Dell laptop won't startup

[Starbuck]

Hi John,

 

Can you run FRST from the Recovery console for me please:

 

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive. (USB stick )

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options.

 

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

 

 

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst64 and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 

Thanks

[johnblaze]

FRST text file as requested:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014

Ran by SYSTEM on MININT-7BK34B7 on 16-06-2014 01:05:07

Running from E:\

Platform: Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

 

 

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

 

 

 

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

==================== Registry (Whitelisted) ==================

 

 

HKLM-x32\...\RunOnce: [OTL] - "C:\Users\Test\Desktop\OTL.exe" [602112 2014-06-11] (OldTimer Tools)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found

AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found

Startup: C:\Users\caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

 

 

==================== Services (Whitelisted) =================

 

 

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-29] (Microsoft Corporation)

S4 SlimService; C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe [232256 2014-03-20] (SlimWare Utilities, Inc.)

 

 

==================== Drivers (Whitelisted) ====================

 

 

S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

 

 

==================== One Month Created Files and Folders ========

 

 

2014-06-14 06:14 - 2014-06-14 06:14 - 00000204 _____ () C:\Users\Test\Desktop\delete.reg

2014-06-14 03:08 - 2014-06-14 03:08 - 00000204 _____ () C:\Users\Test\Desktop\delete.txt

2014-06-13 20:10 - 2014-06-13 20:10 - 00001860 _____ () C:\Users\Test\Desktop\peek.txt

2014-06-13 20:10 - 2014-06-13 20:10 - 00000115 _____ () C:\Users\Test\Desktop\look.txt

2014-06-13 17:24 - 2014-06-13 17:24 - 00000000 ____D () C:\_OTL

2014-06-13 17:05 - 2014-06-13 17:05 - 00000263 _____ () C:\Users\Test\Desktop\peek.bat

2014-06-13 14:25 - 2014-06-13 14:25 - 01025536 _____ (Farbar) C:\Users\Test\Desktop\ListParts64.exe

2014-06-13 14:20 - 2014-06-13 14:20 - 00002362 _____ () C:\Users\Test\Desktop\fix.txt

2014-06-11 16:04 - 2014-06-11 16:04 - 00602112 _____ (OldTimer Tools) C:\Users\Test\Desktop\OTL.exe

2014-06-10 20:04 - 2014-06-16 01:05 - 00000000 ____D () C:\FRST

2014-06-10 20:02 - 2014-06-10 20:02 - 00128288 _____ () C:\Users\Test\AppData\Local\GDIPFONTCACHEV1.DAT

2014-06-10 19:51 - 2014-06-10 19:51 - 00000000 ____D () C:\Users\Test\AppData\Local\VirtualStore

2014-06-10 19:14 - 2014-06-10 19:14 - 00000258 __RSH () C:\Users\Test\ntuser.pol

2014-06-10 19:13 - 2014-06-15 17:57 - 00000000 ____D () C:\Users\Test\AppData\Local\Temp

2014-06-10 19:13 - 2014-06-10 19:14 - 00000000 ____D () C:\users\Test

2014-06-10 19:13 - 2014-06-10 19:13 - 00000020 ___SH () C:\Users\Test\ntuser.ini

2014-06-10 19:13 - 2013-12-18 04:13 - 00000000 ____D () C:\Users\Test\AppData\Local\SoftThinks

2014-06-10 19:13 - 2013-06-22 07:30 - 00000000 ____D () C:\Users\Test\AppData\LocalGoogle

2014-06-10 19:13 - 2013-06-22 07:30 - 00000000 ____D () C:\Users\Test\AppData\Local\Google

2014-06-10 17:01 - 2014-06-10 17:01 - 02080768 _____ (Farbar) C:\Users\Test\Desktop\FRST64.exe

2014-06-09 16:38 - 2014-06-10 19:22 - 00000000 ____D () C:\Windows\pss

2014-06-09 16:12 - 2014-06-09 16:12 - 00000017 _____ () C:\Users\caroline\AppData\Local\resmon.resmoncfg

2014-05-24 14:46 - 2014-05-24 14:46 - 00003536 ____N () C:\bootsqm.dat

2014-05-24 14:43 - 2014-05-24 14:43 - 00000000 __SHD () C:\found.000

2014-05-23 17:07 - 2014-05-23 17:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-23 17:06 - 2014-05-23 17:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\caroline\Downloads\mbam-setup-2.0.2.1012.exe

 

 

==================== One Month Modified Files and Folders =======

 

 

2014-06-16 01:05 - 2014-06-10 20:04 - 00000000 ____D () C:\FRST

2014-06-15 17:57 - 2014-06-10 19:13 - 00000000 ____D () C:\Users\Test\AppData\Local\Temp

2014-06-14 06:35 - 2014-01-10 19:10 - 00131072 _____ () C:\Windows\System32\Ikeext.etl

2014-06-14 06:26 - 2012-12-08 09:10 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-14 06:25 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-14 06:25 - 2009-07-13 23:51 - 00097634 _____ () C:\Windows\setupact.log

2014-06-14 06:18 - 2012-12-08 09:10 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-14 06:14 - 2014-06-14 06:14 - 00000204 _____ () C:\Users\Test\Desktop\delete.reg

2014-06-14 03:08 - 2014-06-14 03:08 - 00000204 _____ () C:\Users\Test\Desktop\delete.txt

2014-06-13 20:10 - 2014-06-13 20:10 - 00001860 _____ () C:\Users\Test\Desktop\peek.txt

2014-06-13 20:10 - 2014-06-13 20:10 - 00000115 _____ () C:\Users\Test\Desktop\look.txt

2014-06-13 17:30 - 2010-12-25 05:40 - 00568188 _____ () C:\Windows\PFRO.log

2014-06-13 17:24 - 2014-06-13 17:24 - 00000000 ____D () C:\_OTL

2014-06-13 17:05 - 2014-06-13 17:05 - 00000263 _____ () C:\Users\Test\Desktop\peek.bat

2014-06-13 14:25 - 2014-06-13 14:25 - 01025536 _____ (Farbar) C:\Users\Test\Desktop\ListParts64.exe

2014-06-13 14:20 - 2014-06-13 14:20 - 00002362 _____ () C:\Users\Test\Desktop\fix.txt

2014-06-12 06:38 - 2009-07-14 00:13 - 00779724 _____ () C:\Windows\System32\PerfStringBackup.INI

2014-06-11 19:01 - 2012-12-08 14:38 - 00000000 ____D () C:\Users\caroline\AppData\Local\Temp

2014-06-11 16:04 - 2014-06-11 16:04 - 00602112 _____ (OldTimer Tools) C:\Users\Test\Desktop\OTL.exe

2014-06-10 20:02 - 2014-06-10 20:02 - 00128288 _____ () C:\Users\Test\AppData\Local\GDIPFONTCACHEV1.DAT

2014-06-10 19:51 - 2014-06-10 19:51 - 00000000 ____D () C:\Users\Test\AppData\Local\VirtualStore

2014-06-10 19:22 - 2014-06-09 16:38 - 00000000 ____D () C:\Windows\pss

2014-06-10 19:14 - 2014-06-10 19:14 - 00000258 __RSH () C:\Users\Test\ntuser.pol

2014-06-10 19:14 - 2014-06-10 19:13 - 00000000 ____D () C:\users\Test

2014-06-10 19:13 - 2014-06-10 19:13 - 00000020 ___SH () C:\Users\Test\ntuser.ini

2014-06-10 17:01 - 2014-06-10 17:01 - 02080768 _____ (Farbar) C:\Users\Test\Desktop\FRST64.exe

2014-06-10 00:17 - 2014-03-19 05:23 - 00000000 ____D () C:\ac0374c245021b16e5f3eb1c4b

2014-06-10 00:17 - 2014-01-15 12:11 - 00000000 ____D () C:\cb287b6835fb775f481b1cb1

2014-06-10 00:17 - 2013-08-29 05:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client

2014-06-10 00:17 - 2013-05-15 17:23 - 00000000 ____D () C:\3f70fcbecbda9e92dfb94d2fb0509fea

2014-06-10 00:17 - 2013-05-14 10:29 - 00000000 ____D () C:\Program Files (x86)\GUMFE99.tmp

2014-06-10 00:17 - 2013-03-10 16:03 - 00000000 ____D () C:\01e102cb5879a79d5648

2014-06-10 00:17 - 2012-12-08 14:31 - 00000000 ____D () C:\Emergency

2014-06-10 00:17 - 2012-12-08 09:10 - 00000000 ____D () C:\Program Files (x86)\Google

2014-06-10 00:17 - 2010-12-25 05:53 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup

2014-06-10 00:16 - 2014-04-20 03:52 - 00000000 ___RD () C:\Users\caroline\Podcasts

2014-06-10 00:16 - 2014-04-18 14:41 - 00000000 ____D () C:\ProgramData\COnvEurtteRR Maste

2014-06-10 00:16 - 2014-04-17 05:10 - 00000000 ____D () C:\Program Files\Zune

2014-06-10 00:16 - 2014-04-15 05:15 - 00000000 ____D () C:\ProgramData\4d09ce8d5400296d

2014-06-10 00:16 - 2014-04-01 07:53 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers

2014-06-10 00:16 - 2014-04-01 07:53 - 00000000 ____D () C:\ProgramData\Documents\Downloaded Installers

2014-06-10 00:16 - 2014-04-01 07:53 - 00000000 ____D () C:\Program Files\SlimCleaner Plus

2014-06-10 00:16 - 2014-03-23 08:35 - 00000000 ____D () C:\ProgramData\Websteroids

2014-06-10 00:16 - 2013-08-30 08:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-06-10 00:16 - 2013-08-30 08:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-06-10 00:16 - 2013-08-29 05:49 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-06-10 00:16 - 2013-03-13 05:27 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\Macrovision

2014-06-10 00:16 - 2013-01-15 14:10 - 00000000 ____D () C:\Windows\Minidump

2014-06-10 00:16 - 2012-12-25 10:43 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\ArcSoft

2014-06-10 00:16 - 2012-12-08 14:38 - 00000000 ____D () C:\users\caroline

2014-06-10 00:16 - 2010-12-25 06:16 - 00000000 ____D () C:\Program Files\Windows Journal

2014-06-10 00:16 - 2010-12-25 05:44 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-06-10 00:16 - 2010-12-25 05:44 - 00000000 ____D () C:\ProgramData\Skype

2014-06-10 00:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-06-10 00:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System

2014-06-10 00:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2014-06-10 00:15 - 2013-08-29 05:43 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform

2014-06-10 00:15 - 2013-03-21 16:39 - 00000000 ____D () C:\Windows\System32\EventProviders

2014-06-10 00:15 - 2012-12-25 08:54 - 00000000 ____D () C:\Windows\System32\Macromed

2014-06-10 00:15 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\System32\GroupPolicy

2014-06-10 00:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-06-10 00:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\System32\NDF

2014-06-09 16:12 - 2014-06-09 16:12 - 00000017 _____ () C:\Users\caroline\AppData\Local\resmon.resmoncfg

2014-05-24 14:46 - 2014-05-24 14:46 - 00003536 ____N () C:\bootsqm.dat

2014-05-24 14:43 - 2014-05-24 14:43 - 00000000 __SHD () C:\found.000

2014-05-23 17:25 - 2012-12-08 09:13 - 00000000 ____D () C:\Program Files\Google

2014-05-23 17:14 - 2010-12-25 04:20 - 01926678 _____ () C:\Windows\WindowsUpdate.log

2014-05-23 17:10 - 2009-07-13 23:45 - 00013872 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-23 17:10 - 2009-07-13 23:45 - 00013872 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-23 17:07 - 2014-05-23 17:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-23 17:07 - 2014-05-23 17:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\caroline\Downloads\mbam-setup-2.0.2.1012.exe

2014-05-23 17:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing

2014-05-23 16:42 - 2010-12-25 05:26 - 00000000 ____D () C:\ProgramData\WildTangent

2014-05-23 16:40 - 2013-02-02 13:47 - 00000000 ____D () C:\Users\caroline\AppData\Roaming\player

2014-05-23 16:35 - 2012-12-08 09:10 - 00000000 ____D () C:\Users\caroline\AppData\Local\Google

2014-05-23 16:35 - 2010-12-25 05:36 - 00000000 ____D () C:\ProgramData\Sonic

 

 

==================== Known DLLs (Whitelisted) ================

 

 

 

 

==================== Bamital & volsnap Check =================

 

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

==================== Restore Points =========================

 

 

 

 

==================== Memory info ===========================

 

 

Percentage of memory in use: 26%

Total physical RAM: 2010.36 MB

Available physical RAM: 1475.43 MB

Total Pagefile: 2010.36 MB

Available Pagefile: 1464.63 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

 

 

==================== Drives ================================

 

 

Drive c: (OS) (Fixed) (Total:218.14 GB) (Free:175.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (Recovery) (Fixed) (Total:14.65 GB) (Free:7.09 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (Backup) (Fixed) (Total:298.09 GB) (Free:252.06 GB) NTFS

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

 

 

==================== MBR & Partition Table ==================

 

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E94AE992)

Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)

Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=218 GB) - (Type=07 NTFS)

 

 

========================================================

Disk: 2 (Size: 298 GB) (Disk ID: EF2C2527)

Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

 

 

 

 

LastRegBack: 2014-01-10 19:34

 

 

==================== End Of Log ============================

[Starbuck]

Hi John,

 

Sorry to say, everything appears to be in order.

Obviously you want this laptop working again, so....

We may have to bite the bullet and try running the recovery partition.

This will set it back to a factory state (just as it was when first purchased)

Obviously this will delete any saved documents, pictures, music etc so make sure you have any of value saved to a USB stick before you start.

 

Looking up the info for the laptop, it seems there may be a couple of ways to access this partition.

 

http://www.dell.com/support/troubleshooting/us/en/19/KCS/KcsArticles/ArticleView?c=us&l=en&s=dhs&docid=DSN_362066

 

https://answers.yahoo.com/question/index?qid=20110921104735AA6Vffs

 

Remember to make sure the charger is plugged in to the laptop before you start though.

You don't want the laptop to run out of power during the process.

You will also have to get any windows updates etc all over again.

[johnblaze]

Thanks Starbuck, sounds like a factory reset is for the best. At least I have the chance to back up any important info beforehand. Thanks for all your help.

[Starbuck]

A factory reset isn't something we advise lightly.

Normally, finding and fixing the problem is our goal.

But sometimes it's just not practical to keep searching for the unknown.

Plus, you want a working laptop again.... stands to reason.

Sorry we couldn't be of more help.

[johnblaze]

Yeah, I totally understand. I've had enough help from you guys in the past to know that you wouldn't advise a factory reset lightly.

As I said, it's not like I'll lose any information as I have the chance to back it up, and the main priority is getting a working laptop back to my sister-in-law.

I'd like to thank you again for taking the time to help me. Re-reading my last message and it's maybe a little curt which is not how I meant it to sound as I do genuinely appreciate all the help you've given me :)