[soulatomic]

Uh oh. I can't start Windows properly. I select "start Windows normally" but it keeps kicking me back to that same screen.

[Advertisements]

Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.

If this works, (Start), right click on My Computer and select Manage then Device Manager. View, Show Hidden devices. Find the eabfiltr entry (probably has a yellow mark next to it) and right click on it. If there is an option to rollback the driver, take it, otherwise try to uninstall it. Then reboot. This is just for the HP Quick Launch Buttons so shouldn't be that important.

[RKinner]

Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.

If this works, (Start), right click on My Computer and select Manage then Device Manager. View, Show Hidden devices. Find the eabfiltr entry (probably has a yellow mark next to it) and right click on it. If there is an option to rollback the driver, take it, otherwise try to uninstall it. Then reboot. This is just for the HP Quick Launch Buttons so shouldn't be that important.

[soulatomic]

I didn’t find the eabfiltr entry, but I did find avast! Network Shield Support with a yellow exclamation point next to it. I didn't disable it before running OTL. I'm sorry. How do I move forward from here?

[soulatomic]

I have the option to disable it - should I do that and reboot?

[RKinner]

All we did was replace C:\WINDOWS\system32\drivers\eabfiltr.sys
with the file here:
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\RollBackDr\eabfiltr.sys

Let's try a different file

See if you can copy

C:\Program Files\HPQ\Quick Launch Buttons\eabfiltr.sys

to

C:\WINDOWS\system32\drivers\

(overwrite the old one) then reboot and see if it will boot into regular mode.

[RKinner]

Disable which file? Don't worry about the avast one.

[soulatomic]

I meant avast. I am wondering if I'm having problems because I forgot to disable avast before running OTL.

[RKinner]

I don't think Avast would be a problem.

[soulatomic]

Ok, so do I do this in OTL:

:files
C:\WINDOWS\system32\drivers\eabfiltr.sys|C:\Program Files\HPQ\Quick Launch Buttons\eabfiltr.sys| /replace

:Commands
[Reboot]

I want to make sure I'm doing it right. THANKS!

[RKinner]

Actually I thought you could just use Windows Explorer to copy and paste the file but if you want to use OTL you can.

You had it backwards so I have done an edit on your post to make it right.

[soulatomic]

Ok, I'm going to do it through OTL (only because I'm more comfortable with it at this point).

What do I do after I (hopefully) reboot? Should I try to run OTL again with the code from your most recent OTL post?

[RKinner]

Run otl with the fix in your last post. Then try and reboot into regular mode. If that works then run TDSSKiller again. I'm concerned about this

00:15:32.0718 3248 [ 81B7808D3B5892388F33273119C2DC31 ] eabfiltr C:\WINDOWS\system32\drivers\EABFiltr.sys
00:15:32.0718 3248 Suspicious file (Forged): C:\WINDOWS\system32\drivers\EABFiltr.sys. Real md5: 81B7808D3B5892388F33273119C2DC31, Fake md5: 76722EA1FF4837C4EFB509B38A7236AB
00:15:32.0718 3248 eabfiltr ( ForgedFile.Multi.Generic ) - warning
00:15:32.0718 3248 eabfiltr - detected ForgedFile.Multi.Generic (1)

[soulatomic]

I copied the code from my last post and ran OTL, but it didn't boot normally. I'm back in safe mode - networking. Where to from here?

Thanks again for your help throughout this.

[RKinner]

Start, Run, msconfig, OK

That should bring up a System Configuration screen. Click on the Run tab and look for any reference to Quick Launch Buttons or HP Quick Launch Buttons. If you find it uncheck it. Now check the Startup tab and see if there is an entry there. If you find it uncheck it.

If you found an entry then Apply, OK and reboot. If you didn't find an entry then go back to the first tab and check Diagnostic Startup then apply and OK and reboot. Does it boot normally?

[soulatomic]

I don't see a Run tab. These are the tabs I see:

General
SYSTEM.INI
WIN.INI
BOOT.INI
Services
Startup
Tools