Jump to content

I have the white screen after log in problem.

Recommended Posts



I have the white screen after log in problem. My system is a Toshiba Satellite L675D. Windows 7. Ran FRST64.


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 03
Ran by SYSTEM on 10-07-2013 21:29:18
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] -  [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [smartFaceVWatcher] - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM-x32\...\Run: [startCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [352256 2010-02-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] - "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED [3218792 2010-06-02] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] - "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-06-11] (Toshiba)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2334560 2011-04-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [MFARestart] - "C:\ProgramData\MFAData\pack\avgrunasx.exe" /usereg [x]
HKLM-x32\...\Run: [searchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
HKLM-x32\...\Run: [OtShot] - C:\Program Files (x86)\OtShot\otshot.exe -minimize [4386816 2012-10-18] ()
HKLM-x32\...\Run: [PCFixSpeed] - "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup [373336 2013-04-22] (Crawler.com)
HKLM-x32\...\Run: [24x7HELP] - "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP [1773648 2013-03-12] (Crawler, LLC)
HKU\Cheryl Shaw\...\Run: [skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\Cheryl Shaw\...\Run: [searchProtect] - C:\Users\Cheryl Shaw\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
HKU\Cheryl Shaw\...\Run: [Conduit] - rundll32 "C:\Users\Cheryl Shaw\AppData\Local\CrashDumps\Conduit\neipk.dll",zFileIsSelected [241664 2013-05-16] (BigSpeedSoft) <===== ATTENTION
HKU\Cheryl Shaw\...\Run: [Hilgraeve Inc] - regsvr32.exe "C:\Users\Cheryl Shaw\AppData\Local\Hilgraeve Inc\nsovlivu.dll" [759296 2013-05-17] (Hewlett-Packard) <===== ATTENTION
HKU\Cheryl Shaw\...\Run: [spybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Cheryl Shaw\...\Run: [] - C:\Users\Cheryl Shaw\csrss.exe [119808 2013-06-01] (Mail.Ru)
HKU\Cheryl Shaw\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Cheryl Shaw\AppData\Local\7af2c9fc-c8f7-4b73-a9eb-964c61acf7d8ad\afcfccfbaebcacfdad.exe [143360 2013-06-01] () <===== ATTENTION
HKU\Cheryl Shaw\...\Run: [internet Security] - C:\Users\Cheryl Shaw\AppData\Roaming\tdefender.exe [851968 2013-06-27] ()
HKU\Cheryl Shaw\...\RunOnce: [Adobe CSS5.1 Manager] - C:\Users\Cheryl Shaw\AppData\Local\7af2c9fc-c8f7-4b73-a9eb-964c61acf7d8ad\afcfccfbaebcacfdad.exe [143360 2013-06-01] () <===== ATTENTION
HKU\Cheryl Shaw\...\Winlogon: [shell] explorer.exe,C:\Users\Cheryl Shaw\AppData\Roaming\skype.dat [164352 2011-11-16] (PixelByte Soft Group) <==== ATTENTION
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
Startup: C:\Users\Cheryl Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Cheryl Shaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart

==================== Services (Whitelisted) =================

S2 24x7HelpSvc; C:\Program Files (x86)\24x7Help\App24x7Svc.exe [342608 2013-03-12] (PCRx.com, LLC)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [984392 2011-04-22] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7398752 2011-04-18] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-05-11] (Just Develop It)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [97056 2013-05-07] (Conduit)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [131512 2012-07-31] (Symantec Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
S2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-05-02] (Wajam)

==================== Drivers (Whitelisted) ====================

S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-04-14] (AVG Technologies CZ, s.r.o. )
S0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [304720 2011-01-07] (AVG Technologies CZ, s.r.o.)
S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
S3 ICDUSB3; C:\Windows\System32\Drivers\ICDUSB3.sys [13312 2008-08-18] (Sony Corporation)
S3 Ser2at; C:\Windows\System32\DRIVERS\ser2at64.sys [90112 2007-06-08] (Prolific Technology Inc.)

==================== NetSvcs (Whitelisted) ===================


Thanks in advance for any help on this issue.


Link to post
Share on other sites

Please read the following information first.


You're infected with Rootkit.ZeroAccess, a BackDoor Trojan also.



One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?


When Should I Format, How Should I Reinstall


I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


OK, here you go......this should get you going:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now and if so..........

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.


New window that comes up.




If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.


Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.