[lirksa]

i have a windows 7 pc (home edition). After i log on i get a white screen. Nothing else. If i select ctl-alt-del
i get the options for shut down and task manager. When i select task manager all i get is the white screen. Same happens when i boot into safe mode. If
i select reboot at ctl-alt-delete i briefly see my desktop (all icons are there). i also tried selecting last known good startup.


I followed the solution from the following link, but after i run the software scan and had the log then didn't know what else to do, I'm attaching the scan log here.... Please help

http://www.geekstogo...n-after-log-in/


Best Regards,

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2013 02
Ran by SYSTEM on 06-05-2013 19:43:24
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart [3270072 2011-01-25] (Babylon Ltd.)
HKLM-x32\...\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [x]
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [296096 2012-10-09] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1718920 2013-02-02] (Ask)
HKLM-x32\...\Run: [Denzi] C:\Program Files (x86)\Denzi\Denzi.exe [1077760 2013-03-15] (www.denzi.com)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKU\Hamid\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6595928 2012-05-24] (Yahoo! Inc.)
HKU\Hamid\...\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto [201808 2012-10-02] (Somoto)
HKU\Hamid\...\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot [3573624 2013-04-05] (Tonec Inc.)
HKU\Hamid\...\Run: [Facebook Update] "C:\Users\Hamid\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2013-02-01] (Facebook Inc.)
HKU\Hamid\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\Hamid\...\Run: [PC Speed Maximizer] C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe [134456 2013-02-02] (Smart PC Solutions)
HKU\Hamid\...\Run: [Smart Driver Updater] C:\Program Files (x86)\Smart Driver Updater\SDULauncher.exe [338576 2012-09-20] (Avanquest Software)
HKU\Hamid\...\Run: [DriverBoost] C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe /applicationMode:systemTray /showWelcome:false [3544432 2013-01-25] (PC Drivers Headquarters)
HKU\Hamid\...\Winlogon: [Shell] explorer.exe,C:\Users\Hamid\AppData\Roaming\skype.dat [102400 2011-11-16] () <==== ATTENTION
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll [14912 2013-03-14] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Hamid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Services (Whitelisted) =================

S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-04-11] (Just Develop It)
S2 DatamngrCoordinator; C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe [4558400 2013-03-14] (iMesh Inc.)
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1455408 2013-04-07] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-06 19:42 - 2013-05-06 19:42 - 00000000 ____D C:\FRST
2013-05-04 14:05 - 2013-05-05 13:04 - 00000004 ____A C:\Users\Hamid\AppData\Roaming\skype.ini
2013-05-03 05:23 - 2013-05-03 05:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-01 10:00 - 2013-05-01 10:00 - 04459160 ____A (Systweak Inc ) C:\Users\Hamid\Downloads\rcpsetup_marim_mapp.exe
2013-04-28 03:07 - 2013-04-28 03:20 - 00000000 ____D C:\Users\Hamid\Desktop\star afgan
2013-04-27 16:15 - 2013-04-27 16:15 - 00004629 ____A C:\Users\Hamid\AppData\Local\recently-used.xbel
2013-04-24 00:08 - 2013-04-24 00:08 - 00000501 ____A C:\Users\Hamid\Downloads\url.htm
2013-04-24 00:05 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-23 16:23 - 2013-05-05 13:04 - 00000388 ____A C:\Windows\Tasks\Happy Lyrics Update.job
2013-04-23 16:23 - 2013-05-05 13:04 - 00000336 ____A C:\Windows\Tasks\spmonitor.job
2013-04-23 16:23 - 2013-05-05 13:04 - 00000258 ____A C:\Windows\Tasks\SpeedUpMyPC.job
2013-04-23 16:23 - 2013-04-23 16:23 - 05036128 ____A (Tonec Inc.) C:\Users\Hamid\Downloads\idman615.exe
2013-04-23 16:23 - 2013-04-23 16:23 - 00001130 ____A C:\Users\Public\Desktop\SpeedUpMyPC.lnk
2013-04-23 16:23 - 2013-04-23 16:23 - 00000000 ____D C:\Users\Hamid\AppData\Roaming\Uniblue
2013-04-23 16:23 - 2013-04-23 16:23 - 00000000 ____D C:\ProgramData\IDM
2013-04-23 16:23 - 2013-04-23 16:23 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-04-23 16:23 - 2013-04-23 16:23 - 00000000 ____D C:\Program Files (x86)\HappyLyrics
2013-04-23 16:22 - 2013-04-23 16:22 - 00161608 ____A C:\Users\Hamid\Downloads\Internet Download Manager.exe
2013-04-23 13:03 - 2013-04-29 12:59 - 00000000 ____D C:\Users\Hamid\Desktop\hamid2
2013-04-17 12:34 - 2013-04-17 12:35 - 88323920 ____A (Apple Inc.) C:\Users\Hamid\Downloads\iTunesSetup.exe
2013-04-12 15:34 - 2013-04-12 15:34 - 12146688 ____A C:\Users\Hamid\Downloads\mp3rocket.exe
2013-04-11 02:13 - 2013-02-21 22:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-11 02:13 - 2013-02-21 22:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-11 02:13 - 2013-02-21 22:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-11 02:13 - 2013-02-21 22:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-11 02:13 - 2013-02-21 22:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-11 02:13 - 2013-02-21 22:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-11 02:13 - 2013-02-21 22:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-11 02:13 - 2013-02-21 22:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-11 02:13 - 2013-02-21 22:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-11 02:13 - 2013-02-21 22:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-11 02:13 - 2013-02-21 22:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-11 02:13 - 2013-02-21 22:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-11 02:13 - 2013-02-21 22:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-11 02:13 - 2013-02-21 22:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-11 02:13 - 2013-02-21 22:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-11 02:13 - 2013-02-21 22:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-11 02:13 - 2013-02-21 20:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-11 02:13 - 2013-02-21 19:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-11 02:13 - 2013-02-21 19:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-11 02:13 - 2013-02-21 19:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-11 02:13 - 2013-02-21 19:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-11 02:13 - 2013-02-21 19:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-11 02:13 - 2013-02-21 19:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-11 02:13 - 2013-02-21 19:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-11 02:13 - 2013-02-21 19:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-11 02:13 - 2013-02-21 19:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-11 02:13 - 2013-02-21 19:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-11 02:13 - 2013-02-21 19:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-11 02:13 - 2013-02-21 19:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-11 02:13 - 2013-02-21 19:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-11 02:13 - 2013-02-21 19:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-11 02:13 - 2013-02-21 19:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-10 10:30 - 2013-04-10 10:30 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-04-10 10:30 - 2013-04-10 10:30 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-04-10 03:19 - 2013-02-14 22:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-10 03:19 - 2013-02-14 22:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-10 03:19 - 2013-02-14 22:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-10 03:19 - 2013-02-14 20:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-10 03:19 - 2013-02-14 20:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-10 03:19 - 2013-02-14 19:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-10 03:18 - 2013-03-18 22:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-10 03:18 - 2013-03-18 21:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-10 03:18 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-10 03:18 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-10 03:18 - 2013-03-18 20:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-10 03:18 - 2013-03-18 19:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-10 03:18 - 2013-02-28 19:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-10 03:18 - 2013-01-23 22:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-06 11:37 - 2013-04-06 11:37 - 01307696 ____A (Bandoo Media Inc) C:\Users\Hamid\Downloads\iLividSetup.exe

==================== One Month Modified Files and Folders =======

2013-05-06 19:42 - 2013-05-06 19:42 - 00000000 ____D C:\FRST
2013-05-05 23:00 - 2013-03-23 20:16 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-05-05 23:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-05-05 20:18 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-05-05 13:04 - 2013-05-04 14:05 - 00000004 ____A C:\Users\Hamid\AppData\Roaming\skype.ini
2013-05-05 13:04 - 2013-04-23 16:23 - 00000388 ____A C:\Windows\Tasks\Happy Lyrics Update.job
2013-05-05 13:04 - 2013-04-23 16:23 - 00000336 ____A C:\Windows\Tasks\spmonitor.job
2013-05-05 13:04 - 2013-04-23 16:23 - 00000258 ____A C:\Windows\Tasks\SpeedUpMyPC.job
2013-05-05 13:04 - 2013-04-02 16:11 - 00000000 ____D C:\ProgramData\Datamngr
2013-05-05 13:04 - 2012-11-30 07:48 - 00262144 ____A C:\Windows\System32\Ikeext.etl
2013-05-05 13:04 - 2012-10-05 04:00 - 00000000 ____D C:\ProgramData\Babylon
2013-05-05 13:02 - 2013-04-01 15:52 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-05-05 13:02 - 2013-03-30 07:47 - 00001350 ____A C:\Users\Hamid\Desktop\Clean Registry for Free!.lnk
2013-05-05 13:02 - 2012-10-09 09:14 - 00001144 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-05 13:01 - 2012-10-05 03:16 - 00000000 ____D C:\users\Hamid
2013-05-05 13:01 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-05 13:01 - 2009-07-13 20:51 - 00057040 ____A C:\Windows\setupact.log
2013-05-05 10:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2013-05-05 02:02 - 2013-03-23 20:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-05 02:02 - 2013-02-01 04:13 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1115289434-2071464315-1068364312-1000UA.job
2013-05-05 02:02 - 2012-10-09 09:40 - 00000000 ____D C:\Users\Hamid\AppData\Roaming\Skype
2013-05-05 02:02 - 2012-10-09 09:14 - 00001148 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-05 02:02 - 2012-10-05 03:14 - 01974653 ____A C:\Windows\WindowsUpdate.log
2013-05-04 15:21 - 2009-07-13 20:45 - 00015136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-04 15:21 - 2009-07-13 20:45 - 00015136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-04 14:15 - 2012-10-09 09:36 - 00000000 ____D C:\Users\Hamid\AppData\Roaming\DivX
2013-05-04 12:44 - 2013-03-20 13:20 - 00000276 ____A C:\Windows\Tasks\PC Performer_DEFAULT.job
2013-05-04 03:18 - 2013-02-01 04:13 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1115289434-2071464315-1068364312-1000Core.job
2013-05-04 02:59 - 2013-04-03 05:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-03 09:37 - 2012-11-12 12:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-03 05:23 - 2013-05-03 05:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-01 16:06 - 2012-10-05 07:20 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 12:20 - 2013-03-20 13:20 - 00000284 ____A C:\Windows\Tasks\PC Performer_UPDATES.job
2013-05-01 10:00 - 2013-05-01 10:00 - 04459160 ____A (Systweak Inc ) C:\Users\Hamid\Downloads\rcpsetup_marim_mapp.exe
2013-04-29 12:59 - 2013-04-23 13:03 - 00000000 ____D C:\Users\Hamid\Desktop\hamid2
2013-04-28 14:58 - 2012-10-07 08:19 - 00000000 ____D C:\Users\Hamid\AppData\Roaming\IDM
2013-04-28 03:20 - 2013-04-28 03:07 - 00000000 ____D C:\Users\Hamid\Desktop\star afgan
2013-04-27 16:15 - 2013-04-27 16:15 - 00004629 ____A C:\Users\Hamid\AppData\Local\recently-used.xbel
2013-04-27 16:15 - 2013-02-10 15:59 - 00000000 ____D C:\Users\Hamid\.gimp-2.8
2013-04-26 11:18 - 2012-12-03 08:28 - 00000000 ____D C:\Users\Hamid\Incomplete
2013-04-24 00:08 - 2013-04-24 00:08 - 00000501 ____A C:\Users\Hamid\Downloads\url.htm
2013-04-23 23:58 - 2012-10-07 08:19 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2013-04-23 16:43 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-23 16:23 - 2013-04-23 16:23 - 05036128 ____A (Tonec Inc.) C:\Users\Hamid\Downloads\idman615.exe
2013-04-23 16:23 - 2013-04-23 16:23 - 00001130 ____A C:\Users\Public\Desktop\SpeedUpMyPC.lnk
2013-04-23 16:23 - 2013-04-23 16:23 - 00000000 ____D C:\Users\Hamid\AppData\Roaming\Uniblue
2013-04-23 16:23 - 2013-04-23 16:23 - 00000000 ____D C:\ProgramData\IDM
2013-04-23 16:23 - 2013-04-23 16:23 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-04-23 16:23 - 2013-04-23 16:23 - 00000000 ____D C:\Program Files (x86)\HappyLyrics
2013-04-23 16:22 - 2013-04-23 16:22 - 00161608 ____A C:\Users\Hamid\Downloads\Internet Download Manager.exe
2013-04-22 12:28 - 2012-12-03 08:24 - 00000000 ____D C:\Users\Hamid\AppData\Roaming\MP3Rocket
2013-04-22 10:19 - 2012-12-11 10:16 - 00000000 ____D C:\Users\Hamid\AppData\Local\Torch
2013-04-17 12:35 - 2013-04-17 12:34 - 88323920 ____A (Apple Inc.) C:\Users\Hamid\Downloads\iTunesSetup.exe
2013-04-12 15:34 - 2013-04-12 15:34 - 12146688 ____A C:\Users\Hamid\Downloads\mp3rocket.exe
2013-04-12 13:33 - 2012-10-09 09:15 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-04-12 12:28 - 2013-03-06 05:40 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-04-12 06:45 - 2013-04-24 00:05 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-11 12:37 - 2009-07-13 20:45 - 00296888 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-11 02:16 - 2012-10-07 22:31 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-10 10:42 - 2012-11-01 09:30 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-04-10 10:30 - 2013-04-10 10:30 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-04-10 10:30 - 2013-04-10 10:30 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-04-10 10:30 - 2012-11-01 09:30 - 00000000 ____D C:\Windows\System32\ARFC
2013-04-07 14:09 - 2012-10-09 09:40 - 00000000 ____D C:\ProgramData\Skype
2013-04-07 00:54 - 2012-11-01 09:30 - 01455408 ____A C:\Windows\System32\dmwu.exe
2013-04-07 00:53 - 2012-11-01 09:30 - 00033792 ____A (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll
2013-04-06 11:37 - 2013-04-06 11:37 - 01307696 ____A (Bandoo Media Inc) C:\Users\Hamid\Downloads\iLividSetup.exe

Other Malware:
===========
C:\Users\Hamid\AppData\Roaming\skype.dat
C:\Users\Hamid\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-28 15:24:17
Restore point made on: 2013-05-03 11:04:54
Restore point made on: 2013-05-05 02:02:38

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 4043.86 MB
Available physical RAM: 3485.48 MB
Total Pagefile: 4042.01 MB
Available Pagefile: 3476.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:90.77 GB) (Free:41.07 GB) NTFS
Drive e: () (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (New Volume) (Fixed) (Total:374.8 GB) (Free:371.13 GB) NTFS
Drive g: () (Removable) (Total:7.45 GB) (Free:1.85 GB) NTFS (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB *
Disk 1 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 33677AC8

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Dynamic Data 992 KB 31 KB
Partition 2 Dynamic Data 199 MB 1024 KB
Partition 3 Dynamic Data 90 GB 200 MB
Partition 4 Dynamic Data 374 GB 90 GB

==================================================================================

Disk: 0
Partition 1
Type : 42
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 2
Type : 42
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E NTFS Simple 199 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 42
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Simple 90 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 42
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 F New Volume NTFS Simple 374 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G NTFS Removable 7633 MB Healthy

=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 33677AC8)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=199 MB) - (Type=42)
Partition 3: (Not Active) - (Size=91 GB) - (Type=42)
Partition 4: (Not Active) - (Size=375 GB) - (Type=42)

====================================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=7 GB) - (Type=07 NTFS)


Last Boot: 2013-04-24 09:10

==================== End Of Log ============================

Attached Files

•  FRST.txt   22.72KB   100 downloads

Edited by Essexboy, 07 May 2013 - 06:43 AM.

[Advertisements]

Hi there download the attached fixlist.txt to the same USB as FRST

Run FRST as before and then press Fix

On completion reboot to normal windows

Download OTL to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
  
  
• Select All Users
• Under the Custom Scan box paste this in
  
  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  CREATERESTOREPOINT
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

[Essexboy]

Hi there download the attached fixlist.txt to the same USB as FRST

Run FRST as before and then press Fix

On completion reboot to normal windows

Download OTL to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
  
  
• Select All Users
• Under the Custom Scan box paste this in
  
  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  CREATERESTOREPOINT
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

[lirksa]

Hello there, thank you very much for your kind support. I will do this tonight and let you know by tomorrow.


really appreciated.

[lirksa]

Hello. Much appreciated. it worked. this question may sound weird. but i need it, How can i get the PC back to it was having white screen again?


Best Regards,

[Essexboy]

A question, why would you want to re-install the virus ? The easiest way I think would be to restore the file and the winlogon shell that I removed

There may still be some malware so I would recommend that you run the OTL scan so that I can find and then remove it

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.