TechSpot

Windows locked after running HP diagnostics to fix video problem

By Saskie
Aug 9, 2016
  1. I experienced a video anomaly on my HP Envy which is approximately 4 years old. There was flickering on the screen and I was unable to do anything. I suspected a failed video card or perhaps motherboard.

    I ran the proprietary HP diagnostic tests and all the hardware tested, "ok". I then attempted to do do a system recovery to a safe point and my recovery was less than successful. Windows lost its brain.

    Error message File:\BCD
    Error code 0xc0000098

    The only new program that I put on was Audacity 2.0. While performing the diagnostic tests, there was no problem with the screen.

    I'm out of my element on how to get Windows back from a locked position.

    Please help with thanks.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    What exactly do you mean by Windows being locked?
     
  3. Saskie

    Saskie TS Rookie Topic Starter

    Hi Broni,

    The laptop no longer sees an operating system. This limits my ability to do anything. :) I was hoping that the error code would help. I'm comfortable with DOS and commands, but I can't seem to get beyond this blue screen of death.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    NOTE 1. Use another working computer to download Farbar Recovery Scan Tool. Use USB flash drive to transfer it from good computer to the bad one.
    NOTE 2. Install Panda USB Vaccine, or BitDefenderā€™s USB Immunizer on GOOD computer to protect it from any infected USB device.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 10 If you're having problems accessing System Recovery Options create Windows 10 USB or DVD as described here: http://betanews.com/2015/07/29/how-...your-own-installation-usb-flash-drive-or-dvd/ and boot from it.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt. To access Advanced Boot Options start and shut down computer TWICE. On third start you should see Advanced Boot Options.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note:
      Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  5. Saskie

    Saskie TS Rookie Topic Starter

    The Boot configuration Data file doesn't contain valid information for an operating system.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Follow my previous reply.
     
  7. Saskie

    Saskie TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2016 01
    Ran by Diane (2016-08-09 21:46:35)
    Running from C:\Users\Diane\Downloads
    Windows 8.1 (Update) (X64) (2015-08-21 20:40:04)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2605570102-801199272-3767273524-500 - Administrator - Disabled)
    Diane (S-1-5-21-2605570102-801199272-3767273524-1001 - Administrator - Enabled) => C:\Users\Diane
    Guest (S-1-5-21-2605570102-801199272-3767273524-501 - Limited - Enabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-2605570102-801199272-3767273524-1003 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: ESET NOD32 Antivirus 9.0.377.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
    AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: ESET NOD32 Antivirus 9.0.377.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.220.2 - AVAST Software)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
    CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.4.5822 - CyberLink Corp.)
    Cyberlink PhotoDirector (Version: 5.0.4.6127 - CyberLink Corp.) Hidden
    CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.4926 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.4930 - CyberLink Corp.)
    CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.2.1307 - CyberLink Corp.)
    CyberLink PowerDirector 12 (Version: 12.0.3.3726 - CyberLink Corp.) Hidden
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.4724 - CyberLink Corp.)
    DC Universe Online (HKU\S-1-5-21-2605570102-801199272-3767273524-1001\...\DGC-DC Universe Online) (Version: 1.0.3.192 - Daybreak Game Company)
    DC Universe Online Live (HKU\S-1-5-21-2605570102-801199272-3767273524-1001\...\DG0-DC Universe Online Live) (Version: - Sony Online Entertainment)
    DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Document Capture Pro (HKLM-x32\...\{8930DCE5-510D-4476-A879-835188F7B6F4}) (Version: 1.06.0011 - Seiko Epson Corporation)
    Document Capture Pro OneNote Connector (HKLM-x32\...\{65FC2F65-FCD4-495C-B250-1F7C049E4A39}) (Version: 1.00.0000 - Seiko Epson Corporation)
    Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.3.0 - Dropbox, Inc.)
    Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
    Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
    Epson Event Manager (HKLM-x32\...\{E4631929-CBD3-49A1-9BB7-F36E701F7C34}) (Version: 3.10.0040 - Seiko Epson Corporation)
    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.53.00 - SEIKO EPSON CORPORATION)
    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
    EPSON WF-4630 Series Printer Uninstall (HKLM\...\EPSON WF-4630 Series) (Version: - SEIKO EPSON Corporation)
    EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
    ESET NOD32 Antivirus (HKLM\...\{7AE87B04-836F-4336-98A4-5FE6383003BC}) (Version: 9.0.377.0 - ESET, spol. s r.o.)
    Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
    Foxit PhantomPDF (HKLM-x32\...\{00AB67E6-7A15-4357-95AA-F06A6950EA7C}) (Version: 7.0.39.113 - Foxit Software Inc.)
    Glary Utilities 5.44 (HKLM-x32\...\Glary Utilities 5) (Version: 5.44.0.64 - Glarysoft Ltd)
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM-x32\...\{CC1FD1EF-FEF1-4A97-847C-D1652CD56C3C}) (Version: 6.0.23.1 - Hewlett-Packard Company)
    HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{E742C7E1-1F17-4C4E-9D58-CFCD3CC0DBE7}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7960.5089 - Hewlett-Packard)
    HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.39 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.27.17 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.5.26.37 - HP)
    HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.)
    Inst5675 (Version: 8.01.39 - Softex Inc.) Hidden
    Inst5676 (Version: 8.01.39 - Softex Inc.) Hidden
    Intel WiDi Media Share (HKLM-x32\...\{275CD120-A23B-47C7-944A-9B6D9CDA583F}) (Version: 1.2.0.0 - Intel Corporation)
    Intel(R) Chipset Device Software (x32 Version: 10.0.22 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10100.71 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
    Intel(R) PRO/Wireless Driver (HKLM\...\{33d748b9-4100-4fef-bcdc-33e69f098c38}) (Version: 17.13.2000.2036 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4029 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
    Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.17 - Intel Corporation)
    Intel(R) WiDi (HKLM\...\{AACB7B6F-5057-4612-B026-FE2A3D69F30B}) (Version: 5.1.28.0 - Intel Corporation)
    iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
    Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
    PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21263 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.36.826.2014 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7439 - Realtek Semiconductor Corp.)
    Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.48.51 - Synaptics Incorporated)
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
    Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {028DC778-8B1E-4338-A6E1-0EB35D9923D5} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2016-01-31] (Glarysoft Ltd)
    Task: {0EF6D63B-AB51-4A21-8D64-A43B7AB52094} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-05-23] (AVAST Software)
    Task: {27CE44F3-7B9F-40C2-84B6-A4F7459A39B5} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2015-01-30] (Hewlett-Packard)
    Task: {29169431-2C0A-4D9F-B7F4-9C7C3EA3251E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
    Task: {3B90AD9F-B506-419A-8C88-9DB9D8EF1F90} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
    Task: {444FEE14-A830-4BDE-BFD5-B8EDA4C0D083} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {5D42B2F4-DF98-4954-82CE-1F05D04A280E} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2015-01-30] (Hewlett-Packard)
    Task: {62507A14-DE2B-4177-8390-37D7BD4092B9} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-03-01] (AVAST Software)
    Task: {73A291E5-F57F-4554-9092-5BFC7B0BC0D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-06-28] (HP Inc.)
    Task: {7774CDD8-3666-4CD1-B7B6-A4C2AE39C9C8} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
    Task: {96E5FD52-A4CB-4DC0-B6B2-677F68677CB9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-06-28] (HP Inc.)
    Task: {ABC4BFFB-03AF-4D12-8A6C-740A2BFAC894} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2015-01-30] (Hewlett-Packard)
    Task: {C104810E-BC99-4F21-9588-1FC644BAA8BB} - System32\Tasks\YCMServiceAgent => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-11-24] (CyberLink Corp.)
    Task: {C1209EE9-990F-436A-A913-647457249DD9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
    Task: {D0FF1F5C-663D-4CAE-8B36-38BB2325306D} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-01-15] ()
    Task: {E1939BB7-CB7A-4CEE-95A8-AC974ECF782D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-07-08] (HP Inc.)
    Task: {E2D99D41-4583-4302-A0EA-C944334F7E07} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2016-01-31] (Glarysoft Ltd)
    Task: {E346021A-0626-411E-BFEF-121B7DFF6CBC} - System32\Tasks\{59DA3773-18CA-40B3-AC2A-B600CA175FE2} => pcalua.exe -a E:\SETUP.EXE -d E:\ -c /AUTORUN
    Task: {E3E4CE49-4710-4748-8B58-CF1B0C1CF3DD} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
    Task: {ED066CC4-8F9C-48B3-AB77-FBCABFCAD3BA} - System32\Tasks\HPCeeScheduleForDiane => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\HPCeeScheduleForDiane.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-01-30 21:07 - 2015-01-30 21:07 - 02169344 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
    2015-01-30 21:05 - 2015-01-30 21:05 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
    2015-01-30 21:05 - 2015-01-30 21:05 - 00035840 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
    2015-01-30 21:05 - 2015-01-30 21:05 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
    2015-01-30 21:16 - 2015-01-30 21:16 - 00431696 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
    2015-01-30 21:16 - 2015-01-30 21:16 - 00746064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
    2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-07-09 05:44 - 2014-04-14 19:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2016-05-23 16:10 - 2016-05-23 16:10 - 00592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
    2014-06-10 22:19 - 2014-06-10 22:19 - 00622080 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\JobCapsA.DLL
    2015-01-30 21:09 - 2015-01-30 21:09 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    2015-08-21 15:35 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
    2015-08-21 15:34 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
    2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-07-05 15:23 - 2016-07-05 15:23 - 00244536 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
    2016-07-05 15:23 - 2016-07-05 15:23 - 01041208 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-01-31 20:16 - 2016-01-31 20:16 - 00080064 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
    2014-10-10 10:37 - 2014-10-10 10:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2016-05-23 16:10 - 2016-05-23 16:10 - 38907672 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2605570102-801199272-3767273524-1001\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.1.254 - 75.153.171.114
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKU\S-1-5-21-2605570102-801199272-3767273524-1001\...\StartupApproved\Run: => "CAHeadless"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{B126ADB9-0F59-4EF8-9599-D8B0DC9AF176}] => (Allow) c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{C5FD5832-2263-4640-96B5-6824F51603F2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
    FirewallRules: [{58C8294B-C028-472C-A49F-B88C2E95FA20}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
    FirewallRules: [{809F7A20-28C4-4BCC-BCC8-0AF0183FE736}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
    FirewallRules: [{9FB7B05E-5AA6-4758-BFF2-8D0FDE1E5792}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
    FirewallRules: [{1D091A5D-35B0-4DBC-8128-B967E71496AC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
    FirewallRules: [{396C49E4-3C4E-4912-A673-86B4FDEEE62C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
    FirewallRules: [{6BC5AE03-7A8D-4C84-98B5-0256EEDE826B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    FirewallRules: [{7A382BA9-77D4-49F0-8930-703835E16931}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
    FirewallRules: [{9A9BFE91-D18C-4887-88E0-22749C01191D}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
    FirewallRules: [{D65F8364-F0CE-4014-A1DE-7FD4FA983A89}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
    FirewallRules: [{708B766C-6772-440E-9A29-765EA3433B2D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{38B64AE1-2C62-417A-A4CA-3AC85FF0B536}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{A7DEB417-C9F2-44AB-814B-69AEC2875D42}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{62726B68-FB78-4550-9AB7-5EC54F4B5180}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{4FC3ABFA-F018-4953-941E-5AE979A73135}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{D82E5C76-7AC5-418C-88FC-E6820AEA365E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{30DFD6F5-FFE2-4013-8A0C-07FDEE4BAA24}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{ABED1D58-801B-414A-8AB2-0CC0DB14AD5B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{AD43D89E-D58F-4686-9843-D317E647D075}] => (Allow) C:\Windows\system32\mstsc.exe
    FirewallRules: [{3CE5E26D-1B8C-4B6F-B465-3F352CCD5807}] => (Allow) C:\Windows\system32\mstsc.exe
    FirewallRules: [{CE60BB85-2083-4F43-8413-8DD92F603350}] => (Allow) C:\Windows\system32\mstsc.exe
    FirewallRules: [{4DAC5D7C-F677-47A1-8EC8-EFF18CC1A6F2}] => (Allow) C:\Windows\system32\mstsc.exe
    FirewallRules: [{D5FB1171-A2AA-4A13-93E5-072A7C0278F4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{E0ED4654-8C78-4376-981B-C2EF528EEA7A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{D1E06610-ED29-4731-87B0-DB0DA5D567F1}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    FirewallRules: [{0539177C-6280-4C5B-B925-8BECBBCE9D4C}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    FirewallRules: [{966D5074-AC96-4577-9789-7B3623B08C0B}] => (Allow) C:\Program Files\iTunes\iTunes.exe

    ==================== Restore Points =========================

    28-06-2016 08:32:08 Scheduled Checkpoint
    03-08-2016 22:08:22 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============
     
  8. Saskie

    Saskie TS Rookie Topic Starter

    PS...if you can figure this I will contribute to your retirement fund. :)
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    The above log is incomplete.
    Secondly I still need FRST. txt log.
    Thirdly, you said that you can't access Windows at all but you're actually running FRST scan from within Windows so I'm confused.
    I'll check on you tomorrow.
     
  10. Saskie

    Saskie TS Rookie Topic Starter

    I'm not sure what to say here, NOTE 1. Use another working computer to download Farbar Recovery Scan Tool. Use USB flash drive to transfer it from good computer to the bad one. This is the scan that I did. I cut and pasted everything that was there. Working from another computer to get the program of course.
    If I try to do a system recovery - It says, "the drive where windows is installed is locked. Unlock the drive and try again.

    Do you have another suggestion? Thank you in advance.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Did you run FRST from the flash drive or from bad computer?
    Your log indicates that you ran it from within Windows:
    ...but you say you can't access Windows.
    Not sure what's going on there.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...