Unable to boot. System blanks out after windows logo

kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />
Can you please try to run a scan with Farbar Recovery Scan Tool. You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tooland save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.
 
K

kar.online

New Member
Thread author
Verified
Feb 17, 2013
30
Hi

Please find below the log.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2013
Ran by SYSTEM on 10-06-2013 23:40:40
Running from H:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet003
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1573160 2008-08-13] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [431968 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, [25088 2008-01-20] (Microsoft Corporation)
HKLM-x32\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM-x32\...\Run: [cfFncEnabler.exe] cfFncEnabler.exe [x]
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [107112 2006-12-07] (Symantec Corporation)
HKLM-x32\...\Run: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe [134808 2006-12-13] (Symantec Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\Games-Karthik\iTunesHelper.exe" [152392 2013-02-19] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)
HKU\Hikya\...\Run: [Google Update] "C:\Users\Hikya\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2008-11-15] (Google Inc.)
HKU\Hikya\...\Run: [FileHippo.com] "C:\Program Files (x86)\Games-Karthik\FileHippo.com\UpdateChecker.exe" /background [307712 2012-11-23] (FileHippo.com)
HKU\Hikya\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [19872 2011-04-14] ()
HKU\Hikya\...\Command Processor: "C:\Users\Hikya\AppData\Local\bppclnpvrM.exe" <===== ATTENTION!
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Services (Whitelisted) =================

S2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)
S2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-12-07] (Symantec Corporation)
S2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-12-07] (Symantec Corporation)
S2 Crypkey License; C:\Windows\SysWow64\crypserv.exe [69632 2006-02-28] (CrypKey (Canada) Ltd.)
S3 Cwbrxd; C:\Windows\CWBRXD.EXE [65585 2005-06-07] (IBM Corporation)
S2 DefWatch; C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe [30872 2006-12-13] (Symantec Corporation)
S2 gupdate1c9ae3ba4898830; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-03-26] (Google Inc.)
S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [2541248 2006-10-31] (Symantec Corporation)
S2 MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.5\my.ini [8919 2012-07-05] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 ServiceLayer; C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.)
S2 StarWindServiceAE; C:\Program Files (x86)\Games-Karthik\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
S2 Symantec AntiVirus; C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe [1962136 2006-12-13] (Symantec Corporation)
S2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-07-18] (TOSHIBA Corporation)
S3 msiserver; %systemroot%\system32\msiexec /V [x]
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [x]
S2 vvdsvc; C:\Windows\system32\nagasoft\vjocx.dll [x]

==================== Drivers (Whitelisted) ====================

S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-07-31] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-07-31] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-07-31] (Symantec Corporation)
S3 hitmanpro36; C:\Windows\system32\drivers\hitmanpro36.sys [30496 2012-12-06] ()
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130607.005\ENG64.SYS [126040 2013-04-26] (Symantec Corporation)
S3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130607.005\ENG64.SYS [126040 2013-04-26] (Symantec Corporation)
S3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130607.005\EX64.SYS [2098776 2013-04-26] (Symantec Corporation)
S3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130607.005\EX64.SYS [2098776 2013-04-26] (Symantec Corporation)
S1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
S1 NetworkX; C:\Windows\SysWow64\ckldrv.sys [31846 2006-01-09] ()
S3 Nokia USB Generic; C:\Windows\System32\drivers\nmwcdcx64.sys [12288 2006-05-28] (Nokia)
S3 Nokia USB Modem; C:\Windows\System32\drivers\nmwcdcmx64.sys [17408 2006-05-28] (Nokia)
S3 Nokia USB Phone Parent; C:\Windows\System32\drivers\nmwcdx64.sys [162304 2006-05-28] (Nokia)
S3 Nokia USB Port; C:\Windows\System32\drivers\nmwcdcjx64.sys [17408 2006-05-28] (Nokia)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2009-10-02] (Duplex Secure Ltd.)
S1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [394600 2006-11-22] (Symantec Corporation)
S1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [394600 2006-11-22] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [426392 2006-11-22] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [426392 2006-11-22] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [30104 2006-11-22] (Symantec Corporation)
S1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [30104 2006-11-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [156008 2009-09-21] (Symantec Corporation)
S3 u302bus; C:\Windows\System32\DRIVERS\u302bus.sys [154696 2010-07-29] (MCCI Corporation)
S3 u302mdfl; C:\Windows\System32\DRIVERS\u302mdfl.sys [19016 2010-07-29] (MCCI Corporation)
S3 u302mdm; C:\Windows\System32\DRIVERS\u302mdm.sys [175688 2010-07-29] (MCCI Corporation)
S3 u302mgmt; C:\Windows\System32\DRIVERS\u302mgmt.sys [157256 2010-07-29] (MCCI Corporation)
S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [119040 2008-12-30] (ZTEMT Incorporated)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-10 23:40 - 2013-06-10 23:40 - 00000000 ____D C:\FRST
2013-06-03 19:43 - 2013-06-10 16:10 - 00002852 ____A C:\Windows\error.log
2013-06-03 19:41 - 2013-06-10 16:09 - 00000644 ____A C:\Windows\errord.log
2013-05-16 21:03 - 2013-05-17 17:16 - 00000000 ____D C:\Users\Hikya\Desktop\Samikshaa 1st Bday
2013-05-14 22:14 - 2013-05-15 18:14 - 17613192 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-14 21:06 - 2013-04-04 17:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-14 21:06 - 2013-04-04 17:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-14 21:06 - 2013-04-04 17:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-14 21:06 - 2013-04-04 16:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-14 21:06 - 2013-04-04 16:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-14 21:06 - 2013-04-04 16:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-14 21:06 - 2013-04-04 16:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-14 21:06 - 2013-04-04 16:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-14 21:06 - 2013-04-04 16:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-14 21:06 - 2013-04-04 16:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-14 21:06 - 2013-04-04 16:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-14 21:06 - 2013-04-04 16:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-14 21:06 - 2013-04-04 16:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-14 21:06 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-14 21:06 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-14 21:06 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-14 21:06 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-14 21:06 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-14 21:06 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-14 21:06 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-14 21:06 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-14 21:06 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-14 21:06 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-14 21:06 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-14 21:06 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-14 21:06 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-14 21:05 - 2013-04-04 17:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-14 21:05 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-14 20:45 - 2013-05-05 13:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-14 20:45 - 2013-05-05 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-14 20:45 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-14 20:45 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-14 13:28 - 2013-04-15 06:17 - 00901496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-14 13:28 - 2013-04-12 19:34 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 13:28 - 2013-04-08 17:55 - 02774016 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-13 20:38 - 2013-05-13 20:38 - 00000112 ____A C:\Users\Hikya\Desktop\Songs to be loaded.txt

==================== One Month Modified Files and Folders =======

2013-06-10 23:40 - 2013-06-10 23:40 - 00000000 ____D C:\FRST
2013-06-10 16:10 - 2013-06-03 19:43 - 00002852 ____A C:\Windows\error.log
2013-06-10 16:09 - 2013-06-03 19:41 - 00000644 ____A C:\Windows\errord.log
2013-06-08 22:16 - 2013-03-10 07:18 - 00000632 ____A C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-06-08 22:15 - 2009-08-07 05:17 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-08 22:15 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-08 22:15 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-08 22:15 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-08 15:11 - 2013-02-10 15:31 - 01536432 ____A C:\Windows\WindowsUpdate.log
2013-06-08 15:11 - 2006-11-02 07:42 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-08 15:00 - 2009-08-29 06:38 - 00000466 ____A C:\Windows\Tasks\ParetoLogic Registration.job
2013-06-08 14:20 - 2009-08-16 18:47 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-78491554-1894749589-2703256951-1000UA.job
2013-06-08 14:19 - 2009-08-07 05:17 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-08 14:14 - 2013-03-15 19:53 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-07 20:27 - 2009-08-16 18:47 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-78491554-1894749589-2703256951-1000Core.job
2013-06-07 12:21 - 2010-02-17 05:25 - 00000000 ____D C:\Users\Hikya\Application Data\Mozilla
2013-06-07 12:21 - 2010-02-17 05:25 - 00000000 ____D C:\Users\Hikya\AppData\Roaming\Mozilla
2013-06-04 21:46 - 2013-03-10 07:18 - 00000628 ____A C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-06-01 18:40 - 2008-11-29 10:36 - 00000000 ____D C:\Users\Hikya\Application Data\Skype
2013-06-01 18:40 - 2008-11-29 10:36 - 00000000 ____D C:\Users\Hikya\AppData\Roaming\Skype
2013-05-31 18:33 - 2006-11-02 04:46 - 00703516 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-31 18:11 - 2009-08-21 03:53 - 00001187 ____A C:\Users\Hikya\Desktop\Notepad.txt
2013-05-31 18:08 - 2009-06-12 19:40 - 00000000 ____D C:\Users\Hikya\Application Data\vlc
2013-05-31 18:08 - 2009-06-12 19:40 - 00000000 ____D C:\Users\Hikya\AppData\Roaming\vlc
2013-05-28 19:37 - 2013-01-29 12:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-26 07:16 - 2013-02-24 12:45 - 00021372 ____A C:\Users\Hikya\Desktop\Dallas.xlsx
2013-05-17 17:16 - 2013-05-16 21:03 - 00000000 ____D C:\Users\Hikya\Desktop\Samikshaa 1st Bday
2013-05-15 18:14 - 2013-05-14 22:14 - 17613192 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-15 18:14 - 2012-10-14 05:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 18:14 - 2012-10-14 05:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 21:18 - 2006-11-02 07:21 - 00413016 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-14 20:56 - 2006-11-02 04:35 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-05-13 20:38 - 2013-05-13 20:38 - 00000112 ____A C:\Users\Hikya\Desktop\Songs to be loaded.txt

Files to move or delete:
====================
C:\ProgramData\0tbpw.pad

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3963.07 MB
Available physical RAM: 3393.6 MB
Total Pagefile: 3714.57 MB
Available Pagefile: 3357.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (S3A6747D002) (Fixed) (Total:281.54 GB) (Free:19.32 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:7.59 GB) (Free:6.4 GB) NTFS (Disk=0 Partition=3)
Drive f: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.11 GB) NTFS (Disk=0 Partition=1)
Drive h: () (Removable) (Total:30.46 GB) (Free:30.25 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 2EDFC607)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=282 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=7 GB) - (Type=17)

========================================================
Disk: 2 (Size: 30 GB) (Disk ID: 02D5AEE3)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)


LastRegBack: 2013-06-10 16:15

==================== End Of Log==========================

Thanks
KarthikG
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Now please download this file and save it to your Flash Drive.

[attachment=4796]

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.
 

Attachments

  • fixlist.txt
    124 bytes · Views: 96
K

kar.online

New Member
Thread author
Verified
Feb 17, 2013
30
Hi

Attached the fixlog report. But when tried to restart the machine in normal or safe mode, still the system blanks out after displaying the windows logo.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-06-2013
Ran by SYSTEM at 2013-06-11 18:23:52 Run:1
Running from H:\
Boot Mode: Recovery
==============================================

HKU\Hikya\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\ProgramData\0tbpw.pad => Moved successfully.

==== End of Fixlog ====

Thanks
Karthik G
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Press on Control + Alt + Delete key on your keyboard and press on Start Task Manager.

In the Task Manager window press on File --> New Task.

In the New Task window type Explorer.exe and press on Ok.

Now you can see your computer desktop... Let me know after that.
 
K

kar.online

New Member
Thread author
Verified
Feb 17, 2013
30
Hi

Cntrl+Alt+Del is not helping. Restarted the machine in normal/safe mode. As usual once after the windows logo, screen got blacked out. After waiting for 5 mintues pressed control+alt+Del but nothing happened.

Regards
Karthik G
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Try to start the computer in safe mode with Networking........

<h3>STEP 1 : Start your computer in Safe Mode with Networking</h3>
<ol><li>Remove all floppy disks, CDs, and DVDs from your computer, and then <>restart your computer</>.</li>
<li><>Press and hold the F8 key as your computer restarts</>.Please keep in mind that you need to press the F8 key <>before the Windows start-up logo appears</>.
<em>Note</em>: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", <>tap the "F8 key" continuously</> until you get the Advanced Boot Options screen.</li>
<li>On the Advanced Boot Options screen, use the arrow keys to <>highlight Safe Mode with Networking</> , and then <>press ENTER</>.
<img title="Safe Mode with Networking screen" src="http://malwaretips.com/images/removalguide/safemode.jpg" alt="[Image: Safemode.jpg]" width="539" height="292" border="0" /></li>
</ol>
<hr />
 
Last edited by a moderator:
K

kar.online

New Member
Thread author
Verified
Feb 17, 2013
30
Hi

Tried safemode w Networking option. Again the same result. ctrl+alt+del havent helped.

Regards
Karthik G
 
K

kar.online

New Member
Thread author
Verified
Feb 17, 2013
30
Hi

Please find below the results. This time I had enabled the optional options and executed the fARBAR scan.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2013
Ran by SYSTEM on 13-06-2013 08:30:14
Running from H:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet003
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1573160 2008-08-13] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [431968 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, [25088 2008-01-20] (Microsoft Corporation)
HKLM-x32\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM-x32\...\Run: [cfFncEnabler.exe] cfFncEnabler.exe [x]
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [107112 2006-12-07] (Symantec Corporation)
HKLM-x32\...\Run: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe [134808 2006-12-13] (Symantec Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\Games-Karthik\iTunesHelper.exe" [152392 2013-02-19] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)
HKU\Hikya\...\Run: [Google Update] "C:\Users\Hikya\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2008-11-15] (Google Inc.)
HKU\Hikya\...\Run: [FileHippo.com] "C:\Program Files (x86)\Games-Karthik\FileHippo.com\UpdateChecker.exe" /background [307712 2012-11-23] (FileHippo.com)
HKU\Hikya\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [19872 2011-04-14] ()
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Services (Whitelisted) =================

S2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)
S2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-12-07] (Symantec Corporation)
S2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-12-07] (Symantec Corporation)
S2 Crypkey License; C:\Windows\SysWow64\crypserv.exe [69632 2006-02-28] (CrypKey (Canada) Ltd.)
S3 Cwbrxd; C:\Windows\CWBRXD.EXE [65585 2005-06-07] (IBM Corporation)
S2 DefWatch; C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe [30872 2006-12-13] (Symantec Corporation)
S2 gupdate1c9ae3ba4898830; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-03-26] (Google Inc.)
S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [2541248 2006-10-31] (Symantec Corporation)
S2 MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.5\my.ini [8919 2012-07-05] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 ServiceLayer; C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.)
S2 StarWindServiceAE; C:\Program Files (x86)\Games-Karthik\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
S2 Symantec AntiVirus; C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe [1962136 2006-12-13] (Symantec Corporation)
S2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-07-18] (TOSHIBA Corporation)
S3 msiserver; %systemroot%\system32\msiexec /V [x]
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [x]
S2 vvdsvc; C:\Windows\system32\nagasoft\vjocx.dll [x]

==================== Drivers (Whitelisted) ====================

S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-07-31] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-07-31] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-07-31] (Symantec Corporation)
S3 hitmanpro36; C:\Windows\system32\drivers\hitmanpro36.sys [30496 2012-12-06] ()
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130607.005\ENG64.SYS [126040 2013-04-26] (Symantec Corporation)
S3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130607.005\ENG64.SYS [126040 2013-04-26] (Symantec Corporation)
S3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130607.005\EX64.SYS [2098776 2013-04-26] (Symantec Corporation)
S3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130607.005\EX64.SYS [2098776 2013-04-26] (Symantec Corporation)
S1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
S1 NetworkX; C:\Windows\SysWow64\ckldrv.sys [31846 2006-01-09] ()
S3 Nokia USB Generic; C:\Windows\System32\drivers\nmwcdcx64.sys [12288 2006-05-28] (Nokia)
S3 Nokia USB Modem; C:\Windows\System32\drivers\nmwcdcmx64.sys [17408 2006-05-28] (Nokia)
S3 Nokia USB Phone Parent; C:\Windows\System32\drivers\nmwcdx64.sys [162304 2006-05-28] (Nokia)
S3 Nokia USB Port; C:\Windows\System32\drivers\nmwcdcjx64.sys [17408 2006-05-28] (Nokia)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2009-10-02] (Duplex Secure Ltd.)
S1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [394600 2006-11-22] (Symantec Corporation)
S1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [394600 2006-11-22] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [426392 2006-11-22] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [426392 2006-11-22] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [30104 2006-11-22] (Symantec Corporation)
S1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [30104 2006-11-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [156008 2009-09-21] (Symantec Corporation)
S3 u302bus; C:\Windows\System32\DRIVERS\u302bus.sys [154696 2010-07-29] (MCCI Corporation)
S3 u302mdfl; C:\Windows\System32\DRIVERS\u302mdfl.sys [19016 2010-07-29] (MCCI Corporation)
S3 u302mdm; C:\Windows\System32\DRIVERS\u302mdm.sys [175688 2010-07-29] (MCCI Corporation)
S3 u302mgmt; C:\Windows\System32\DRIVERS\u302mgmt.sys [157256 2010-07-29] (MCCI Corporation)
S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [119040 2008-12-30] (ZTEMT Incorporated)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys 1965AAFFAB07E3FB03C77F81BEBA3547
C:\Windows\system32\drivers\adp94xx.sys F14215E37CF124104575073F782111D2
C:\Windows\system32\drivers\adpahci.sys 7D05A75E3066861A6610F7EE04FF085C
C:\Windows\system32\drivers\adpu160m.sys 820A201FE08A0C345B3BEDBC30E1A77C
C:\Windows\system32\drivers\adpu320.sys 9B4AB6854559DC168FBB4C24FC52E794
C:\Windows\system32\drivers\afd.sys C4F6CE6087760AD70960C9EB130E7943
C:\Windows\System32\DRIVERS\agrsm64.sys 3627A62B10284FFBF862BFD49928EDF4
C:\Windows\system32\drivers\agp440.sys F6F6793B7F17B550ECFDBD3B229173F7
C:\Windows\system32\drivers\djsvs.sys 222CB641B4B8A1D1126F8033F9FD6A00
C:\Windows\system32\drivers\aliide.sys 157D0898D4B73F075CE9FA26B482DF98
C:\Windows\system32\drivers\amdide.sys 970FA5059E61E30D25307B99903E991E
C:\Windows\system32\drivers\amdk8.sys CDC3632A3A5EA4DBB83E46076A3165A1
C:\Windows\System32\Drivers\ssadadb.sys 4DE0D5D747A73797C95A97DCCE5018B5
C:\Windows\system32\drivers\arc.sys BA8417D4765F3988FF921F30F630E303
C:\Windows\system32\drivers\arcsas.sys 9D41C435619733B34CC16A511E644B11
C:\Windows\System32\DRIVERS\asyncmac.sys 22D13FF3DAFEC2A80634752B1EAA2DE6
C:\Windows\System32\drivers\atapi.sys E68D9B3A3905619732F7FE039466A623
C:\Windows\system32\drivers\blbdrive.sys 79FEEB40056683F8F61398D81DDA65D2
C:\Windows\System32\DRIVERS\bowser.sys 2348447A80920B2493A9B582A23E81E1
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys F0F0BA4D815BE446AA6A4583CA3BCA9B
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys E0777B34E05F8A82A21856EFC900C29F
C:\Windows\System32\DRIVERS\cdfs.sys B4D787DB8D30793A4D4DF9FEED18F136
C:\Windows\System32\DRIVERS\cdrom.sys C025AA69BE3D0D25C7A2E746EF6F94FC
C:\Windows\system32\drivers\circlass.sys 02EA568D498BBDD4BA55BF3FCE34D456
C:\Windows\System32\CLFS.sys 3DCA9A18B204939CFB24BEA53E31EB48
C:\Windows\System32\DRIVERS\CmBatt.sys B52D9A14CE4101577900A364BA86F3DF
C:\Windows\system32\drivers\cmdide.sys E5D5499A1C50A54B5161296B6AFE6192
C:\Windows\System32\DRIVERS\compbatt.sys 7FB8AD01DB0EABE60C8A861531A8F431
C:\Windows\System32\drivers\crcdisk.sys A8585B6412253803CE8EFCBD6D6DC15C
C:\Windows\System32\Drivers\dfsc.sys 8B722BA35205C71E7951CDC4CDBADE19
C:\Windows\System32\drivers\disk.sys B0107E40ECDB5FA692EBF832F295D905
C:\Windows\System32\drivers\drmkaud.sys F1A78A98CFC2EE02144C6BEC945447E6
C:\Windows\System32\drivers\dxgkrnl.sys F3932288EEECD776FF1F9F653AD878F3
C:\Windows\System32\DRIVERS\E1G6032E.sys 264CEE7B031A9D6C827F3D0CB031F2FE
C:\Windows\System32\drivers\ecache.sys 5F94962BE5A62DB6E447FF6470C4F48A
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 4353FF94D47A0A9D52B89ECCF0CDB013
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 4353FF94D47A0A9D52B89ECCF0CDB013
C:\Windows\system32\drivers\elxstor.sys C4636D6E10469404AB5308D9FD45ED07
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys C5BCCB378D0A896304A3E71BE7215983
C:\Windows\system32\drivers\errdev.sys BC3A58E938BB277E46BF4B3003B01ABD
C:\Windows\System32\Drivers\exfat.sys 486844F47B6636044A42454614ED4523
C:\Windows\System32\Drivers\fastfat.sys 1A4BEE34277784619DDAF0422C0C6E23
C:\Windows\System32\DRIVERS\fdc.sys 81B79B6DF71FA1D2C6D688D830616E39
C:\Windows\System32\drivers\fileinfo.sys 457B7D1D533E4BD62A99AED9C7BB4C59
C:\Windows\System32\drivers\filetrace.sys D421327FD6EFCCAF884A54C58E1B0D7F
C:\Windows\System32\DRIVERS\flpydisk.sys 230923EA2B80F79B0F88D90F87B87EBD
C:\Windows\System32\drivers\fltmgr.sys E3041BC26D6930D61F42AEDB79C91720
C:\Windows\System32\Drivers\Fs_Rec.sys 5779B86CD8B32519FBECB136394D946A
C:\Windows\System32\DRIVERS\FwLnk.sys 6D06B5EEBBA23C16789EFC820EE1F253
C:\Windows\system32\drivers\gagp30kx.sys C8E416668D3DC2BE3D4FE4C79224997F
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\drivers\HdAudio.sys DF45F8142DC6DF9D18C39B3EFFBD0409
C:\Windows\System32\DRIVERS\HDAudBus.sys F942C5820205F2FB453243EDFEC82A3D
C:\Windows\system32\drivers\hidbth.sys B4881C84A180E75B8C25DC1D726C375F
C:\Windows\system32\drivers\hidir.sys 4E77A77E2C986E8F88F996BB3E1AD829
C:\Windows\System32\DRIVERS\hidusb.sys 443BDD2D30BB4F00795C797E2CF99EDF
C:\Windows\system32\drivers\hitmanpro36.sys 44F92C1F913E582BEF9CAC66443C6230
C:\Windows\system32\drivers\hpcisss.sys D7109A1E6BD2DFDBCBA72A6BC626A13B
C:\Windows\System32\drivers\HTTP.sys 098F1E4E5C9CB5B0063A959063631610
C:\Windows\System32\DRIVERS\ewusbmdm.sys 3E31C1470ABA81BA2DCB956F8504C037
C:\Windows\System32\DRIVERS\ewusbdev.sys B45B3647BA32749B94FA689175EC8C26
C:\Windows\system32\drivers\i2omp.sys DA94C854CEA5FAC549D4E1F6E88349E8
C:\Windows\System32\DRIVERS\i8042prt.sys CBB597659A2713CE0C9CC20C88C7591F
C:\Windows\System32\DRIVERS\iaStor.sys 8D58627FEF3F8767665D9F4DC91CBD97
C:\Windows\system32\drivers\iastorv.sys 3E3BF3627D886736D0B4E90054F929F6
C:\Windows\System32\DRIVERS\igdkmd64.sys 663E7364F650A915D415EEB2DA98D86A
C:\Windows\system32\drivers\iirsp.sys 8C3951AD2FE886EF76C7B5027C3125D3
C:\Windows\System32\drivers\RTKVHD64.sys 1835B384D2D66752ED1460E9085230BD
C:\Windows\system32\drivers\intelide.sys DF797A12176F11B2D301C5B234BB200E
C:\Windows\System32\DRIVERS\intelppm.sys BFD84AF32FA1BAD6231C4585CB469630
C:\Windows\System32\DRIVERS\ipfltdrv.sys D8AABC341311E4780D6FCE8C73C0AD81
C:\Windows\system32\drivers\ipmidrv.sys 9C2EE2E6E5A7203BFAE15C299475EC67
C:\Windows\System32\DRIVERS\ipnat.sys B7E6212F581EA5F6AB0C3A6CEEEB89BE
C:\Windows\System32\drivers\irenum.sys 8C42CA155343A2F11D29FECA67FAA88D
C:\Windows\system32\drivers\isapnp.sys 0672BFCEDC6FC468A2B0500D81437F4F
C:\Windows\System32\DRIVERS\msiscsi.sys E4FDF99599F27EC25D2CF6D754243520
C:\Windows\system32\drivers\iteatapi.sys 63C766CDC609FF8206CB447A65ABBA4A
C:\Windows\system32\drivers\iteraid.sys 1281FE73B17664631D12F643CBEA3F59
C:\Windows\System32\DRIVERS\kbdclass.sys 423696F3BA6472DD17699209B933BC26
C:\Windows\System32\DRIVERS\kbdhid.sys BF8783A5066CFECF45095459E8010FA7
C:\Windows\System32\Drivers\ksecdd.sys 88956AD9FA510848AD176777A6C6C1F5
C:\Windows\system32\drivers\ksthunk.sys 1D419CF43DB29396ECD7113D129D94EB
C:\Windows\System32\DRIVERS\lltdio.sys 96ECE2659B6654C10A0C310AE3A6D02C
C:\Windows\system32\drivers\lsi_fc.sys ACBE1AF32D3123E330A07BFBC5EC4A9B
C:\Windows\system32\drivers\lsi_sas.sys 799FFB2FC4729FA46D2157C0065B3525
C:\Windows\system32\drivers\lsi_scsi.sys F445FF1DAAD8A226366BFAF42551226B
C:\Windows\system32\drivers\luafv.sys 52F87B9CC8932C2A7375C3B2A9BE5E3E
C:\Windows\system32\drivers\megasas.sys 5C5CD6AACED32FB26C3FB34B3DCF972F
C:\Windows\system32\drivers\megasr.sys 859BC2436B076C77C159ED694ACFE8F8
C:\Windows\System32\drivers\modem.sys 59848D5CC74606F0EE7557983BB73C2E
C:\Windows\System32\DRIVERS\monitor.sys C247CC2A57E0A0C8C6DCCF7807B3E9E5
C:\Windows\System32\DRIVERS\mouclass.sys 9367304E5E412B120CF5F4EA14E4E4F1
C:\Windows\System32\DRIVERS\mouhid.sys C2C2BD5C5CE5AAF786DDD74B75D2AC69
C:\Windows\System32\drivers\mountmgr.sys 11BC9B1E8801B01F7F6ADB9EAD30019B
C:\Windows\system32\drivers\mpio.sys F8276EB8698142884498A528DFEA8478
C:\Windows\System32\drivers\mpsdrv.sys C92B9ABDB65A5991E00C28F13491DBA2
C:\Windows\system32\drivers\mraid35x.sys 3C200630A89EF2C0864D515B7A75802E
C:\Windows\system32\drivers\mrxdav.sys 7C1DE4AA96DC0C071611F9E7DE02A68D
C:\Windows\System32\DRIVERS\mrxsmb.sys 1485811B320FF8C7EDAD1CAEBB1C6C2B
C:\Windows\System32\DRIVERS\mrxsmb10.sys 3B929A60C833FC615FD97FBA82BC7632
C:\Windows\System32\DRIVERS\mrxsmb20.sys C64AB3E1F53B4F5B5BB6D796B2D7BEC3
C:\Windows\System32\drivers\msahci.sys 730B784962D22D2C6481EAE2370E7C8C
C:\Windows\system32\drivers\msdsm.sys 264BBB4AAF312A485F0E44B65A6B7202
C:\Windows\System32\Drivers\Msfs.sys 704F59BFC4512D2BB0146AEC31B10A7C
C:\Windows\System32\drivers\msisadrv.sys 00EBC952961664780D43DCA157E79B27
C:\Windows\System32\drivers\MSKSSRV.sys 0EA73E498F53B96D83DBFCA074AD4CF8
C:\Windows\System32\drivers\MSPCLOCK.sys 52E59B7E992A58E740AA63F57EDBAE8B
C:\Windows\System32\drivers\MSPQM.sys 49084A75BAE043AE02D5B44D02991BB2
C:\Windows\System32\Drivers\MsRPC.sys DC6CCF440CDEDE4293DB41C37A5060A5
C:\Windows\System32\DRIVERS\mssmbios.sys 855796E59DF77EA93AF46F20155BF55B
C:\Windows\System32\drivers\MSTEE.sys 86D632D75D05D5B7C7C043FA3564AE86
C:\Windows\System32\Drivers\mup.sys 0CC49F78D8ACA0877D885F149084E543
C:\Windows\System32\DRIVERS\nwifi.sys 2007B826C4ACD94AE32232B41F0842B9
C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130607.005\ENG64.SYS 56540E526B46E379A476FB5BC381B290
C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130607.005\ENG64.SYS 56540E526B46E379A476FB5BC381B290
C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130607.005\EX64.SYS 8A19D3991F9F14B885CDE8BC640F6B68
C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130607.005\EX64.SYS 8A19D3991F9F14B885CDE8BC640F6B68
C:\Windows\System32\drivers\ndis.sys 65950E07329FCEE8E6516B17C8D0ABB6
C:\Windows\System32\DRIVERS\ndistapi.sys 64DF698A425478E321981431AC171334
C:\Windows\System32\DRIVERS\ndisuio.sys 8BAA43196D7B5BB972C9A6B2BBF61A19
C:\Windows\System32\DRIVERS\ndiswan.sys F8158771905260982CE724076419EF19
C:\Windows\System32\Drivers\NDProxy.sys 9CB77ED7CB72850253E973A2D6AFDF49
C:\Windows\System32\DRIVERS\netbios.sys A499294F5029A7862ADC115BDA7371CE
C:\Windows\System32\DRIVERS\netbt.sys FC2C792EBDDC8E28DF939D6A92C83D61
C:\Windows\System32\DRIVERS\NETw5v64.sys 2BDCB7B7917380794C9D87AC2153CE33
C:\Windows\system32\ckldrv.sys 2263727032E9B19231A706046B8C82D3
C:\Windows\SysWow64\ckldrv.sys 598D2F0176B169118F025F3ED6444D16
C:\Windows\system32\drivers\nfrd960.sys 4AC08BD6AF2DF42E0C3196D826C8AEA7
C:\Windows\System32\drivers\nmwcdcx64.sys 714786E0A7756E77E76E392C900DFD05
C:\Windows\System32\drivers\nmwcdcmx64.sys 6CE5BB71D6FB744A0F4AD915EFE5B882
C:\Windows\System32\drivers\nmwcdx64.sys B71D2898BE03D1D7E7C573B901366ECE
C:\Windows\System32\drivers\nmwcdcjx64.sys 6CE5BB71D6FB744A0F4AD915EFE5B882
C:\Windows\System32\Drivers\Npfs.sys B298874F8E0EA93F06EC40AA8D146478
C:\Windows\System32\drivers\nsiproxy.sys 1523AF19EE8B030BA682F7A53537EAEB
C:\Windows\System32\Drivers\Ntfs.sys 2ACCAA3C3C55370A32F17B3595E1A217
C:\Windows\System32\Drivers\Null.sys DD5D684975352B85B52E3FD5347C20CB
C:\Windows\system32\drivers\nvraid.sys 2C040B7ADA5B06F6FACADAC8514AA034
C:\Windows\system32\drivers\nvstor.sys F7EA0FE82842D05EDA3EFDD376DBFDBA
C:\Windows\system32\drivers\nv_agp.sys 19067CA93075EF4823E3938A686F532F
C:\Windows\system32\drivers\ohci1394.sys 7B58953E2F263421FDBB09A192712A85
C:\Windows\system32\drivers\parport.sys AECD57F94C887F58919F307C35498EA0
C:\Windows\System32\drivers\partmgr.sys B43751085E2ABE389DA466BC62A4B987
C:\Windows\System32\drivers\pci.sys 47AB1E0FC9D0E12BB53BA246E3A0906D
C:\Windows\System32\DRIVERS\pciide.sys 8D618C829034479985A9ED56106CC732
C:\Windows\system32\drivers\pcmcia.sys 037661F3D7C507C9993B7010CEEE6288
C:\Windows\System32\drivers\peauth.sys 58865916F53592A61549B04941BFD80D
C:\Windows\System32\DRIVERS\raspptp.sys 23386E9952025F5F21C368971E2E7301
C:\Windows\system32\drivers\processr.sys 5080E59ECEE0BC923F14018803AA7A01
C:\Windows\System32\DRIVERS\pacer.sys C5AB7F0809392D0DA027F4A2A81BFA31
C:\Windows\System32\Drivers\PxHlpa64.sys 46851BC18322DA70F3F2299A1007C479
C:\Windows\system32\drivers\ql2300.sys 0B83F4E681062F3839BE2EC1D98FD94A
C:\Windows\system32\drivers\ql40xx.sys E1C80F8D4D1E39EF9595809C1369BF2A
C:\Windows\system32\drivers\qwavedrv.sys E8D76EDAB77EC9C634C27B8EAC33ADC5
C:\Windows\System32\DRIVERS\rasacd.sys 1013B3B663A56D3DDD784F581C1BD005
C:\Windows\System32\DRIVERS\rasl2tp.sys AC7BC4D42A7E558718DFDEC599BBFC2C
C:\Windows\System32\DRIVERS\raspppoe.sys 4517FBF8B42524AFE4EDE1DE102AAE3E
C:\Windows\System32\DRIVERS\rassstp.sys C6A593B51F34C33E5474539544072527
C:\Windows\System32\DRIVERS\rdbss.sys 322DB5C6B55E8D8EE8D6F358B2AAABB1
C:\Windows\System32\DRIVERS\RDPCDD.sys 603900CC05F6BE65CCBF373800AF3716
C:\Windows\system32\drivers\rdpdr.sys C045D1FB111C28DF0D1BE8D4BDA22C06
C:\Windows\System32\drivers\rdpencdd.sys CAB9421DAF3D97B33D0D055858E2C3AB
C:\Windows\System32\Drivers\RDPWD.sys AE4BD9E1C33D351D8E607FC81F15160C
C:\Windows\System32\DRIVERS\rspndr.sys 22A9CB08B1A6707C1550C6BF099AAE73
C:\Windows\System32\DRIVERS\Rtlh64.sys B263B3AEBCDE2210D1CC25756601B8EA
C:\Windows\System32\drivers\RTSTOR64.SYS 108729909CE285A352A1D1CB96BB1B2E
C:\Windows\system32\drivers\sbp2port.sys CD9C693589C60AD59BBBCFB0E524E01B
C:\Windows\system32\drivers\serenum.sys F71BFE7AC6C52273B7C82CBF1BB2A222
C:\Windows\system32\drivers\serial.sys E62FAC91EE288DB29A9696A9D279929C
C:\Windows\system32\drivers\sermouse.sys A842F04833684BCEEA7336211BE478DF
C:\Windows\system32\drivers\sffdisk.sys 14D4B4465193A87C127933978E8C4106
C:\Windows\system32\drivers\sffp_mmc.sys 7073AEE3F82F3D598E3825962AA98AB2
C:\Windows\system32\drivers\sffp_sd.sys 35E59EBE4A01A0532ED67975161C7B82
C:\Windows\system32\drivers\sfloppy.sys 6B7838C94135768BD455CBDC23E39E5F
C:\Windows\system32\drivers\sisraid2.sys 7A5DE502AEB719D4594C6471060A78B3
C:\Windows\system32\drivers\sisraid4.sys 3A2F769FAB9582BC720E11EA1DFB184D
C:\Windows\System32\DRIVERS\smb.sys 290B6F6A0EC4FCDFC90F5CB6D7020473
C:\Windows\System32\Drivers\spldr.sys 386C3C63F00A7040C7EC5E384217E89D
C:\Windows\System32\Drivers\sptd.sys 88E5162E58C8919CC873F5D8946197CF
C:\Windows\System32\Drivers\SRTSP64.SYS C2DDF8538A868639289663004A2020C4
C:\Windows\SysWow64\Drivers\SRTSP64.SYS C2DDF8538A868639289663004A2020C4
C:\Windows\System32\Drivers\SRTSPL64.SYS BAC5F3AD735B0D1C85F48CA00A422CF9
C:\Windows\SysWow64\Drivers\SRTSPL64.SYS BAC5F3AD735B0D1C85F48CA00A422CF9
C:\Windows\System32\Drivers\SRTSPX64.SYS 2BC8CFCD55481B6159AE2FCD09C8A4A6
C:\Windows\SysWow64\Drivers\SRTSPX64.SYS 2BC8CFCD55481B6159AE2FCD09C8A4A6
C:\Windows\System32\DRIVERS\srv.sys 880A57FCCB571EBD063D4DD50E93E46D
C:\Windows\System32\DRIVERS\srv2.sys A1AD14A6D7A37891FFFECA35EBBB0730
C:\Windows\System32\DRIVERS\srvnet.sys 4BED62F4FA4D8300973F1151F4C4D8A7
C:\Windows\System32\DRIVERS\ssadbus.sys D52282225D5BD73A9CBF420699D1A0FE
C:\Windows\System32\DRIVERS\ssadmdfl.sys F7936AC6E8437E10E1AE488CE21F3086
C:\Windows\System32\DRIVERS\ssadmdm.sys 1FE033372A58C67B3ECCA903FC637B36
C:\Windows\System32\DRIVERS\ssadserd.sys 5EB7DA2F72B90C8398DF9D7A82E43FCB
C:\Windows\System32\DRIVERS\swenum.sys 8A851CA908B8B974F89C50D2E18D4F0C
C:\Windows\system32\drivers\symc8xx.sys 2F26A2C6FC96B29BEFF5D8ED74E6625B
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 6FEFA9749BFB5FD8C3A20E5C58817936
C:\Windows\system32\drivers\sym_hi.sys A909667976D3BCCD1DF813FED517D837
C:\Windows\system32\drivers\sym_u3.sys 36887B56EC2D98B9C362F6AE4DE5B7B0
C:\Windows\System32\DRIVERS\SynTP.sys D8EDB37F6E235A47E12F1EAFD85C2B6F
C:\Windows\System32\drivers\tcpip.sys 0E970F59D7FBB838316176B19A2ADB82
C:\Windows\System32\DRIVERS\tcpip.sys 0E970F59D7FBB838316176B19A2ADB82
C:\Windows\System32\drivers\tcpipreg.sys C7E72A4071EE0200E3C075DACFB2B334
C:\Windows\System32\DRIVERS\tdcmdpst.sys D45586A9FACB2C9708B10E491EF748A6
C:\Windows\System32\drivers\tdpipe.sys 1D8BF4AAA5FB7A2761475781DC1195BC
C:\Windows\System32\drivers\tdtcp.sys 7F7E00CDF609DF657F4CDA02DD1C9BB1
C:\Windows\System32\DRIVERS\tdx.sys 458919C8C42E398DC4802178D5FFEE27
C:\Windows\System32\DRIVERS\termdd.sys 8C19678D22649EC002EF2282EAE92F98
C:\Windows\System32\DRIVERS\tos_sps64.sys DD50A5DF5F7B29FDB6B5FEA728C43DC3
C:\Windows\System32\DRIVERS\tssecsrv.sys 9E5409CD17C8BEF193AAD498F3BC2CB8
C:\Windows\System32\DRIVERS\tunmp.sys 89EC74A9E602D16A75A4170511029B3C
C:\Windows\System32\DRIVERS\tunnel.sys 30A9B3F45AD081BFFC3BCAA9C812B609
C:\Windows\System32\DRIVERS\TVALZ_O.SYS 9A744CC3D804EC38A6C2C65BC3C6FCD8
C:\Windows\System32\DRIVERS\u302bus.sys 571ED62975DB4966BC691B8A896DA571
C:\Windows\System32\DRIVERS\u302mdfl.sys 358ED7D7335F8EE5AC8124D6F798E493
C:\Windows\System32\DRIVERS\u302mdm.sys A3AE40C453C071DF6BD550407F9579F1
C:\Windows\System32\DRIVERS\u302mgmt.sys 1323D648F902C7075A20B794BFB54AF6
C:\Windows\system32\drivers\uagp35.sys FEC266EF401966311744BD0F359F7F56
C:\Windows\System32\DRIVERS\udfs.sys FAF2640A2A76ED03D449E443194C4C34
C:\Windows\system32\drivers\uliagpkx.sys 4EC9447AC3AB462647F60E547208CA00
C:\Windows\system32\drivers\uliahci.sys 697F0446134CDC8F99E69306184FBBB4
C:\Windows\system32\drivers\ulsata.sys 31707F09846056651EA2C37858F5DDB0
C:\Windows\system32\drivers\ulsata2.sys 85E5E43ED5B48C8376281BAB519271B7
C:\Windows\System32\DRIVERS\umbus.sys 46E9A994C4FED537DD951F60B86AD3F4
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\drivers\usbaudio.sys C6BA890DE6E41857FBE84175519CAE7D
C:\Windows\System32\DRIVERS\usbccgp.sys 07E3498FC60834219D2356293DA0FECC
C:\Windows\system32\drivers\usbcir.sys 9247F7E0B65852C1F6631480984D6ED2
C:\Windows\System32\DRIVERS\usbehci.sys 827E44DE934A736EA31E91D353EB126F
C:\Windows\System32\DRIVERS\usbhub.sys BB35CD80A2ECECFADC73569B3D70C7D1
C:\Windows\system32\drivers\usbohci.sys EBA14EF0C07CEC233F1529C698D0D154
C:\Windows\system32\drivers\usbprint.sys ACFEE697AF477021BB3EC78C5431FED2
C:\Windows\System32\DRIVERS\USBSTOR.SYS B854C1558FCA0C269A38663E8B59B581
C:\Windows\System32\DRIVERS\usbuhci.sys B2872CBF9F47316ABD0E0C74A1ABA507
C:\Windows\System32\Drivers\usbvideo.sys FC33099877790D51B0927B7039059855
C:\Windows\System32\DRIVERS\usb8023x.sys C690C8B45DB67DBA284B72D1FD649D2C
C:\Windows\System32\Drivers\UVCFTR_S.SYS 060B7863943625E0193A3575C0C59E52
C:\Windows\System32\DRIVERS\vgapnp.sys 916B94BCF1E09873FFF2D5FB11767BBC
C:\Windows\System32\drivers\vga.sys B83AB16B51FEDA65DD81B8C59D114D63
C:\Windows\system32\drivers\viaide.sys 8294B6C3FDB6C33F24E150DE647ECDAA
C:\Windows\System32\drivers\volmgr.sys 2B7E885ED951519A12C450D24535DFCA
C:\Windows\System32\drivers\volmgrx.sys CEC5AC15277D75D9E5DEC2E1C6EAF877
C:\Windows\System32\drivers\volsnap.sys 582F710097B46140F5A89A19A6573D4B
C:\Windows\system32\drivers\vsmraid.sys A68F455ED2673835209318DD61BFBB0E
C:\Windows\system32\drivers\wacompen.sys FEF8FE5923FEAD2CEE4DFABFCE3393A7
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\system32\drivers\wd.sys 0C17A0816F65B89E362E682AD5E7266E
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\system32\drivers\wmiacpi.sys E18AEBAAA5A773FE11AA2C70F65320F5
C:\Windows\System32\DRIVERS\wpdusb.sys 5E2401B3FC1089C90E081291357371A9
C:\Windows\system32\drivers\ws2ifsl.sys 8A900348370E359B6BFF6A550E4649E1
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys 53C57E5264CEB6A20C1F4058EF68F91C

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-10 23:40 - 2013-06-10 23:40 - 00000000 ____D C:\FRST
2013-06-03 19:43 - 2013-06-11 15:26 - 00002976 ____A C:\Windows\error.log
2013-06-03 19:41 - 2013-06-11 15:25 - 00000672 ____A C:\Windows\errord.log
2013-05-16 21:03 - 2013-05-17 17:16 - 00000000 ____D C:\Users\Hikya\Desktop\Samikshaa 1st Bday
2013-05-14 22:14 - 2013-05-15 18:14 - 17613192 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-14 21:06 - 2013-04-04 17:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-14 21:06 - 2013-04-04 17:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-14 21:06 - 2013-04-04 17:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-14 21:06 - 2013-04-04 16:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-14 21:06 - 2013-04-04 16:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-14 21:06 - 2013-04-04 16:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-14 21:06 - 2013-04-04 16:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-14 21:06 - 2013-04-04 16:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-14 21:06 - 2013-04-04 16:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-14 21:06 - 2013-04-04 16:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-14 21:06 - 2013-04-04 16:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-14 21:06 - 2013-04-04 16:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-14 21:06 - 2013-04-04 16:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-14 21:06 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-14 21:06 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-14 21:06 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-14 21:06 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-14 21:06 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-14 21:06 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-14 21:06 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-14 21:06 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-14 21:06 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-14 21:06 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-14 21:06 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-14 21:06 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-14 21:06 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-14 21:05 - 2013-04-04 17:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-14 21:05 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-14 20:45 - 2013-05-05 13:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-14 20:45 - 2013-05-05 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-14 20:45 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-14 20:45 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-14 13:28 - 2013-04-15 06:17 - 00901496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-14 13:28 - 2013-04-12 19:34 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 13:28 - 2013-04-08 17:55 - 02774016 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

==================== One Month Modified Files and Folders =======

2013-06-11 15:26 - 2013-06-03 19:43 - 00002976 ____A C:\Windows\error.log
2013-06-11 15:25 - 2013-06-03 19:41 - 00000672 ____A C:\Windows\errord.log
2013-06-10 23:40 - 2013-06-10 23:40 - 00000000 ____D C:\FRST
2013-06-08 22:16 - 2013-03-10 07:18 - 00000632 ____A C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-06-08 22:15 - 2009-08-07 05:17 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-08 22:15 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-08 22:15 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-08 22:15 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-08 15:11 - 2013-02-10 15:31 - 01536432 ____A C:\Windows\WindowsUpdate.log
2013-06-08 15:11 - 2006-11-02 07:42 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-08 15:00 - 2009-08-29 06:38 - 00000466 ____A C:\Windows\Tasks\ParetoLogic Registration.job
2013-06-08 14:20 - 2009-08-16 18:47 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-78491554-1894749589-2703256951-1000UA.job
2013-06-08 14:19 - 2009-08-07 05:17 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-08 14:14 - 2013-03-15 19:53 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-07 20:27 - 2009-08-16 18:47 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-78491554-1894749589-2703256951-1000Core.job
2013-06-07 12:21 - 2010-02-17 05:25 - 00000000 ____D C:\Users\Hikya\Application Data\Mozilla
2013-06-07 12:21 - 2010-02-17 05:25 - 00000000 ____D C:\Users\Hikya\AppData\Roaming\Mozilla
2013-06-04 21:46 - 2013-03-10 07:18 - 00000628 ____A C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-06-01 18:40 - 2008-11-29 10:36 - 00000000 ____D C:\Users\Hikya\Application Data\Skype
2013-06-01 18:40 - 2008-11-29 10:36 - 00000000 ____D C:\Users\Hikya\AppData\Roaming\Skype
2013-05-31 18:33 - 2006-11-02 04:46 - 00703516 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-31 18:11 - 2009-08-21 03:53 - 00001187 ____A C:\Users\Hikya\Desktop\Notepad.txt
2013-05-31 18:08 - 2009-06-12 19:40 - 00000000 ____D C:\Users\Hikya\Application Data\vlc
2013-05-31 18:08 - 2009-06-12 19:40 - 00000000 ____D C:\Users\Hikya\AppData\Roaming\vlc
2013-05-28 19:37 - 2013-01-29 12:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-26 07:16 - 2013-02-24 12:45 - 00021372 ____A C:\Users\Hikya\Desktop\Dallas.xlsx
2013-05-17 17:16 - 2013-05-16 21:03 - 00000000 ____D C:\Users\Hikya\Desktop\Samikshaa 1st Bday
2013-05-15 18:14 - 2013-05-14 22:14 - 17613192 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-15 18:14 - 2012-10-14 05:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 18:14 - 2012-10-14 05:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 21:18 - 2006-11-02 07:21 - 00413016 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-14 20:56 - 2006-11-02 04:35 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {default}
resumeobject {1b3ddaa5-4eec-11dd-8b08-001e33463af1}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
resume No

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-US
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {1b3ddaa5-4eec-11dd-8b08-001e33463af1}
nx OptIn

Windows Boot Loader
-------------------
identifier {current}
device ramdisk=[F:]\Sources\Boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path \windows\system32\boot\winload.exe
description Windows Recovery Environment
osdevice ramdisk=[F:]\Sources\Boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes

Resume from Hibernate
---------------------
identifier {1b3ddaa5-4eec-11dd-8b08-001e33463af1}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {ntldr}
device unknown
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description Ramdisk Device Options
ramdisksdidevice partition=F:
ramdisksdipath \boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3963.07 MB
Available physical RAM: 3393.3 MB
Total Pagefile: 3714.57 MB
Available Pagefile: 3357.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (S3A6747D002) (Fixed) (Total:281.54 GB) (Free:19.34 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:7.59 GB) (Free:6.4 GB) NTFS (Disk=0 Partition=3)
Drive f: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.11 GB) NTFS (Disk=0 Partition=1)
Drive h: () (Removable) (Total:30.46 GB) (Free:30.25 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 2EDFC607)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=282 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=7 GB) - (Type=17)

========================================================
Disk: 2 (Size: 30 GB) (Disk ID: 02D5AEE3)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)


LastRegBack: 2013-06-12 07:40

==================== End Of Log ============================

Thanks
Karthik G
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Lets create a bootable HitmanPro Rescue Disk and run a scan:
STEP 1: Create a HitmanPro.Kickstart USB flash drive
<ol>
<li>While you are using a "clean" (non-infected) computer, <>download HitmanPro</> from the below link.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Insert your USB flash drive into your computer and then follow the instructions from the below video:
<iframe src="http://www.youtube.com/embed/aBS902Qr0oc?rel=0" frameborder="0" width="640" height="360"></iframe></li>
</ol>
STEP 2: Remove infection with HitmanPro.Kickstart
<ol>
<li>After you have create the HitmanPro.Kickstart USB flash drive, you can <>insert this USB drive into the infected machine</> and start your computer</li>
<li>Once the computer starts <>repeatedly tap the F11 key </>(on some machines its <em>F10</em> or <em>F2</em>),which should bring up the Boot Menu, from there you can select to boot from your USB.
Next,you'll need to <>perform a system scan with HitmanPro</> as see in the below video:
<iframe src="http://www.youtube.com/embed/lUNHidkYsDQ?rel=0" frameborder="0" width="640" height="360"></iframe></li>
</ol>

<hr />
 
Last edited by a moderator:
K

kar.online

New Member
Thread author
Verified
Feb 17, 2013
30
Hi

As suggested created a boot usb, altered the boot menu but the output is still the same. My system got blacked out after the windows logo.

Regards
Karthik G
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
<h3>STEP 1 : System Restore from Recovery Console.</h3>
<ol><li>Remove all floppy disks, CDs, and DVDs from your computer, and then <>restart your computer</>.</li>
<li><>Press and hold the F8 key as your computer restarts</>.Please keep in mind that you need to press the F8 key <>before the Windows start-up logo appears</>.
<em>Note</em>: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", <>tap the "F8 key" continuously</> until you get the Advanced Boot Options screen.</li>
<li>On the Advanced Boot Options screen, use the arrow keys to <>highlight Repair Your Computer</> , and then <>press ENTER</>.
<img title="Safe Mode with Networking screen" src="http://www.diy-computer-repair.com/image-files/repair-dual-boot-2.jpg" alt="[Image: Safemode.jpg]" width="539" height="292" border="0" /></li>
<li>Select your keyboard language preferences and click on Next. </li>
<li>Select your user name and type in the password, and then click on OK. </li>
<li>Select the option “System Restore and press enter. </li>
<li>Now Select one Restore Point and restart your computer to a date where your computer was working fine.. </li>

</ol>
<hr />
 
Last edited by a moderator:
K

kar.online

New Member
Thread author
Verified
Feb 17, 2013
30
Hi

I tried these repair option earlier too, but it havent repaired all the files I believe. Unfortunately there is no restore point in my system.

Regards
Karthik G
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Okay...

<h2>STEP 1: Download and create a bootable Kaspersky Rescue Disk CD</h2>
<ol>
<li><>Download the Kaspersky Rescue Disk ISO</>image from below.
<a href="http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable" rel="nofollow"><img title="Download Kaspersky resecue disk" src="http://malwaretips.com/images/removalguide/downloadnow.gif" alt="download kaspersky rescue disk" width="345" height="100" /></a></li>
<li><>Download ImgBurn</>, a software that will help us create this bootable disk.
<a href="http://www.imgburn.com/index.php?act=download" rel="nofollow"><img title="Download ImgBurn" src="http://malwaretips.com/images/removalguide/downloadnow.gif" alt="download ImgBurn" width="345" height="100" /></a></li>
<li>You can now <>insert your blank DVD/CD in your burner</>.</li>
<li><>Install ImgBurn by following the prompts</> and then start this program.</li>
<li>Click on the <>Write image file to disc</> button.
<img title="Create a bootable CD" src="http://malwaretips.com/images/removalguide/img1.png" alt="Create bootable CD step1" width="510" height="537" /></li>
<li>Under <>'Source'</> click on the <>Browse for file</> button, then browse to the location where you previously saved the Kaspersky Rescue Disk ISO file.(kav_rescue_10.iso)
<img title="Browse to the Kaspersky Rescue Disk Image" src="http://malwaretips.com/images/removalguide/img3.png" alt="Create bootable CD step2" width="512" height="171" /></li>
<li>Click on the big <>Write</> button.
<img title="Click 'Write' to create the bootable disk" src="http://malwaretips.com/images/removalguide/img4.png" alt="Create bootable CD step3" width="480" height="91" /></li>
<li>The disc creation process will now start and it will take around 5-10 minutes to complete.</li>
</ol>
<h2>STEP 2:Configure the infected computer to boot from CD-ROM</h2>
<ol>
<li><>Use the Delete or F2 keys, to load the BIOS menu</>.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:
<img title="Boot into BIOS" src="http://malwaretips.com/images/removalguide/kasp1.png" alt="Boot into Bios" width="285" height="137" /></li>
<li>In your PC <>BIOS</> settings select the <>Boot menu</> and set CD/DVD-ROM as a primary boot device.
<img title="Select to boot from CD" src="http://malwaretips.com/images/removalguide/kasp2.png" alt="Boot into BIOS Step2" width="250" height="146" /></li>
<li><>Insert your Kaspersky Rescue Disk and restart your computer.</></li>
</ol>
<h2>STEP 3:Boot your computer from Kaspersky Rescue Disk</h2>
<ol>
<li>Your computer will now boot from the Kaspersky Rescue Disk,and you'll be asked to <>press any key</> to proceed with this process
<img title="Press any key" src="http://malwaretips.com/images/removalguide/kasp3.png" alt="Kaspersky Rescue Disk 1" width="450" height="337" /></li>
<li>In the start up wizard window that will open, <>select your language</> using the cursor moving keys. <>Press the ENTER</> key on the keyboard.
<img title="Select your language" src="http://malwaretips.com/images/removalguide/kasp4.png" alt="Kaspersky Rescue Disk 2" width="450" height="337" /></li>
<li>On the next screen, select <>Kaspersky Rescue Disk. Graphic Mode</> then press <>ENTER</>.
<img title="Select Graphic Mode for Kaspersky Rescue Disk" src="http://malwaretips.com/images/removalguide/kasp5.png" alt="Kaspersky Rescue Disk 3" width="450" height="337" /></li>
<li>The End User License Agreement of Kaspersky Rescue Disk will be displayed on the screen. Read carefully the agreement then <>press the C </> button on your keyboard.
<img title="Accept the End User License Agreement " src="http://malwaretips.com/images/removalguide/kasp6.png" alt="Kaspersky Rescue Disk 4" width="487" height="273" /></li>
<li>Once the actions described above have been performed, the Kasprsky operating system will start.</li>
</ol>

<h2>STEP 4:Scan your system with Kaspersky Rescue Disk</h2>
<ol>
<li>Click on the Start buttonlocated in the left bottom corner of the screen and <>select the Kaspersky Rescue Disk</> then click on <>My Update Center</> and press <>Start update</>.
<img title="Update Kaspersky Rescue Disk AV Definitions" src="http://malwaretips.com/images/removalguide/kasp8.png" alt="Kaspersky Bootable Cd scan 1" width="385" height="404" /></li>
<li>When the update process has completed, the light at the top of the window will turn green, and the databases release date will be updated.
<img title="Kaspersky Updated Definitions" src="http://malwaretips.com/images/removalguide/kasp9.png" alt="Kaspersky Bootable Cd scan 2" width="385" height="404" /></li>
<li>Click on the <>Objects Scan</> tab, then click <>Start Objects Scan</>to begin the scan.
<img title="Start a Kaspersky Rescue Disk scan" src="http://malwaretips.com/images/removalguide/kasp10.png" alt="Kaspersky Bootable Cd scan 3" width="385" height="404" /></li>
<li>If any malicious items are found, the default settings are to prompt you for action with a red popup window on the bottom right. <>Delete</> is the recommended action in most cases but we <>ly recommend </>that you try first to disinfect , and if it doesn't work chose to quarantine the infected files just to be on the safe side.
<img title="Kaspersky Rescue Disk detecting malicious objects" src="http://malwaretips.com/images/removalguide/kasp11.png" alt="Kaspersky Bootable Cd scan 5" width="262" height="345" /></li>
<li>When all detected items have been processed and removed, the light in the window will turn green and the scan will show as completed.
<img title="Kaspersky Rescue Disk After malware removal" src="http://malwaretips.com/images/removalguide/kasp12.png" alt="Kaspersky Bootable Cd scan 7" width="385" height="404" /></li>
<li>When done you can close the Kaspersky Rescue Disk window and use the Start Menu to <>Restart the computer</>.</li>
</ol>

<hr/>
 
Last edited by a moderator:

Similar threads

Brownie2019
On Sale! Office Pro 2019 for Windows: Lifetime License + Windows 11/ $49.97
Replies
0
Views
176
Discounts and Deals
Brownie2019
Brownie2019
O
  • Locked
Need help getting the FRST fixlist.txt file
Replies
1
Views
772
Windows Malware Removal Help & Support
nasdaq
nasdaq
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review eGambit TEHTRIS Optimus
Replies
2
Views
563
Video Reviews - Security and Privacy
Origami_Alpha
Origami_Alpha

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top