Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Windows 10 Lean: Microsoft Developing a Minimalist Version of Windows

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

Black Screen only showing cursor on startup

Started by billhagan , Jan 28 2016 10:27 AM

This topic is locked

3 replies to this topic

#1 billhagan

Members
2 posts
OFFLINE

Local time:08:54 PM

Posted 28 January 2016 - 10:27 AM

I have read several posts and noticed that the solutions are specific to each case. I would appreciate it if someone could take a look at my FRST logs and see if they can help me solve this issue. Thanks

Here is the log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by SYSTEM on MININT-FN5TKOI (28-01-2016 10:22:58)
Running from h:\
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [318464 2009-05-14] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-10-20] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-12-05] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1276733934\ee\AOLSoftware.exe [41800 2010-02-10] (AOL Inc.)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1573576 2012-12-10] (Ask)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542104 2012-12-11] (Lavasoft)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2573712 2015-12-20] ()
HKLM-x32\...\Run: [Ad-Aware Antivirus] => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [InboxAce_1g Browser Plugin Loader] => C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe
HKLM-x32\...\Run: [InboxAce_1g Browser Plugin Loader 64] => C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon64.exe
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [723904 2015-11-10] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Admin\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-06-16] (Hewlett-Packard Company)
HKU\Admin\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [143360 2006-12-23] (Nero AG)
HKU\Admin\...\Run: [HP Photosmart 5510d series (NET)] => C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe [2676584 2011-08-16] (Hewlett-Packard Co.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk [2016-01-13]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk -> C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-11-09]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236968 2012-12-14] (Lavasoft Limited)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
S2 DvmMDES; C:\SPLASH.SYS\config\DVMExportService.exe [323584 2009-07-08] (DeviceVM, Inc.)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-11-10] (McAfee, Inc.)
S2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe [240640 2009-10-20] (IDT, Inc.)
S2 vToolbarUpdater19.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.1.0\ToolbarUpdater.exe [1864592 2015-12-20] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 0020471450628012mcinstcleanup; C:\Windows\TEMP\002047~1.EXE -cleanup -nolog [X]
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
S2 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\1.8.190.0\McCSPServiceHost.exe" [X]
S2 MpfService; "C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
S1 DVMIO; C:\SPLASH.SYS\config\dvmio.sys [21624 2009-09-27] (DeviceVM, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-12-30] (GFI Software)
S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
S1 NEOFLTR_710_19525; C:\Windows\system32\Drivers\NEOFLTR_710_19525.SYS [99152 2011-10-11] (Juniper Networks)
S3 PTDUBus; C:\Windows\System32\DRIVERS\PTDUBus.sys [70672 2009-08-12] (DEVGURU Co., LTD.)
S3 PTDUMdm; C:\Windows\System32\DRIVERS\PTDUMdm.sys [173456 2009-08-12] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTDUVsp; C:\Windows\System32\DRIVERS\PTDUVsp.sys [173456 2009-08-12] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTDUWFLT; C:\Windows\System32\DRIVERS\PTDUWFLT.sys [12688 2009-08-12] (DEVGURU Co., LTD.)
S3 PTDUWWAN; C:\Windows\System32\DRIVERS\PTDUWWAN.sys [141840 2009-08-12] (DEVGURU Co., LTD.)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2010-05-14] (support.com, Inc)
S4 eabfiltr; no ImagePath
S3 RTSTOR; system32\drivers\RTSTOR.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-28 10:09 - 2016-01-28 10:09 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2016-01-28 09:57 - 2016-01-28 10:22 - 00000000 ____D C:\FRST
2016-01-28 09:13 - 2016-01-28 09:13 - 00000000 ____D C:\Windows\Microsoft Antimalware
2016-01-13 19:24 - 2016-01-13 19:24 - 00000000 __SHD C:\found.001
2016-01-08 12:24 - 2016-01-09 15:00 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForAdmin.job
2016-01-08 12:24 - 2016-01-08 12:24 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAdmin
2016-01-08 12:22 - 2016-01-09 15:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-08 11:49 - 2016-01-28 07:15 - 01357678 _____ C:\Windows\ntbtlog.txt
2016-01-01 06:49 - 2015-10-08 15:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\nlsbres.dll
2016-01-01 06:49 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-01-01 06:49 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\kbdgeoqw.dll
2016-01-01 06:49 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDAZEL.DLL
2016-01-01 06:49 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDAZE.DLL
2016-01-01 06:49 - 2015-10-08 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-01-01 06:49 - 2015-10-08 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-01-01 06:49 - 2015-10-08 15:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-01-01 06:49 - 2015-10-08 11:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2016-01-01 06:49 - 2015-10-08 10:52 - 00419928 _____ C:\Windows\System32\locale.nls
2015-12-31 14:54 - 2015-12-31 14:54 - 00002191 _____ C:\Users\Admin\Desktop\HP Support Assistant.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-28 07:12 - 2009-07-13 20:45 - 00344608 _____ C:\Windows\System32\FNTCACHE.DAT
2016-01-28 05:57 - 2010-05-05 08:43 - 00000177 ____H C:\dvmexp.idx
2016-01-28 05:52 - 2012-12-30 07:50 - 00000000 ____D C:\ProgramData\MFAData
2016-01-13 16:01 - 2009-07-13 20:45 - 00026192 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-13 16:01 - 2009-07-13 20:45 - 00026192 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-13 16:00 - 2015-07-14 15:46 - 00000402 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2016-01-13 15:53 - 2009-07-13 21:13 - 00782510 _____ C:\Windows\System32\PerfStringBackup.INI
2016-01-13 15:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-01-13 15:48 - 2015-05-04 14:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-13 15:48 - 2012-12-30 08:11 - 00001828 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2016-01-13 15:48 - 2012-12-30 08:11 - 00001828 _____ C:\ProgramData\Desktop\Ad-Aware Antivirus.lnk
2016-01-13 15:48 - 2010-06-09 08:52 - 00000192 _____ C:\ProgramData\HPWALog.txt
2016-01-13 15:47 - 2013-06-09 06:35 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2016-01-13 15:47 - 2013-06-04 14:44 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-01-13 15:47 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-12 16:36 - 2012-04-09 16:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-12 16:17 - 2015-05-04 14:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-12 16:00 - 2012-12-30 07:48 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2016-01-10 15:20 - 2010-06-09 08:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\HpUpdate
2016-01-10 07:01 - 2010-06-09 08:31 - 00000000 ____D C:\users\Admin
2016-01-09 15:00 - 2012-05-14 14:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-08 12:36 - 2012-04-09 16:18 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-08 12:36 - 2012-04-09 16:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-08 12:36 - 2012-01-01 15:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-08 12:24 - 2010-06-09 08:31 - 00000000 ____D C:\Users\Admin\AppData\Local\Hewlett-Packard
2016-01-05 16:18 - 2015-12-05 10:18 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForADMIN-PC$
2016-01-05 16:18 - 2015-12-05 10:18 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForADMIN-PC$.job
2016-01-03 15:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-01-03 15:05 - 2010-05-05 08:36 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-01-03 15:05 - 2009-12-05 10:20 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-12-31 14:54 - 2010-06-09 08:31 - 00000000 ___RD C:\Users\Admin\Desktop
2015-12-31 14:54 - 2009-12-05 09:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-31 14:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2015-12-31 14:41 - 2013-01-06 06:53 - 00000000 __SHD C:\Config.Msi
2015-12-31 14:41 - 2010-06-09 08:51 - 00085824 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-31 14:41 - 2009-12-05 09:15 - 00000000 __SHD C:\Windows\Installer
2015-12-31 14:41 - 2009-12-05 09:12 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-12-31 14:40 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\assembly
2015-12-31 14:32 - 2009-09-06 16:40 - 00000000 ____D C:\SwSetup
2015-12-31 13:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\config\RegBack

Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Admin\AppData\Local\Temp\JuniperSetupClientInstaller.exe
C:\Users\Admin\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Admin\AppData\Local\Temp\xdalwhza.dll

==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2015-12-14 16:17] - [2015-11-10 10:55] - 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03A

C:\Windows\SysWOW64\User32.dll
[2015-12-14 16:17] - [2015-11-10 10:37] - 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (Whitelisted) =============

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3894.79 MB
Available physical RAM: 3138.91 MB
Total Virtual: 3892.94 MB
Available Virtual: 3127.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:279.03 GB) (Free:200.25 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (RECOVERY) (Fixed) (Total:18.76 GB) (Free:3.02 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive h: (WIN7INSTALL) (Removable) (Total:3.66 GB) (Free:1.32 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: F8071B56)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT.

LastRegBack: 2015-12-26 12:06

==================== End of FRST.txt ============================

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 nasdaq

Malware Response Team
38,580 posts
OFFLINE

Gender:Male
Location:Montreal, QC. Canada
Local time:09:54 PM

Posted 29 January 2016 - 10:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key

+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1573576 2012-12-10] (Ask)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2573712 2015-12-20] ()
HKLM-x32\...\Run: [InboxAce_1g Browser Plugin Loader] => C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe
HKLM-x32\...\Run: [InboxAce_1g Browser Plugin Loader 64] => C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon64.exe
S2 vToolbarUpdater19.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.1.0\ToolbarUpdater.exe [1864592 2015-12-20] (AVG Secure Search)
S2 0020471450628012mcinstcleanup; C:\Windows\TEMP\002047~1.EXE -cleanup -nolog [X]
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
S2 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\1.8.190.0\McCSPServiceHost.exe" [X]
S2 MpfService; "C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe" [X]
S4 eabfiltr; no ImagePath
S3 RTSTOR; system32\drivers\RTSTOR.SYS [X]
C:\Program Files (x86)\InboxAce_1g
C:\Users\Admin\AppData\Local\Temp\xdalwhza.dll

End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know if you are able to start the computer normally.

Back to top

#3 billhagan

Topic Starter

Members
2 posts
OFFLINE

Local time:08:54 PM

Posted 29 January 2016 - 10:25 AM

Thanks for the response. After doing more research on the problem I noticed a lot of people were having to format, so I jumped the gun and went ahead and imaged the laptop. Thanks again for the help though. This is an awesome forum.

Back to top

#4 nasdaq

Malware Response Team
38,580 posts
OFFLINE

Gender:Male
Location:Montreal, QC. Canada
Local time:09:54 PM

Posted 29 January 2016 - 11:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.