Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

White Screen After login [Solved]


  • This topic is locked This topic is locked

#1
amalm92

amalm92

    Member

  • Member
  • PipPip
  • 18 posts
Hi,

Hello,

i believe i am infected with malware. i have a windows 7 pc (home edition). After i log on i get a white screen. Nothing else. If i select ctl-alt-del
i get the options for shut down and task manager. When i select task manager all i get is the white screen. I cannot load onto desktop by going into safe mode. I tried Safe mode with command prompt and activated a system restore point but that didn't solve anything. Help Please?

Amal
  • 0

Advertisements


#2
amalm92

amalm92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I have been reading topics about people who have had the same problem as me.
They have been downloading 'Farbar Recovery Scan Tool x64' and saving it to a flash drive. So i'm not sure if you were going to ask me to do the same thing but here is my results from (FRST.txt) copied and pasted below:
.....................................................................................................



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2013 2
Ran by SYSTEM on MININT-ABBRLGF on 07-12-2013 16:16:40
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet003
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [604704 2009-04-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NBKeyScan] - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-12-02] (Nero AG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\a82ddcee-0613-4ea3-b5a1-6bd974ee1475.exe [180184 2013-11-23] (AVAST Software)
HKU\Amal\...\Run: [EPSON SX110 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_S44CE.tmp" /EF "HKCU"
HKU\Amal\...\Run: [Spotify Web Helper] - C:\Users\Amal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-17] (Spotify Ltd)
HKU\Amal\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKU\Amal\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\Amal\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\Amal\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe [524680 2013-10-09] (Adobe Systems Incorporated)
Startup: C:\Users\Amal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)

==================== Drivers (Whitelisted) ====================

S3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC64.SYS [3491616 2009-06-18] (Realtek Semiconductor Corp.)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] ()
S3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-07 16:16 - 2013-12-07 16:16 - 00000000 ____D C:\FRST
2013-11-26 06:53 - 2013-11-26 06:55 - 00004232 _____ C:\Windows\IE11_main.log
2013-11-16 07:33 - 2013-11-16 07:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 07:07 - 2013-10-12 00:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-14 07:07 - 2013-10-12 00:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-14 07:07 - 2013-10-12 00:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-14 07:07 - 2013-10-12 00:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-14 07:07 - 2013-10-12 00:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-14 07:07 - 2013-10-12 00:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-14 07:07 - 2013-10-12 00:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-14 07:07 - 2013-10-12 00:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-14 07:07 - 2013-10-12 00:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-14 07:07 - 2013-10-12 00:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-14 07:07 - 2013-10-12 00:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-14 07:07 - 2013-10-12 00:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-14 07:07 - 2013-10-12 00:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-14 07:07 - 2013-10-12 00:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-14 07:07 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 07:07 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 07:07 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 07:07 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 07:07 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 07:07 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 07:07 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 07:07 - 2013-10-11 23:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 07:07 - 2013-10-11 23:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 07:07 - 2013-10-11 23:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 07:07 - 2013-10-11 23:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 07:07 - 2013-10-11 23:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 07:07 - 2013-10-11 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-14 07:07 - 2013-10-11 22:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 07:07 - 2013-10-11 21:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-14 07:07 - 2013-10-11 21:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 07:06 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 05:30 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-14 05:30 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 05:29 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-14 05:29 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-14 05:29 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-14 05:29 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 05:29 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 05:29 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 05:29 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-14 05:29 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-14 05:28 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-14 05:28 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-14 05:28 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-14 05:28 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 05:28 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 05:28 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-14 05:28 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 05:28 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-14 05:28 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-14 05:28 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-14 05:28 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-14 05:28 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-14 05:28 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-14 05:28 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-14 05:28 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 05:28 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 05:28 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 05:28 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 05:28 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-14 05:28 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-11 12:32 - 2013-11-11 12:32 - 00000000 _____ C:\END

==================== One Month Modified Files and Folders =======

2013-12-07 16:16 - 2013-12-07 16:16 - 00000000 ____D C:\FRST
2013-12-07 07:24 - 2013-09-04 08:22 - 00000000 ____D C:\Users\Amal\AppData\Local\HTC MediaHub
2013-12-07 07:16 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-07 07:15 - 2013-07-14 02:44 - 00017540 _____ C:\Windows\setupact.log
2013-12-06 11:36 - 2013-07-14 02:44 - 00114092 _____ C:\Windows\PFRO.log
2013-12-06 10:42 - 2011-09-02 14:52 - 01618142 _____ C:\Windows\WindowsUpdate.log
2013-12-06 10:31 - 2009-07-13 20:45 - 00015344 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-06 10:31 - 2009-07-13 20:45 - 00015344 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-26 06:55 - 2013-11-26 06:53 - 00004232 _____ C:\Windows\IE11_main.log
2013-11-26 06:45 - 2012-04-12 02:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-23 14:27 - 2011-11-21 15:43 - 00000000 ____D C:\Users\Amal\AppData\Roaming\Spotify
2013-11-23 06:27 - 2012-09-18 08:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-22 13:08 - 2011-09-04 11:28 - 00000133 _____ C:\Users\Amal\AppData\Roaming\default.pls
2013-11-22 12:43 - 2011-09-03 07:53 - 00000000 ____D C:\Users\Amal\AppData\Roaming\Azureus
2013-11-19 13:15 - 2011-09-02 14:52 - 00000000 ____D C:\users\Amal
2013-11-19 12:02 - 2013-06-12 10:22 - 00000000 ____D C:\Users\Amal\AppData\Roaming\Skype
2013-11-19 02:21 - 2011-09-02 15:19 - 00267936 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-11-18 17:11 - 2011-09-02 16:19 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-18 17:10 - 2012-04-30 14:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-18 17:10 - 2011-09-02 16:17 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-18 12:34 - 2011-11-21 15:44 - 00000000 ____D C:\Users\Amal\AppData\Local\Spotify
2013-11-17 03:13 - 2011-09-07 10:19 - 00000000 ____D C:\Users\Amal\AppData\Local\Adobe
2013-11-17 03:10 - 2012-04-12 02:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-17 03:10 - 2012-04-12 02:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-17 03:10 - 2011-09-02 16:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-17 02:59 - 2012-04-25 13:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 07:33 - 2013-11-16 07:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 12:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-11-14 07:06 - 2011-09-04 09:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 07:05 - 2013-08-14 09:46 - 00000000 ____D C:\Windows\System32\MRT
2013-11-14 07:03 - 2011-09-02 15:19 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-12 13:05 - 2009-07-13 21:13 - 00005168 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-11 12:34 - 2011-09-03 07:51 - 00001848 _____ C:\Users\Public\Desktop\Vuze.lnk
2013-11-11 12:34 - 2011-09-03 07:51 - 00000000 ____D C:\Program Files (x86)\Vuze
2013-11-11 12:32 - 2013-11-11 12:32 - 00000000 _____ C:\END
2013-11-10 12:18 - 2011-09-03 09:50 - 00000000 ____D C:\Users\Amal\Documents\Amal
2013-11-10 05:32 - 2009-07-13 21:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT


Some content of TEMP:
====================
C:\Users\Amal\AppData\Local\Temp\i4jdel0.exe
C:\Users\Amal\AppData\Local\Temp\i4jdel1.exe
C:\Users\Amal\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

7
Restore point made on: 2013-11-06 11:15:46
Restore point made on: 2013-11-10 05:44:00
Restore point made on: 2013-11-13 13:27:31
Restore point made on: 2013-11-14 07:01:36
Restore point made on: 2013-11-17 07:22:32
Restore point made on: 2013-11-18 17:09:41
Restore point made on: 2013-11-22 12:45:04

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3071.3 MB
Available physical RAM: 2485.27 MB
Total Pagefile: 3069.45 MB
Available Pagefile: 2482.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:279.38 GB) (Free:136.15 GB) NTFS
Drive e: (GRMCHPXFREO_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 279 GB) (Disk ID: C0C57E73)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 977 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=976 MB) - (Type=06)


LastRegBack: 2013-11-20 10:31

==================== End Of Log ============================

Edited by amalm92, 08 December 2013 - 04:58 AM.

  • 0

#3
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello amalm92,

Welcome to Geekstogo.

Sorry for the delay in getting to you.

Your machines problem may or may not be a malware one but let's see what we can do to help.

Please download the attached fixlist.txt file to your flashdrive .

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also

Tell me if there has been any change i.e. are you able to boot normally or into Safe Mode?
  • 0

#4
amalm92

amalm92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I have attached the fix log below, i tried restarting but get the white screen again after login and does not work in safe mode either.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2013 2
Ran by SYSTEM at 2013-12-11 22:11:55 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Amal\AppData\Local\Temp\i4jdel0.exe
C:\Users\Amal\AppData\Local\Temp\i4jdel1.exe
C:\Users\Amal\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
*****************

C:\ProgramData\PKP_DLeo.DAT => Moved successfully.
C:\ProgramData\PKP_DLes.DAT => Moved successfully.
C:\ProgramData\PKP_DLet.DAT => Moved successfully.
C:\ProgramData\PKP_DLev.DAT => Moved successfully.
C:\Users\Amal\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\Amal\AppData\Local\Temp\i4jdel1.exe => Moved successfully.
C:\Users\Amal\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.

==== End of Fixlog ====
  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Let's try this:

  • Download ComboFix from this location:

    Link
  • Save it to a USB flash drive.
  • Use a blank flash drive.
  • In the command prompt, enter the drive letter of the USB drive (it will vary so start at D: and work your way up) and then execute ComboFix.exe and let it run..

Edited by emeraldnzl, 12 December 2013 - 04:23 PM.
incorrect instruction

  • 0

#6
amalm92

amalm92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I Can't seem to open up ComboFix on my PC. How can i open it from command prompt?
I tried F:\ComboFix.exe from my flash, but that doesn't work

Amal.
  • 0

#7
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Oh dear, my apologies, looking back I see I gave you the wrong instruction. I have edited the post to the correct one.

Try:

F:"\ComboFix.exe" /killall

(Make sure you put a space before the /killall)

Note: make sure you enter the right drive letter of the USB drive... it can vary.

Edited by emeraldnzl, 12 December 2013 - 04:19 PM.
clarification

  • 0

#8
amalm92

amalm92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
That doesn't work either.

I have attached a picture of what I get.

Attached Thumbnails

  • IMAG0317.jpg

  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hmm... some corruption somewhere maybe.

Let's see if doing these actions makes a difference:

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


  • Access the Command Prompt option.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your hard drive letter and close the notepad.
  • In the command window type C: and press Enter
  • Note: Replace letter C with the drive letter of your hard drive.
  • Type the following command, and then press ENTER:

    sfc /scannow Please note that there is a single space between sfc and /scannow.
  • When prompted, type in Y and press Enter.
Allow System File Scanner to complete its run.

When it's finished see if you can boot up.

If that doesn't work then do this:

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your hard drive letter and close the notepad.
  • In the command window type C: and press Enter
  • Note: Replace letter C with the drive letter of your hard drive.
  • Type in chkdsk /b and press Enter (notice the gap... it should be there.)
  • When prompted, type in Y and press Enter.
  • Allow chkdsk to perform all 5 stages. This may take some time, so please be patient.
  • When complete, close the Command Prompt window, and click on the Restart button to restart your computer.
Tell me how it goes.
  • 0

#10
amalm92

amalm92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
When I tried [b]sfc /scannow[/b, it didnt work. Please looked at the attachment of the screenshot I took.

I did chkdsk /b and restarted my computer, but still got the white screen after logging in.

Attached Thumbnails

  • IMAG0318.jpg

  • 0

Advertisements


#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

When I tried sfc /scannow, it didnt work. Please looked at the attachment of the screenshot I took.


Did you run sfc /scannow after reboot?

Also

Did chkdsk report any problems?
  • 0

#12
amalm92

amalm92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I tried sfc /scannow after reboot several times, still got the same message.

CHKDSK found no problems.
  • 0

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Let's see if this makes a difference.

Please download the attached fixlist.txt file to your flashdrive .

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also

See if you can boot up after the fix.
  • 0

#14
amalm92

amalm92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
It Says my FRST64 version is 6 days old and to download the new one. Does it matter which version I use?
  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
For that, no but if we run another scan later, yes. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP