computer in normal mode. ====> Same situation Black screen with cursor in middle.
I ran the scan using Farbar Recovery Scan Tool . It created FRST.txt I am attaching both FRST.txt, & Fixlog.txt for your insight.
Is this situation caused by infection (virus/malware), Hardware issue, BIOS, Memory etc? It will help others as well.
Last edited by MDRI; 08 Aug 2015 at 22:09.
This issue is not going away. Did you review attached logs? I like to work with you to solve this issue. Awaiting for next steps.
My apologies for the delay. You caught me at a bad time when you posted to that other topic to get my attention. Just too many irons in the fire.
This could be caused by any number of things you mentioned above.
Please disconnect any peripherals (if any) besides the USB flash drive before proceeding.
Fix with FRST
Plug in the flash drive on the working computer:
- Open notepad (Start orb > type notepad into Start Search > chose notepad from list.
- Please copy the entire contents of the quote box below and paste into notepad.
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\Stem_Work\...\Run: [Browser Infrastructure Helper] => C:\Users\Stem_Work\AppData\Local\Smartbar\Application\QuickShare.exe startup
AppInit_DLLs-x32: c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll" File not found
S3 BcmSqlStartupSvc; No ImagePath
S2 CLKMSVC10_3A60B698; No ImagePath
S2 CLKMSVC10_C3B3B687; No ImagePath
S2 DriverService; No ImagePath
S2 IAStorDataMgrSvc; No ImagePath
S2 iATAgentService; No ImagePath
S2 idealife Update Service; No ImagePath
S3 IGRS; No ImagePath
S2 IviRegMgr; No ImagePath
S2 Oasis2Service; No ImagePath
S2 PCCarerService; No ImagePath
S2 ReadyComm.DirectRouter; No ImagePath
S2 RichVideo; No ImagePath
S2 RtLedService; No ImagePath
S2 SeaPort; No ImagePath
S2 SoftwareService; No ImagePath
C:\Users\Lnv_Admin\AppData\Local\Temp\APNSetup.exe
C:\Users\Lnv_Admin\AppData\Local\Temp\AVG-Safeguard.exe
C:\Users\Lnv_Admin\AppData\Local\Temp\converter.exe
C:\Users\Lnv_Admin\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Lnv_Admin\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Lnv_Admin\AppData\Local\Temp\DSETUP.dll
C:\Users\Lnv_Admin\AppData\Local\Temp\dsetup32.dll
C:\Users\Lnv_Admin\AppData\Local\Temp\DXSETUP.exe
C:\Users\Lnv_Admin\AppData\Local\Temp\oi_{07A538F9-562B-480F-90C0-597B7F059CC7}.exe
C:\Users\Lnv_Admin\AppData\Local\Temp\ScriptHelper.exe
C:\Users\Lnv_Admin\AppData\Local\Temp\SmartbarExeInstaller.exe
C:\Users\Lnv_Admin\AppData\Local\Temp\sonarinst.exe
C:\Users\Lnv_Admin\AppData\Local\Temp\uninst1.exe
C:\Users\Lnv_Admin\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Lnv_Admin\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Pure_Fun\AppData\Local\Temp\drm_dyndata_7380014.dll- Click on File > Save as.., name it fixlist.txt and save it to the flash drive.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Next:
Plug the flashdrive into the infected PC.
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Click on Repair your computer menu item.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
- Select Command Prompt
Next:- In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.- The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press the Fix button.
- It will make a log (Fix.txt) on the flash drive. Please copy and paste this log in your Topic.
Thanks for looking into my issue among too many irons in the fire. I asked that question to learn about source/cause, so I can keep away from that source upon fixing this issue. I did not install any new device or open any email attachments. My son was playing video games from sites such as Steam clients, team speak, chrome, & counter strike etc. Youtube videos
As per your suggestion, I am attaching the fixlog.txt for your insight.
Thanks for helping.
Awaiting for next steps.
Last edited by MDRI; 09 Aug 2015 at 13:57.
Still won't boot? Time for me to go back and read the thread thoroughly.
Please provide a new FRST log.
Thanks for looking into my issue among too many things.
I did not boot. I have black screen with cursor in middle after running fix.
As per your suggestion, I am attaching the FRST.txt for your insight.
Thanks for helping.
Awaiting for next steps.