Oroko

FINALLY!!!!! I've booted successfully AHH! Sorry for the delay but it took a few attempts. The REFRESH option wasn't workable so I used the REPAIR INSTALL option instead, booting via usb. Regardless, I'm back in. Thanks for all your help!

Hello again. Unfortunately, the PC is still booting to a black screen Here's the log: Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018 Ran by SYSTEM (10-01-2018 17:44:19) Run:3 Running from h:\ Boot Mode: Recovery ============================================== fixlist content: ***************** Start S0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-11-23] () C:\Windows\System32\Drivers\mbamswissarmy.sys End ***************** "HKLM\System\ControlSet001\Services\MBAMSwissArmy" => removed successfully MBAMSwissArmy => service removed successfully C:\Windows\System32\Drivers\mbamswissarmy.sys => moved successfully ==== End of Fixlog 17:44:19 ====

So, I've gotten past the blue error screen but I still can't boot completely. I'm able to get to the Windows loading screen (with the dotted circle animation) but after a few seconds, the animation disappears and I'm left with a black screen instead of the Welcome screen. Here is the txt log: Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018 Ran by SYSTEM (10-01-2018 04:04:22) Run:2 Running from h:\ Boot Mode: Recovery ============================================== fixlist content: ***************** Start LastRegBack: 2017-11-18 20:47 End ***************** DEFAULT => copied successfully to System32\config\HiveBackup DEFAULT => restored successfully from registry back up SAM => copied successfully to System32\config\HiveBackup SAM => restored successfully from registry back up SECURITY => copied successfully to System32\config\HiveBackup SECURITY => restored successfully from registry back up SOFTWARE => copied successfully to System32\config\HiveBackup SOFTWARE => restored successfully from registry back up SYSTEM => copied successfully to System32\config\HiveBackup SYSTEM => restored successfully from registry back up ==== End of Fixlog 04:04:31 ====

Hello Kevin, Unfortunately I'm still getting the same boot error. Here are my fixlog.txt results: Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018 Ran by SYSTEM (10-01-2018 01:36:39) Run:1 Running from h:\ Boot Mode: Recovery ============================================== fixlist content: ***************** Start HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\rstrui.exe [268288 2016-07-16] (Microsoft Corporation) End ***************** "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore" => removed successfully ==== End of Fixlog 01:36:39 ====

FRST txt gave me the following: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018 Ran by SYSTEM on MININT-D5FPF6M (09-01-2018 21:47:23) Running from d:\ Platform: Windows 10 Home Version 1607 14393.1884 (X64) Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-11-14] (Sun Microsystems, Inc.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1814312 2009-08-14] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-19] (Apple Inc.) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2009-11-14] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-18] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] () HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-13] (Dropbox, Inc.) HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\rstrui.exe [268288 2016-07-16] (Microsoft Corporation) HKU\DefaultAppPool\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation) HKU\Vonnie\...\Run: [GoogleChromeAutoLaunch_4A359349AB278D655DA937C97D6C241B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-10] (Google Inc.) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-09-08] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-09-08] (Dropbox, Inc.) S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-11-13] (Dropbox, Inc.) S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes) S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] () S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.) S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-03-30] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-10-08] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) S0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-11-23] () S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-01-09 21:47 - 2018-01-09 21:47 - 000000000 ____D C:\FRST ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-01-09 21:42 - 2017-11-23 03:10 - 000000000 _____ C:\Recovery.txt Some files in TEMP: ==================== 2017-08-04 21:34 - 2017-09-14 13:21 - 000079904 _____ () C:\Users\Vonnie\AppData\Local\Temp\i4jdel0.exe 2017-11-19 15:57 - 2017-10-17 11:01 - 000927784 _____ () C:\Users\Vonnie\AppData\Local\Temp\TAInstaller.exe 2016-10-12 04:08 - 2016-10-12 04:09 - 030533688 _____ () C:\Users\Vonnie\AppData\Local\Temp\vlc-2.2.4-win32.exe 2017-06-06 10:46 - 2017-06-06 10:51 - 030950664 _____ () C:\Users\Vonnie\AppData\Local\Temp\vlc-2.2.6-win32.exe ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe [2017-07-12 15:44] - [2017-06-20 22:39] - 000673792 _____ (Microsoft Corporation) CB440E1C4EC9C369EC9DD07B48A83F36 C:\Windows\System32\wininit.exe [2017-11-14 16:05] - [2017-10-08 18:24] - 000304232 _____ (Microsoft Corporation) 5CB4612F106B3C69CE99335AEF034A2B C:\Windows\explorer.exe [2017-08-08 14:51] - [2017-07-11 21:55] - 004674872 _____ (Microsoft Corporation) 577119EC77525D3F80FFB03BFACC17D4 C:\Windows\SysWOW64\explorer.exe [2017-08-08 14:54] - [2017-07-11 21:52] - 004312760 _____ (Microsoft Corporation) 54210509B3129D716D6C9C5775710598 C:\Windows\System32\svchost.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 000044496 _____ (Microsoft Corporation) 36F670D89040709013F6A460176767EC C:\Windows\SysWOW64\svchost.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 000038792 _____ (Microsoft Corporation) 1F8434DD4907C832E6E90D6298EAB85B C:\Windows\System32\services.exe [2017-09-12 19:04] - [2017-08-07 21:45] - 000453544 _____ (Microsoft Corporation) 29C7C9F0FE9F048FB47DEE5F66134940 C:\Windows\System32\User32.dll [2017-10-11 09:43] - [2017-09-17 18:57] - 001460696 _____ (Microsoft Corporation) BAB449E496892494C1E8152A25A1E867 C:\Windows\SysWOW64\User32.dll [2017-10-11 09:58] - [2017-09-17 18:49] - 001435896 _____ (Microsoft Corporation) 99216EEF4FE75AB440C4168E5420BFBC C:\Windows\System32\userinit.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 000033280 _____ (Microsoft Corporation) C1B1FFC800BE2F31EB2CF8CB40629C69 C:\Windows\SysWOW64\userinit.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 000027648 _____ (Microsoft Corporation) FA900E6CCCF0A429D5B720C6F0E2274B C:\Windows\System32\rpcss.dll [2017-05-10 03:43] - [2017-04-27 15:41] - 000890368 _____ (Microsoft Corporation) 4A7015195E49A3BA7DB967B277B21E9D C:\Windows\System32\dnsapi.dll [2017-10-11 09:40] - [2017-09-17 19:09] - 000646688 _____ (Microsoft Corporation) 2DA9DA17F0FE6C0A8598EBBB1E59E320 C:\Windows\SysWOW64\dnsapi.dll [2017-10-11 09:56] - [2017-09-17 19:05] - 000497424 _____ (Microsoft Corporation) C1A05F68C92A8B9D4D5A3D4953427154 C:\Windows\System32\Drivers\volsnap.sys [2017-11-14 16:05] - [2017-10-08 18:25] - 000392024 _____ (Microsoft Corporation) 8F8887440BC649ABEC29FACEE7B5389F BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= Restore point date: 2017-11-14 16:19 Restore point date: 2017-11-21 21:39 Restore point date: 2017-11-22 22:57 Restore point date: 2018-01-09 20:35 ==================== Memory info =========================== Percentage of memory in use: 25% Total physical RAM: 3836.2 MB Available physical RAM: 2850.48 MB Total Virtual: 3836.2 MB Available Virtual: 2889.72 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:451.54 GB) (Free:283 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: () (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT Drive f: (RECOVERY) (Fixed) (Total:13.92 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from drive)] Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS Drive y: () (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8AE1E4AE) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=451.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=13.9 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ======================================================== Disk: 1 (Size: 961 MB) (Disk ID: 698097FE) Partition 1: (Not Active) - (Size=961 MB) - (Type=06) LastRegBack: 2017-11-18 20:47 ==================== End of FRST.txt ============================

Running on Windows 10 64-bit I decided to boot up an old laptop and ended up performing a system restore. The process never completed and now I'n in a bootloop. The error points to mbamswissarmy.sys as the issue. Any help with getting my laptop to boot would be greatly appreciated.