TechSpot

HP paviolion g6 series white screen on startup

By Tippy
Aug 17, 2013
  1. When I start up my laptop it loads up the starting windows icon then it goes to the strating screen then turns white. I used farbar recovery scan tool 64-bit and this is what it gave me:
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2013
    Ran by SYSTEM on 17-08-2013 13:16:18
    Running from H:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-12-01] (IDT, Inc.)
    HKLM\...\Run: [Hiudgepecuby] - C:\Users\Summer\AppData\Roaming\Ygnazipo\ilwelat.exe [202978 2013-07-15] ()
    HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-15] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2010-12-13] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [] - [x]
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [Hiudgepecuby] - C:\Users\Summer\AppData\Roaming\Ygnazipo\ilwelat.exe [202978 2013-07-15] ()
    HKLM-x32\...\Run: [GameServer33] - C:\Users\Summer\AppData\Roaming\ATI\WIN8D9B.exe [134144 2013-08-17] ()
    HKU\Summer\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)
    HKU\Summer\...\Run: [Facebook Update] - C:\Users\Summer\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
    HKU\Summer\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\oovoo.exe [27968712 2012-12-19] (ooVoo LLC)
    HKU\Summer\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5661056 2012-07-09] (SUPERAntiSpyware.com)
    HKU\Summer\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
    HKU\Summer\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18643048 2013-02-28] (Skype Technologies S.A.)
    HKU\Summer\...\Run: [{0F14475E-9931-4677-BC75-E8C9C62E4359}] - C:\Users\Summer\AppData\Local\{3D710E41-5655-4F3A-8C4E-24EB7CCDABD3}\{0F14475E-9931-4677-BC75-E8C9C62E4359}\olaa.dll [301056 2013-08-10] (CANON INC.) <===== ATTENTION
    HKU\Summer\...\Run: [SUPERAntiSpyware.com Update] - C:\Users\Summer\AppData\Local\SUPERAntiSpyware.com\ttchabxhgydk.dll [942592 2013-08-10] (CANON INC.)
    HKU\Summer\...\Run: [Hiudgepecuby] - C:\Users\Summer\AppData\Roaming\Ygnazipo\ilwelat.exe [202978 2013-07-15] ()
    HKU\Summer\...\Run: [Internet Security] - C:\ProgramData\msprotection.exe [845824 2013-08-17] (Peter Pawlowski)
    HKU\Summer\...\Winlogon: [Shell] explorer.exe,C:\Users\Summer\AppData\Roaming\skype.dat [142848 2013-07-08] (IntWay Software Group) <==== ATTENTION

    ==================== Services (Whitelisted) =================

    S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2011-08-11] (SUPERAntiSpyware.com)
    S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-12-15] (Advanced Micro Devices, Inc.)
    S2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
    S2 SecurityCenterServer3956396684; C:\Windows\SysWOW64\yspuvoyqc.exe [202978 2013-07-15] ()

    ==================== Drivers (Whitelisted) ====================

    S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-08-17 08:56 - 2013-08-17 12:00 - 00000000 _____ C:\Users\Summer\AppData\Roaming\skype.ini
    2013-08-17 08:51 - 2013-08-17 08:51 - 00845824 _____ (Peter Pawlowski) C:\ProgramData\msprotection.exe
    2013-08-17 08:51 - 2013-08-17 08:51 - 00229376 _____ C:\Users\Summer\iexplore.exe
    2013-08-17 08:51 - 2013-08-17 08:51 - 00142848 _____ (IntWay Software Group) C:\Users\Summer\windowsupdate.exe
    2013-08-17 08:51 - 2013-08-17 08:51 - 00000663 _____ C:\Users\Public\Desktop\Internet Security 2013.lnk
    2013-08-17 08:51 - 2013-08-17 08:51 - 00000000 _____ C:\Users\Summer\winlogon.exe
    2013-08-17 08:51 - 2013-08-17 08:51 - 00000000 _____ C:\Users\Summer\teamviewer.exe
    2013-08-17 08:39 - 2013-08-17 10:11 - 00000814 _____ C:\Windows\Tasks\Security Center Update - 3956396684.job
    2013-08-17 08:39 - 2013-08-17 08:39 - 00003828 _____ C:\Windows\System32\Tasks\Security Center Update - 3956396684
    2013-08-17 08:39 - 2013-08-17 08:39 - 00000000 ____D C:\Users\Summer\AppData\Roaming\Ygnazipo
    2013-08-17 08:39 - 2013-07-15 14:38 - 00202978 _____ C:\Windows\SysWOW64\yspuvoyqc.exe
    2013-08-14 09:53 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-08-14 09:53 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-08-14 09:53 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2013-08-14 09:53 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-08-14 09:53 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-08-14 09:53 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-08-14 09:53 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-08-14 09:53 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-08-14 09:53 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-08-14 09:53 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-08-14 09:53 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2013-08-14 09:53 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2013-08-14 09:53 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-08-14 09:53 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2013-08-14 09:53 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-08-14 09:53 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-08-14 09:53 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-08-14 09:53 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-08-14 09:53 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-08-14 09:53 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-08-14 09:53 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-08-14 09:53 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-08-14 09:53 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-08-14 09:53 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2013-08-14 09:53 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2013-08-14 09:53 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-08-14 09:53 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-08-14 09:53 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2013-08-14 09:53 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-08-14 09:53 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2013-08-14 09:53 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2013-08-13 15:33 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2013-08-13 15:33 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2013-08-13 15:33 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2013-08-13 15:33 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2013-08-13 15:33 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2013-08-13 15:33 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2013-08-13 15:33 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2013-08-13 15:33 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2013-08-13 15:33 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2013-08-13 15:33 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2013-08-13 15:32 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
    2013-08-13 15:32 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2013-08-13 15:32 - 2013-07-08 22:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-08-13 15:32 - 2013-07-08 21:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
    2013-08-13 15:32 - 2013-07-08 21:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2013-08-13 15:32 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
    2013-08-13 15:32 - 2013-07-08 21:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2013-08-13 15:32 - 2013-07-08 21:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2013-08-13 15:32 - 2013-07-08 20:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2013-08-13 15:32 - 2013-07-08 20:53 - 00142848 _____ (IntWay Software Group) C:\Users\Summer\AppData\Roaming\skype.dat
    2013-08-13 15:32 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2013-08-13 15:32 - 2013-07-08 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2013-08-13 15:32 - 2013-07-08 18:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2013-08-13 15:32 - 2013-07-08 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2013-08-13 15:32 - 2013-07-08 18:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2013-08-13 15:32 - 2013-07-08 18:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2013-08-13 15:31 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-08-13 15:31 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
    2013-08-10 13:50 - 2013-08-10 14:05 - 00000000 ____D C:\Users\Summer\AppData\Local\SUPERAntiSpyware.com
    2013-08-10 13:50 - 2013-08-10 13:50 - 00000000 ____D C:\Windows\Sun
    2013-07-28 09:28 - 2013-07-28 09:28 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
    2013-07-25 05:38 - 2013-08-14 09:46 - 00000000 ____D C:\Windows\System32\MRT

    ==================== One Month Modified Files and Folders =======

    2013-08-17 13:15 - 2013-08-17 13:15 - 00000000 ____D C:\FRST
    2013-08-17 12:00 - 2013-08-17 08:56 - 00000000 _____ C:\Users\Summer\AppData\Roaming\skype.ini
    2013-08-17 12:00 - 2011-04-09 00:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-08-17 12:00 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-08-17 12:00 - 2009-07-13 20:51 - 00055359 _____ C:\Windows\setupact.log
    2013-08-17 11:58 - 2011-05-21 07:53 - 00000000 ____D C:\Users\Summer\AppData\Local\CrashDumps
    2013-08-17 11:55 - 2012-07-18 19:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-08-17 11:55 - 2011-02-26 07:45 - 01349273 _____ C:\Windows\WindowsUpdate.log
    2013-08-17 11:55 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-08-17 11:55 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-08-17 11:48 - 2011-04-06 15:38 - 00000000 ____D C:\Users\Summer\Tracing
    2013-08-17 10:15 - 2011-07-06 16:18 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244510761-3463813534-1633792533-1001UA.job
    2013-08-17 10:11 - 2013-08-17 08:39 - 00000814 _____ C:\Windows\Tasks\Security Center Update - 3956396684.job
    2013-08-17 10:11 - 2011-04-09 00:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-08-17 09:00 - 2011-04-09 00:23 - 00000000 ____D C:\Users\Summer\AppData\Roaming\Skype
    2013-08-17 08:51 - 2013-08-17 08:51 - 00845824 _____ (Peter Pawlowski) C:\ProgramData\msprotection.exe
    2013-08-17 08:51 - 2013-08-17 08:51 - 00229376 _____ C:\Users\Summer\iexplore.exe
    2013-08-17 08:51 - 2013-08-17 08:51 - 00142848 _____ (IntWay Software Group) C:\Users\Summer\windowsupdate.exe
    2013-08-17 08:51 - 2013-08-17 08:51 - 00000663 _____ C:\Users\Public\Desktop\Internet Security 2013.lnk
    2013-08-17 08:51 - 2013-08-17 08:51 - 00000000 _____ C:\Users\Summer\winlogon.exe
    2013-08-17 08:51 - 2013-08-17 08:51 - 00000000 _____ C:\Users\Summer\teamviewer.exe
    2013-08-17 08:51 - 2011-04-06 14:43 - 00000000 ____D C:\users\Summer
    2013-08-17 08:41 - 2011-04-06 14:49 - 00000000 ____D C:\Users\Summer\AppData\Roaming\ATI
    2013-08-17 08:39 - 2013-08-17 08:39 - 00003828 _____ C:\Windows\System32\Tasks\Security Center Update - 3956396684
    2013-08-17 08:39 - 2013-08-17 08:39 - 00000000 ____D C:\Users\Summer\AppData\Roaming\Ygnazipo
    2013-08-16 21:09 - 2012-07-12 11:12 - 00001852 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2013-08-16 21:07 - 2011-02-26 07:52 - 00247518 _____ C:\Windows\PFRO.log
    2013-08-16 21:05 - 2011-07-06 16:18 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244510761-3463813534-1633792533-1001Core.job
    2013-08-16 09:52 - 2011-04-06 14:48 - 00001417 _____ C:\Users\Summer\Desktop\Internet Explorer.lnk
    2013-08-14 09:50 - 2009-07-13 21:13 - 00740814 _____ C:\Windows\System32\PerfStringBackup.INI
    2013-08-14 09:48 - 2013-07-25 05:38 - 00000000 ____D C:\Windows\System32\MRT
    2013-08-14 09:45 - 2011-04-06 16:25 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-08-13 09:40 - 2012-11-07 18:26 - 00003220 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSUMMER-HP$
    2013-08-13 09:40 - 2012-11-07 18:26 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForSUMMER-HP$.job
    2013-08-10 14:05 - 2013-08-10 13:50 - 00000000 ____D C:\Users\Summer\AppData\Local\SUPERAntiSpyware.com
    2013-08-10 13:50 - 2013-08-10 13:50 - 00000000 ____D C:\Windows\Sun
    2013-08-10 13:50 - 2012-01-22 20:06 - 00000000 ____D C:\Users\Summer\AppData\Local\{3D710E41-5655-4F3A-8C4E-24EB7CCDABD3}
    2013-08-09 16:25 - 2013-06-10 08:20 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSummer
    2013-08-09 16:25 - 2013-06-10 08:20 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForSummer.job
    2013-07-31 21:08 - 2012-03-18 21:32 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2013-07-28 09:28 - 2013-07-28 09:28 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
    2013-07-28 09:27 - 2011-04-09 00:22 - 00000000 ____D C:\Program Files (x86)\Google
    2013-07-25 21:13 - 2013-08-14 09:53 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-07-25 21:13 - 2013-08-14 09:53 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-07-25 21:13 - 2013-08-14 09:53 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2013-07-25 21:12 - 2013-08-14 09:53 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-07-25 21:12 - 2013-08-14 09:53 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-07-25 21:12 - 2013-08-14 09:53 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-07-25 21:12 - 2013-08-14 09:53 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-07-25 21:12 - 2013-08-14 09:53 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-07-25 21:12 - 2013-08-14 09:53 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-07-25 21:12 - 2013-08-14 09:53 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-07-25 21:12 - 2013-08-14 09:53 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2013-07-25 21:12 - 2013-08-14 09:53 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2013-07-25 21:12 - 2013-08-14 09:53 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-07-25 21:12 - 2013-08-14 09:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2013-07-25 19:35 - 2013-08-14 09:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-07-25 19:13 - 2013-08-14 09:53 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-07-25 19:13 - 2013-08-14 09:53 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-07-25 19:12 - 2013-08-14 09:53 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-07-25 19:12 - 2013-08-14 09:53 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-07-25 19:12 - 2013-08-14 09:53 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-07-25 19:12 - 2013-08-14 09:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-07-25 19:12 - 2013-08-14 09:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-07-25 19:12 - 2013-08-14 09:53 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-07-25 19:12 - 2013-08-14 09:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2013-07-25 19:12 - 2013-08-14 09:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2013-07-25 19:12 - 2013-08-14 09:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-07-25 19:11 - 2013-08-14 09:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-07-25 19:11 - 2013-08-14 09:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2013-07-25 18:49 - 2013-08-14 09:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-07-25 18:39 - 2013-08-14 09:53 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2013-07-25 17:59 - 2013-08-14 09:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2013-07-25 10:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2013-07-25 01:25 - 2013-08-13 15:32 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
    2013-07-25 00:57 - 2013-08-13 15:32 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2013-07-18 17:58 - 2013-08-13 15:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2013-07-18 17:41 - 2013-08-13 15:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

    Files to move or delete:
    ====================
    C:\Users\Summer\AppData\Local\{3D710E41-5655-4F3A-8C4E-24EB7CCDABD3}\{0F14475E-9931-4677-BC75-E8C9C62E4359}\olaa.dll
    C:\ProgramData\msprotection.exe
    C:\Users\Summer\iexplore.exe
    C:\Users\Summer\teamviewer.exe
    C:\Users\Summer\windowsupdate.exe
    C:\Users\Summer\winlogon.exe
    C:\Users\Summer\AppData\Roaming\skype.dat
    C:\Users\Summer\AppData\Roaming\skype.ini

    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-07-12 05:37:30
    Restore point made on: 2013-07-19 09:49:38
    Restore point made on: 2013-07-25 05:38:08
    Restore point made on: 2013-08-04 13:49:06
    Restore point made on: 2013-08-13 15:21:17
    Restore point made on: 2013-08-14 09:44:48

    ==================== Memory info ===========================

    Percentage of memory in use: 19%
    Total physical RAM: 3834.9 MB
    Available physical RAM: 3105.25 MB
    Total Pagefile: 3833.05 MB
    Available Pagefile: 3104.18 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.86 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:282.82 GB) (Free:184.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (RECOVERY) (Fixed) (Total:14.98 GB) (Free:1.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    Drive h: (USB20FD) (Removable) (Total:7.59 GB) (Free:7.38 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: CB3F4DE8)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: C3072E18)
    Partition 1: (Active) - (Size=8 GB) - (Type=0C)


    LastRegBack: 2013-08-13 10:09

    ==================== End Of Log ============================




    with all that can anyone help me and tell me what to do next?
     
  2. Tippy

    Tippy TS Rookie Topic Starter

    I also ran a fixlog.txt file and here is the results from that:
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2013
    Ran by SYSTEM at 2013-08-17 13:35:25 Run:1
    Running from H:\
    Boot Mode: Recovery
    ==============================================

    Content of fixlist:
    *****************
    SubSystems: [Windows] ==> ZeroAccess
    C:\Windows\System32\consrv.dll
    HKU\Lilly\...\Winlogon: [Shell] explorer.exe,C:\Users\Lilly\AppData\Roaming\skype.dat [62468 2011-11-18] (?????????? ??????????)
    C:\Users\Lilly\AppData\Roaming\skype.dat
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$b169bd3b4fa149f6b9e5f5562b27726b\n. ATTENTION! ====> ZeroAccess
    C:\Windows\assembly\GAC_32\Desktop.ini
    C:\Windows\assembly\GAC_64\Desktop.ini
    C:\$Recycle.Bin\S-1-5-21-57262169-2801356963-3739522431-1000\$b169bd3b4fa149f6b9e5f5562b27726b
    C:\$Recycle.Bin\S-1-5-18\$b169bd3b4fa149f6b9e5f5562b27726b

    *****************

    HKLM\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    "C:\Windows\System32\consrv.dll" => File/Directory not found.
    HKU\Lilly\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
    "C:\Users\Lilly\AppData\Roaming\skype.dat" => File/Directory not found.
    HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
    "C:\Windows\assembly\GAC_32\Desktop.ini" => File/Directory not found.
    "C:\Windows\assembly\GAC_64\Desktop.ini" => File/Directory not found.
    "C:\$Recycle.Bin\S-1-5-21-57262169-2801356963-3739522431-1000\$b169bd3b4fa149f6b9e5f5562b27726b" => File/Directory not found.
    "C:\$Recycle.Bin\S-1-5-18\$b169bd3b4fa149f6b9e5f5562b27726b" => File/Directory not found.

    ==== End of Fixlog ====
     
  3. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    FRST is not a toy tool and you shouldn't be running any fixes by yourself.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    Post fresh FRST log.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...