Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect virus and blue screen


  • Please log in to reply

#1
rajagopal

rajagopal

    Member

  • Member
  • PipPip
  • 97 posts
Hello Geekstogo members

I was having google redirect virus in my lenovo u460 laptop for a few days and did not make any attempts to fix it.. Two days back while I was browsing in mozilla my Windows 7 64 bit OS crashed and I am landing into the blue screen (PAGE_FAULT_IN_NON_PAGED_AREA) every time I login... One key rescue from lenovo is not loading and at the first place I don't want to wipe off the hard drive and have a new windows and installation(and I don't have a windows DVD either). On top of this , my laptop does not have an optical drive. Tried system store and bootrec.exe from the command line in startup repair options and nothing worked...I am not able to boot in safe mode, safe mode with command prompt, safe mode with networking, last known good configuration, start normally, debugging mode..


I followed all the steps in this post - http://www.geekstogo...op/page__st__30 .. But basically it looks like my fixlist.txt is wrong and so I am ending up in the blue screen page on boot again..I have posted the logs, fixlist.txt(that I tried) and the fixlog.txt here..I would be really grateful to someone who can help me out here.. Your help is much appreciated.. Thanks in advance..


SCANLOG:



Scan result of Farbar Recovery Scan Tool Version: 05-08-2012 03
Ran by SYSTEM at 06-08-2012 22:53:47
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [908320 2010-04-05] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] C:\Windows\System32\TpShocks.exe [231264 2009-09-02] (Lenovo.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2104104 2010-03-18] (Synaptics Incorporated)
HKLM\...\Run: [PSQLLauncher] "C:\Program Files\Lenovo\LenovoSecuritySolution FP\launcher.exe" /startup [84744 2010-03-29] (UPEK Inc.)
HKLM\...\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4448704 2010-03-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056832 2010-03-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [166424 2010-03-26] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [391192 2010-03-26] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [410648 2010-03-26] (Intel Corporation)
HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [] [x]
HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [HPRAService] C:\Program Files\RA2HP\HPRAService.exe [126464 2010-04-01] (Hewlett-Packard Company)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s [167008 2009-11-11] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122440 2010-09-08] (Lenovo)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [ExpressFiles] "C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe" -tray [453240 2012-03-18] (http://www.express-files.com/)
HKU\Rajagopal Kumar\...\Run: [Google Update] "C:\Users\Rajagopal Kumar\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-25] (Google Inc.)
HKU\Rajagopal Kumar\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [943504 2012-02-03] (Samsung)
HKU\Rajagopal Kumar\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-02-29] ()
HKU\Rajagopal Kumar\...\Run: [cdloader] "C:\Users\Rajagopal Kumar\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [50592 2012-02-01] (magicJack L.P.)
HKLM\...\RunOnce: [*Restore] C:\windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll (UPEK Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Lsa: [Notification Packages] scecli
C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

==================== Services (Whitelisted) ======

2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [873248 2010-02-17] (Broadcom Corporation.)
2 IGRS; "C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe" [38152 2009-07-14] (Lenovo Group Limited)
3 Lenovo ReadyComm AppSvc; "C:\Program Files\Lenovo\ReadyComm\AppSvc.exe" [414984 2009-07-28] (Lenovo Group Limited)
3 Lenovo ReadyComm ConnSvc; "C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe" [472328 2009-07-28] (Lenovo Group Limited)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 N360; "C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 NitroReaderDriverReadSpool2; "C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe" [204304 2012-04-11] (Nitro PDF Software)
3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
2 TPHDEXLGSVC; C:\Windows\System32\TPHDEXLG64.exe [47632 2009-10-21] (Lenovo.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-12-09] (Intel Corporation)
2 UpekSrvc; "C:\Program Files\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe" [72456 2010-03-29] (UPEK Inc.)

========================== Drivers (Whitelisted) =============

1 A2DDA; \??\C:\Users\Rajagopal Kumar\Desktop\EmsisoftEmergencyKit\Run\a2ddax64.sys [23208 2012-07-08] (Emsi Software GmbH)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [1156216 2011-11-23] (Symantec Corporation)
3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
3 dgderdrv; C:\Windows\SysWow64\Drivers\dgderdrv.sys [20032 2011-08-22] (Devguru Co., Ltd)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-12-10] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2011-12-10] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111223.001\IDSvia64.sys [488568 2011-12-09] (Symantec Corporation)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [102600 2009-06-18] (McAfee, Inc.)
1 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [307400 2009-06-18] (McAfee, Inc.)
3 mferkdk; C:\Windows\System32\Drivers\mferkdk.sys [40904 2009-06-18] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\Drivers\mfesmfk.sys [49480 2009-06-18] (McAfee, Inc.)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111224.017\ENG64.SYS [117880 2011-12-10] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111224.017\EX64.SYS [2048632 2011-12-10] (Symantec Corporation)
0 Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [135184 2009-10-21] (Lenovo.)
3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-12-10] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2010-11-15] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
3 tapoas; C:\Windows\System32\Drivers\tapoas.sys [30720 2011-08-19] (The OpenVPN Project)
0 TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [23568 2009-10-21] (Lenovo.)
3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [215040 2010-02-24] (Vimicro Corporation)
3 wdmirror; C:\Windows\System32\Drivers\wdmirror.sys [11280 2009-07-16] (Lenovo)
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-06 22:53 - 2012-08-06 22:53 - 00000000 ____D C:\FRST
2012-08-05 15:14 - 2012-08-05 15:14 - 00000000 ____D C:\New folder
2012-07-30 23:21 - 2012-07-30 23:32 - 00009462 ____A C:\Users\Rajagopal Kumar\Documents\suba_to_be_Deleted.txt
2012-07-30 21:17 - 2012-07-30 21:17 - 00016896 ____A C:\Users\Rajagopal Kumar\Documents\Suba_Matrimony_tracker.xls
2012-07-28 22:12 - 2012-07-29 00:18 - 104052997 ____A C:\Users\Rajagopal Kumar\Downloads\backup.constant.part5.rar
2012-07-28 21:13 - 2012-07-28 22:11 - 104857601 ____A C:\Users\Rajagopal Kumar\Downloads\backup.constant.part4.rar
2012-07-28 20:14 - 2012-07-28 21:13 - 104857601 ____A C:\Users\Rajagopal Kumar\Downloads\backup.constant.part3.rar
2012-07-28 19:16 - 2012-07-28 20:14 - 104857601 ____A C:\Users\Rajagopal Kumar\Downloads\backup.constant.part2.rar
2012-07-28 18:23 - 2012-07-28 18:23 - 00000000 ____D C:\Users\Rajagopal Kumar\AppData\Roaming\YourFileDownloader
2012-07-28 17:35 - 2012-07-28 19:54 - 641863159 ____A C:\Users\Rajagopal Kumar\Downloads\Constantine (2005) m720p.mkv
2012-07-28 17:24 - 2012-07-28 19:16 - 104857601 ____A C:\Users\Rajagopal Kumar\Downloads\backup.constant.part1.rar
2012-07-24 19:47 - 2012-08-04 21:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-24 19:47 - 2012-08-03 21:06 - 00000000 ____D C:\Users\Rajagopal Kumar\AppData\Roaming\Malwarebytes
2012-07-24 19:47 - 2012-07-24 19:47 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-22 14:48 - 2012-07-22 14:48 - 00000000 ____D C:\Users\Rajagopal Kumar\AppData\Local\Macromedia
2012-07-21 12:23 - 2012-07-21 12:23 - 08399774 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.775.office girl.wmv
2012-07-17 21:46 - 2012-07-17 21:46 - 00039622 ____A C:\Users\Rajagopal Kumar\Downloads\iyngr-page-309.htm
2012-07-16 22:17 - 2012-07-16 22:18 - 00000357 ____A C:\subaList
2012-07-16 22:17 - 2012-07-16 22:17 - 00000357 ____A C:\subaList~
2012-07-16 22:15 - 2012-07-19 00:44 - 00001168 ____A C:\Users\Rajagopal Kumar\_viminfo
2012-07-16 22:14 - 2012-07-16 22:14 - 00001871 ____A C:\Users\Public\Desktop\gVim Read only 7.3.lnk
2012-07-16 22:14 - 2012-07-16 22:14 - 00001871 ____A C:\Users\Public\Desktop\gVim Easy 7.3.lnk
2012-07-16 22:14 - 2012-07-16 22:14 - 00001865 ____A C:\Users\Public\Desktop\gVim 7.3.lnk
2012-07-16 22:14 - 2012-07-16 22:14 - 00000000 ____D C:\Program Files (x86)\Vim
2012-07-16 22:10 - 2012-07-16 22:10 - 09585439 ____A C:\Users\Rajagopal Kumar\Downloads\gvim73_46.exe
2012-07-15 17:58 - 2012-07-15 17:58 - 08052188 ____A C:\Users\Rajagopal Kumar\Downloads\bengali_hot_girl_nupur_with_love.3gp
2012-07-15 17:58 - 2012-07-15 17:58 - 02434510 ____A C:\Users\Rajagopal Kumar\Downloads\school_students_after_school.3gp
2012-07-13 21:56 - 2012-02-10 15:12 - 00001970 ____A C:\Users\Rajagopal Kumar\Downloads\I'll PAY YOU $20.txt
2012-07-13 21:56 - 2012-02-05 12:17 - 625506548 ____A C:\Users\Rajagopal Kumar\Downloads\Khelein-Hum-Jee-Jaan-Sey-2011-.mkv
2012-07-13 21:56 - 2012-01-27 06:52 - 00000394 ____A C:\Users\Rajagopal Kumar\Downloads\buy 1 premy & get MANY.txt
2012-07-13 21:42 - 2012-07-13 21:52 - 735358976 ____A C:\Users\Rajagopal Kumar\Downloads\ubuntu-12.04-desktop-i386.iso
2012-07-13 21:33 - 2012-07-13 21:37 - 00000000 ____D C:\Users\Rajagopal Kumar\VirtualBox VMs
2012-07-13 21:32 - 2012-07-25 00:22 - 00000000 ____D C:\Users\Rajagopal Kumar\.VirtualBox
2012-07-13 21:31 - 2012-07-13 21:31 - 00001083 ____A C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2012-07-13 21:31 - 2012-07-13 21:31 - 00000000 ____D C:\Program Files\Oracle
2012-07-13 21:31 - 2012-06-05 15:03 - 00224088 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2012-07-13 21:31 - 2012-06-05 15:03 - 00130904 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2012-07-13 21:22 - 2012-07-13 21:23 - 95228248 ____A (Oracle Corporation) C:\Users\Rajagopal Kumar\Downloads\VirtualBox-4.1.18-78361-Win.exe
2012-07-13 21:14 - 2012-07-13 21:28 - 732213248 ____A C:\Users\Rajagopal Kumar\Downloads\ubuntu-12.04-desktop-amd64.iso
2012-07-13 20:23 - 2012-07-13 21:56 - 625509130 ____A C:\Users\Rajagopal Kumar\Downloads\01747_downloadyo.com.rar
2012-07-13 19:55 - 2012-07-13 19:55 - 17545488 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.757.hot girl.3gp
2012-07-13 19:55 - 2012-07-13 19:55 - 04111111 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.755.seema khurana.3gp
2012-07-11 00:54 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 00:50 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 00:50 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 00:50 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 00:50 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 00:50 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 00:50 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 00:50 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 00:50 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 00:50 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 00:50 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 00:50 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 00:50 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 00:50 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 00:50 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 00:50 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 00:50 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 00:50 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 00:50 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 00:50 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 00:50 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 00:50 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 00:50 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 00:50 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 00:50 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 00:50 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 00:50 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 00:50 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 00:50 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 22:04 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 22:04 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 22:04 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 22:04 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 22:04 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 22:04 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 22:04 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 22:04 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 22:04 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 22:04 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 22:04 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 22:04 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 22:04 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 22:04 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 22:04 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-08 13:34 - 2012-07-08 13:34 - 00000000 ____D C:\Users\Rajagopal Kumar\Desktop\EmsisoftEmergencyKit
2012-07-08 13:26 - 2012-07-08 13:33 - 141514996 ____A C:\Users\Rajagopal Kumar\Desktop\EmsisoftEmergencyKit.zip
2012-07-08 12:51 - 2012-07-08 13:03 - 04503728 ___AT C:\Users\All Users\go_0molg.pad
2012-07-07 13:15 - 2012-07-07 15:36 - 526095158 ____A C:\Users\Rajagopal Kumar\Downloads\Vaagai_Sooda_Vaa_-_Suara.mkv

============ 3 Months Modified Files ========================

2012-08-02 14:50 - 2011-11-21 08:28 - 07199154 ____A C:\FaceProv.log
2012-07-30 23:32 - 2012-07-30 23:21 - 00009462 ____A C:\Users\Rajagopal Kumar\Documents\suba_to_be_Deleted.txt
2012-07-30 21:17 - 2012-07-30 21:17 - 00016896 ____A C:\Users\Rajagopal Kumar\Documents\Suba_Matrimony_tracker.xls
2012-07-29 00:18 - 2012-07-28 22:12 - 104052997 ____A C:\Users\Rajagopal Kumar\Downloads\backup.constant.part5.rar
2012-07-28 22:11 - 2012-07-28 21:13 - 104857601 ____A C:\Users\Rajagopal Kumar\Downloads\backup.constant.part4.rar
2012-07-28 21:13 - 2012-07-28 20:14 - 104857601 ____A C:\Users\Rajagopal Kumar\Downloads\backup.constant.part3.rar
2012-07-28 20:14 - 2012-07-28 19:16 - 104857601 ____A C:\Users\Rajagopal Kumar\Downloads\backup.constant.part2.rar
2012-07-28 19:54 - 2012-07-28 17:35 - 641863159 ____A C:\Users\Rajagopal Kumar\Downloads\Constantine (2005) m720p.mkv
2012-07-28 19:16 - 2012-07-28 17:24 - 104857601 ____A C:\Users\Rajagopal Kumar\Downloads\backup.constant.part1.rar
2012-07-22 00:59 - 2011-11-21 08:25 - 01435155 ____A C:\Windows\WindowsUpdate.log
2012-07-22 00:54 - 2011-11-25 17:07 - 00000948 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180650751-2005149398-3877183700-1000UA.job
2012-07-22 00:52 - 2010-09-08 07:55 - 00179712 ____A C:\Windows\System32\TPHDLOG0.LOG
2012-07-22 00:24 - 2010-09-08 07:55 - 00472832 ____A C:\Windows\System32\TPAPSLOG.LOG
2012-07-21 22:02 - 2011-11-25 17:07 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180650751-2005149398-3877183700-1000Core.job
2012-07-21 12:23 - 2012-07-21 12:23 - 08399774 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.775.office girl.wmv
2012-07-21 11:59 - 2009-07-13 20:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-21 11:59 - 2009-07-13 20:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-21 11:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-21 11:51 - 2009-07-13 20:51 - 00083120 ____A C:\Windows\setupact.log
2012-07-19 00:44 - 2012-07-16 22:15 - 00001168 ____A C:\Users\Rajagopal Kumar\_viminfo
2012-07-18 20:24 - 2009-07-13 21:13 - 00729752 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-18 00:28 - 2011-12-10 15:54 - 00002505 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk
2012-07-17 21:46 - 2012-07-17 21:46 - 00039622 ____A C:\Users\Rajagopal Kumar\Downloads\iyngr-page-309.htm
2012-07-16 22:18 - 2012-07-16 22:17 - 00000357 ____A C:\subaList
2012-07-16 22:17 - 2012-07-16 22:17 - 00000357 ____A C:\subaList~
2012-07-16 22:14 - 2012-07-16 22:14 - 00001871 ____A C:\Users\Public\Desktop\gVim Read only 7.3.lnk
2012-07-16 22:14 - 2012-07-16 22:14 - 00001871 ____A C:\Users\Public\Desktop\gVim Easy 7.3.lnk
2012-07-16 22:14 - 2012-07-16 22:14 - 00001865 ____A C:\Users\Public\Desktop\gVim 7.3.lnk
2012-07-16 22:10 - 2012-07-16 22:10 - 09585439 ____A C:\Users\Rajagopal Kumar\Downloads\gvim73_46.exe
2012-07-15 17:58 - 2012-07-15 17:58 - 08052188 ____A C:\Users\Rajagopal Kumar\Downloads\bengali_hot_girl_nupur_with_love.3gp
2012-07-15 17:58 - 2012-07-15 17:58 - 02434510 ____A C:\Users\Rajagopal Kumar\Downloads\school_students_after_school.3gp
2012-07-15 13:43 - 2012-05-30 06:24 - 00002064 ___AH C:\Users\Rajagopal Kumar\Documents\Default.rdp
2012-07-15 11:43 - 2011-12-06 00:24 - 00000600 ____A C:\Users\Rajagopal Kumar\AppData\Local\PUTTY.RND
2012-07-13 21:56 - 2012-07-13 20:23 - 625509130 ____A C:\Users\Rajagopal Kumar\Downloads\01747_downloadyo.com.rar
2012-07-13 21:52 - 2012-07-13 21:42 - 735358976 ____A C:\Users\Rajagopal Kumar\Downloads\ubuntu-12.04-desktop-i386.iso
2012-07-13 21:31 - 2012-07-13 21:31 - 00001083 ____A C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2012-07-13 21:28 - 2012-07-13 21:14 - 732213248 ____A C:\Users\Rajagopal Kumar\Downloads\ubuntu-12.04-desktop-amd64.iso
2012-07-13 21:23 - 2012-07-13 21:22 - 95228248 ____A (Oracle Corporation) C:\Users\Rajagopal Kumar\Downloads\VirtualBox-4.1.18-78361-Win.exe
2012-07-13 19:55 - 2012-07-13 19:55 - 17545488 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.757.hot girl.3gp
2012-07-13 19:55 - 2012-07-13 19:55 - 04111111 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.755.seema khurana.3gp
2012-07-13 19:50 - 2011-11-25 17:08 - 00002420 ____A C:\Users\Rajagopal Kumar\Desktop\Google Chrome.lnk
2012-07-13 19:36 - 2009-07-13 21:08 - 00032626 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-11 22:40 - 2009-07-13 20:45 - 00428600 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 00:54 - 2009-07-13 18:34 - 00000510 ____A C:\Windows\win.ini
2012-07-08 13:33 - 2012-07-08 13:26 - 141514996 ____A C:\Users\Rajagopal Kumar\Desktop\EmsisoftEmergencyKit.zip
2012-07-08 13:03 - 2012-07-08 12:51 - 04503728 ___AT C:\Users\All Users\go_0molg.pad
2012-07-07 15:36 - 2012-07-07 13:15 - 526095158 ____A C:\Users\Rajagopal Kumar\Downloads\Vaagai_Sooda_Vaa_-_Suara.mkv
2012-07-06 20:33 - 2012-07-06 20:33 - 00062735 ____A C:\Users\Rajagopal Kumar\Downloads\the.aviator.(2004).eng.1cd.(4214913).zip
2012-07-05 01:44 - 2012-07-05 01:44 - 00697616 ____A C:\Windows\Minidump\070512-30186-01.dmp
2012-07-05 01:44 - 2011-11-28 22:54 - 485129917 ____A C:\Windows\MEMORY.DMP
2012-07-02 01:00 - 2012-07-02 00:59 - 06653231 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.722.girl_on_rock.3gp
2012-07-02 00:58 - 2012-07-02 00:58 - 03079437 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.730.desi_threesome.3gp
2012-07-01 19:19 - 2012-07-01 15:28 - 838172908 ____A C:\Users\Rajagopal Kumar\Downloads\440r00d.rar
2012-07-01 16:33 - 2012-07-01 15:20 - 576624785 ____A C:\Users\Rajagopal Kumar\Downloads\avengers-ichthyander.mkv
2012-07-01 15:30 - 2012-07-01 15:21 - 889646563 ____A C:\Users\Rajagopal Kumar\Downloads\backup.SHAGOS72.0ne.rar
2012-06-30 21:00 - 2012-07-01 19:20 - 00000170 ____A C:\Users\Rajagopal Kumar\Downloads\2raod_info.txt
2012-06-28 00:21 - 2012-06-28 00:18 - 19067658 ____A C:\Users\Rajagopal Kumar\Downloads\College_Lo.avi
2012-06-28 00:18 - 2012-06-28 00:18 - 01318555 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.603.manipur_girl.3gp
2012-06-28 00:18 - 2012-06-28 00:12 - 33581690 ____A C:\Users\Rajagopal Kumar\Downloads\18 Year Teen _ed on Beach.avi
2012-06-28 00:03 - 2012-06-28 00:03 - 01682161 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.717.college_girl.3gp
2012-06-28 00:01 - 2012-06-28 00:01 - 01996626 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.719.mast_girl.3gp
2012-06-26 22:46 - 2012-06-26 22:41 - 29237901 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.720.dimapur_girl.3gp
2012-06-25 23:26 - 2012-06-25 23:25 - 07815767 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.714.2_girl.3gp
2012-06-25 21:54 - 2012-06-25 21:54 - 00262144 ____A C:\Windows\Minidump\062512-23992-01.dmp
2012-06-23 22:57 - 2012-06-23 22:57 - 00697616 ____A C:\Windows\Minidump\062312-27253-01.dmp
2012-06-23 05:04 - 2012-06-22 23:46 - 940314607 ____A C:\Users\Rajagopal Kumar\Downloads\Age004.rar
2012-06-19 21:56 - 2012-03-13 20:48 - 00002447 ____A C:\Users\Public\Desktop\VMware vSphere Client.lnk
2012-06-19 21:45 - 2012-06-19 21:37 - 367065912 ____A (Igor Pavlov) C:\Users\Rajagopal Kumar\Downloads\VMware-viclient.exe
2012-06-17 00:45 - 2012-06-17 00:45 - 00018495 ____A C:\Users\Rajagopal Kumar\Downloads\[ Music- Video ] Kalakalappu @ Masala Cafe - Lotus - Xvid - [email protected]
2012-06-15 00:04 - 2012-06-15 00:04 - 00001724 ____A C:\users\Rajagopal
2012-06-14 21:27 - 2012-07-01 19:20 - 00000224 ____A C:\Users\Rajagopal Kumar\Downloads\Redroseee Small Size Movies1.url
2012-06-14 21:19 - 2012-07-01 19:20 - 00000239 ____A C:\Users\Rajagopal Kumar\Downloads\Redrosee Small Size Movies2.url
2012-06-14 14:43 - 2012-06-14 14:40 - 00000413 ____A C:\Users\Rajagopal Kumar\Downloads\myentunnel.ini
2012-06-14 14:43 - 2012-06-14 14:40 - 00000002 ____A C:\Users\Rajagopal Kumar\Downloads\remoteports.txt
2012-06-14 14:43 - 2012-06-14 14:40 - 00000002 ____A C:\Users\Rajagopal Kumar\Downloads\localports.txt
2012-06-14 14:39 - 2012-06-14 14:39 - 00249856 ____A (Nemesis][) C:\Users\Rajagopal Kumar\Downloads\myentunnel.exe
2012-06-14 14:38 - 2012-06-14 14:38 - 00246433 ____A C:\Users\Rajagopal Kumar\Downloads\myentunnel-unicode.zip
2012-06-14 13:10 - 2012-06-14 13:09 - 00001486 ____A C:\Users\Rajagopal Kumar\Documents\id_rsa
2012-06-14 13:08 - 2012-06-14 13:08 - 00180224 ____A (Simon Tatham) C:\Users\Rajagopal Kumar\Downloads\puttygen.exe
2012-06-11 19:02 - 2012-07-11 00:54 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 23:21 - 2012-06-09 23:18 - 126609688 ____A (Lenovo Group ) C:\Users\Rajagopal Kumar\Downloads\IN3VDO43WW6.exe
2012-06-08 21:30 - 2012-07-10 22:04 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-10 22:04 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 21:50 - 2012-07-10 22:04 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-10 22:04 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-10 22:04 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-10 22:04 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 15:03 - 2012-07-13 21:31 - 00224088 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2012-06-05 15:03 - 2012-07-13 21:31 - 00130904 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2012-06-05 15:03 - 2012-06-05 15:03 - 00166232 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetFlt.sys
2012-06-05 15:03 - 2012-06-05 15:03 - 00147288 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
2012-06-05 15:02 - 2012-06-05 15:02 - 00320856 ____A (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll
2012-06-03 11:41 - 2012-06-03 11:41 - 00697728 ____A C:\Windows\Minidump\060312-30451-01.dmp
2012-06-02 14:19 - 2012-06-18 22:02 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 22:02 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 22:02 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-18 22:02 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 22:02 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 22:02 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-18 22:02 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 22:02 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-18 22:02 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 13:58 - 2012-06-24 15:12 - 682671301 ____A C:\Users\Rajagopal Kumar\Downloads\The.Aviator.2004.720p.mkv
2012-06-02 04:49 - 2012-07-11 00:50 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 00:50 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 00:50 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 00:50 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 00:50 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 00:50 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 00:50 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 00:50 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 00:50 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 00:50 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 00:50 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 00:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 00:50 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 00:50 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 00:50 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 00:50 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 00:50 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 00:50 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 00:50 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 00:50 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 00:50 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 00:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 00:50 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 00:50 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 00:50 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 00:50 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 00:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 00:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 00:04 - 2012-06-01 22:56 - 836422613 ____A C:\Users\Rajagopal Kumar\Downloads\jodibreakers.mkv
2012-06-01 21:38 - 2012-07-10 22:04 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-10 22:04 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-10 22:04 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-10 22:04 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-10 22:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-10 22:04 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-10 22:04 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-10 22:04 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-10 22:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-30 19:42 - 2012-05-30 19:40 - 07562869 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.615.desi girl in hotel.3gp
2012-05-30 16:09 - 2012-05-30 16:09 - 00000242 ____A C:\Users\Rajagopal Kumar\Downloads\local.properties
2012-05-30 12:38 - 2010-09-08 07:54 - 01252452 ____A C:\Windows\PFRO.log
2012-05-30 12:14 - 2012-05-30 12:14 - 00732160 ____A C:\Users\Rajagopal Kumar\Downloads\hpvrplugin.msi
2012-05-30 10:17 - 2012-05-30 10:17 - 00002042 ____A C:\Users\Public\Desktop\Nitro Reader.lnk
2012-05-30 10:16 - 2012-05-30 10:16 - 00001162 ____A C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
2012-05-30 10:16 - 2012-05-30 10:15 - 07549704 ____A C:\Users\Rajagopal Kumar\Downloads\InternationalPrimoPDF.exe
2012-05-30 10:16 - 2011-02-09 20:03 - 00000326 ____A C:\Windows\primopdf.ini
2012-05-30 09:31 - 2012-05-30 09:29 - 00001035 ____A C:\Users\Rajagopal Kumar\Desktop\magicJack.lnk
2012-05-30 06:40 - 2012-05-30 06:40 - 00015124 ____A C:\Users\Rajagopal Kumar\Desktop\viewBoardingPass.htm
2012-05-30 06:39 - 2012-05-30 06:39 - 00015084 ____A C:\Users\Rajagopal Kumar\Desktop\viewBoardingPass.action.htm
2012-05-27 20:02 - 2012-07-01 19:20 - 00032688 ____A C:\Users\Rajagopal Kumar\Downloads\2raod.srt
2012-05-27 08:26 - 2012-07-01 19:19 - 838003988 ____A C:\Users\Rajagopal Kumar\Downloads\2raod.mkv
2012-05-13 19:03 - 2012-05-13 00:14 - 734167772 ____A C:\Users\Rajagopal Kumar\Downloads\Lot1k2eq.crazy.avi
2012-05-12 22:17 - 2012-05-12 22:17 - 00697616 ____A C:\Windows\Minidump\051212-24710-01.dmp
2012-05-10 00:31 - 2012-05-10 00:31 - 06719302 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.569.susma.3gp
2012-05-10 00:24 - 2012-05-10 00:24 - 03528123 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.586.punjabi_couple.3gp
2012-05-10 00:15 - 2012-05-10 00:14 - 03653269 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.582.college_girl.3gp
2012-05-10 00:15 - 2012-05-10 00:10 - 32765832 ____A C:\Users\Rajagopal Kumar\Downloads\mdp.2119.nri [bleep].3gp

ZeroAccess:
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\@
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\L
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\n
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\U
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\L\00000004.@
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\U\00000004.@
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\U\00000008.@
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\U\000000cb.@
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\U\80000000.@
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\U\80000032.@
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\U\80000064.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3893.86 MB
Available physical RAM: 3263.24 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3256.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Windows) (Fixed) (Total:420.66 GB) (Free:321.16 GB) NTFS
2 Drive e: () (Fixed) (Total:30 GB) (Free:29.91 GB) NTFS
3 Drive f: () (Removable) (Total:7.46 GB) (Free:7.24 GB) NTFS
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 15 GB
Disk 1 Online 7643 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 420 GB 101 MB
Partition 3 Primary 30 GB 420 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y System NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Windows NTFS Partition 420 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E NTFS Partition 30 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7643 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F NTFS Removable 7643 MB Healthy

==================================================================================
==========================================================
TDL4: custom:26000022 <===== ATTENTION!


==========================================================

Last Boot: 2012-07-28 15:25

======================= End Of Log ==========================






FIXLIST.TXT(THAT I TRIED) :


TDL4: custom:26000022
Last Boot: 2012-07-28 15:25



FIXLOG.TXT:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012 03
Ran by SYSTEM at 2012-08-06 23:02:10 Run:1
Running from F:\

==============================================


The operation completed successfully.
The operation completed successfully.
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

Attached Files


  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, rajagopal! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.


Sorry for the wait were are very busy here.

Please rerun FRST64 and post an updated FRST.txt
  • 0

#3
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hi Compcav,

Thanks very much for your response and don't feel sorry about the delay..I understand you guys are busy..I carried my personal laptop to my office today(and for the past couple of days) and I will be trying out our fixes while I am at office, so bare with me if there is a delay... Here is the FRST.txt logs after running FRST64 a few minutes back..

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++FRTST SCAN LOG++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Scan result of Farbar Recovery Scan Tool Version: 05-08-2012 03
Ran by SYSTEM at 10-08-2012 11:25:52
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [908320 2010-04-05] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] C:\Windows\System32\TpShocks.exe [231264 2009-09-02] (Lenovo.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2104104 2010-03-18] (Synaptics Incorporated)
HKLM\...\Run: [PSQLLauncher] "C:\Program Files\Lenovo\LenovoSecuritySolution FP\launcher.exe" /startup [84744 2010-03-29] (UPEK Inc.)
HKLM\...\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4448704 2010-03-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056832 2010-03-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [166424 2010-03-26] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [391192 2010-03-26] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [410648 2010-03-26] (Intel Corporation)
HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [] [x]
HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [HPRAService] C:\Program Files\RA2HP\HPRAService.exe [126464 2010-04-01] (Hewlett-Packard Company)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s [167008 2009-11-11] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122440 2010-09-08] (Lenovo)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [ExpressFiles] "C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe" -tray [453240 2012-03-18] (http://www.express-files.com/)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [x]
HKU\Rajagopal Kumar\...\Run: [Google Update] "C:\Users\Rajagopal Kumar\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-25] (Google Inc.)
HKU\Rajagopal Kumar\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [943504 2012-02-03] (Samsung)
HKU\Rajagopal Kumar\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-02-29] ()
HKU\Rajagopal Kumar\...\Run: [cdloader] "C:\Users\Rajagopal Kumar\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [50592 2012-02-01] (magicJack L.P.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll (UPEK Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Lsa: [Notification Packages] scecli
C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

==================== Services (Whitelisted) ======

2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [873248 2010-02-17] (Broadcom Corporation.)
2 IGRS; "C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe" [38152 2009-07-14] (Lenovo Group Limited)
3 Lenovo ReadyComm AppSvc; "C:\Program Files\Lenovo\ReadyComm\AppSvc.exe" [414984 2009-07-28] (Lenovo Group Limited)
3 Lenovo ReadyComm ConnSvc; "C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe" [472328 2009-07-28] (Lenovo Group Limited)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 N360; "C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 NitroReaderDriverReadSpool2; "C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe" [204304 2012-04-11] (Nitro PDF Software)
3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
2 TPHDEXLGSVC; C:\Windows\System32\TPHDEXLG64.exe [47632 2009-10-21] (Lenovo.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-12-09] (Intel Corporation)
2 UpekSrvc; "C:\Program Files\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe" [72456 2010-03-29] (UPEK Inc.)
3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [x]

========================== Drivers (Whitelisted) =============

1 A2DDA; \??\C:\Users\Rajagopal Kumar\Desktop\EmsisoftEmergencyKit\Run\a2ddax64.sys [23208 2012-07-08] (Emsi Software GmbH)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [1156216 2011-11-23] (Symantec Corporation)
3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
3 dgderdrv; C:\Windows\SysWow64\Drivers\dgderdrv.sys [20032 2011-08-22] (Devguru Co., Ltd)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-12-10] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2011-12-10] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111223.001\IDSvia64.sys [488568 2011-12-09] (Symantec Corporation)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [102600 2009-06-18] (McAfee, Inc.)
1 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [307400 2009-06-18] (McAfee, Inc.)
3 mferkdk; C:\Windows\System32\Drivers\mferkdk.sys [40904 2009-06-18] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\Drivers\mfesmfk.sys [49480 2009-06-18] (McAfee, Inc.)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111224.017\ENG64.SYS [117880 2011-12-10] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111224.017\EX64.SYS [2048632 2011-12-10] (Symantec Corporation)
0 Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [135184 2009-10-21] (Lenovo.)
3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-12-10] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2010-11-15] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
3 tapoas; C:\Windows\System32\Drivers\tapoas.sys [30720 2011-08-19] (The OpenVPN Project)
0 TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [23568 2009-10-21] (Lenovo.)
3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [215040 2010-02-24] (Vimicro Corporation)
3 wdmirror; C:\Windows\System32\Drivers\wdmirror.sys [11280 2009-07-16] (Lenovo)
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-06 23:02 - 2012-08-06 23:02 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2012-08-06 22:53 - 2012-08-06 22:53 - 00000000 ____D C:\FRST
2012-08-05 15:14 - 2012-08-05 15:14 - 00000000 ____D C:\New folder
2012-07-30 23:21 - 2012-07-30 23:32 - 00009462 ____A C:\Users\Rajagopal Kumar\Documents\suba_to_be_Deleted.txt
2012-07-30 21:17 - 2012-07-30 21:17 - 00016896 ____A C:\Users\Rajagopal Kumar\Documents\Suba_Matrimony_tracker.xls
2012-07-28 22:12 - 2012-07-29 00:18 - 104052997 ____A C:\Users\Rajagopal Kumar\Downloads\backup.constant.part5.rar
2012-07-28 21:13 - 2012-07-28 22:11 - 104857601 ____A C:\Users\Rajagopal Kumar\Downloads\backup.constant.part4.rar
2012-07-28 20:14 - 2012-07-28 21:13 - 104857601 ____A C:\Users\Rajagopal Kumar\Downloads\backup.constant.part3.rar
2012-07-28 19:16 - 2012-07-28 20:14 - 104857601 ____A C:\Users\Rajagopal Kumar\Downloads\backup.constant.part2.rar
2012-07-28 18:23 - 2012-07-28 18:23 - 00000000 ____D C:\Users\Rajagopal Kumar\AppData\Roaming\YourFileDownloader
2012-07-28 17:35 - 2012-07-28 19:54 - 641863159 ____A C:\Users\Rajagopal Kumar\Downloads\Constantine (2005) m720p.mkv
2012-07-28 17:24 - 2012-07-28 19:16 - 104857601 ____A C:\Users\Rajagopal Kumar\Downloads\backup.constant.part1.rar
2012-07-24 19:47 - 2012-08-04 21:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-24 19:47 - 2012-08-03 21:06 - 00000000 ____D C:\Users\Rajagopal Kumar\AppData\Roaming\Malwarebytes
2012-07-24 19:47 - 2012-07-24 19:47 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-22 14:48 - 2012-07-22 14:48 - 00000000 ____D C:\Users\Rajagopal Kumar\AppData\Local\Macromedia
2012-07-21 12:23 - 2012-07-21 12:23 - 08399774 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.775.office girl.wmv
2012-07-17 21:46 - 2012-07-17 21:46 - 00039622 ____A C:\Users\Rajagopal Kumar\Downloads\iyngr-page-309.htm
2012-07-16 22:17 - 2012-07-16 22:18 - 00000357 ____A C:\subaList
2012-07-16 22:17 - 2012-07-16 22:17 - 00000357 ____A C:\subaList~
2012-07-16 22:15 - 2012-07-19 00:44 - 00001168 ____A C:\Users\Rajagopal Kumar\_viminfo
2012-07-16 22:14 - 2012-07-16 22:14 - 00001871 ____A C:\Users\Public\Desktop\gVim Read only 7.3.lnk
2012-07-16 22:14 - 2012-07-16 22:14 - 00001871 ____A C:\Users\Public\Desktop\gVim Easy 7.3.lnk
2012-07-16 22:14 - 2012-07-16 22:14 - 00001865 ____A C:\Users\Public\Desktop\gVim 7.3.lnk
2012-07-16 22:14 - 2012-07-16 22:14 - 00000000 ____D C:\Program Files (x86)\Vim
2012-07-16 22:10 - 2012-07-16 22:10 - 09585439 ____A C:\Users\Rajagopal Kumar\Downloads\gvim73_46.exe
2012-07-15 17:58 - 2012-07-15 17:58 - 08052188 ____A C:\Users\Rajagopal Kumar\Downloads\bengali_hot_girl_nupur_with_love.3gp
2012-07-15 17:58 - 2012-07-15 17:58 - 02434510 ____A C:\Users\Rajagopal Kumar\Downloads\school_students_after_school.3gp
2012-07-13 21:56 - 2012-02-10 15:12 - 00001970 ____A C:\Users\Rajagopal Kumar\Downloads\I'll PAY YOU $20.txt
2012-07-13 21:56 - 2012-02-05 12:17 - 625506548 ____A C:\Users\Rajagopal Kumar\Downloads\Khelein-Hum-Jee-Jaan-Sey-2011-.mkv
2012-07-13 21:56 - 2012-01-27 06:52 - 00000394 ____A C:\Users\Rajagopal Kumar\Downloads\buy 1 premy & get MANY.txt
2012-07-13 21:42 - 2012-07-13 21:52 - 735358976 ____A C:\Users\Rajagopal Kumar\Downloads\ubuntu-12.04-desktop-i386.iso
2012-07-13 21:33 - 2012-07-13 21:37 - 00000000 ____D C:\Users\Rajagopal Kumar\VirtualBox VMs
2012-07-13 21:32 - 2012-07-25 00:22 - 00000000 ____D C:\Users\Rajagopal Kumar\.VirtualBox
2012-07-13 21:31 - 2012-07-13 21:31 - 00001083 ____A C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2012-07-13 21:31 - 2012-07-13 21:31 - 00000000 ____D C:\Program Files\Oracle
2012-07-13 21:31 - 2012-06-05 15:03 - 00224088 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2012-07-13 21:31 - 2012-06-05 15:03 - 00130904 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2012-07-13 21:22 - 2012-07-13 21:23 - 95228248 ____A (Oracle Corporation) C:\Users\Rajagopal Kumar\Downloads\VirtualBox-4.1.18-78361-Win.exe
2012-07-13 21:14 - 2012-07-13 21:28 - 732213248 ____A C:\Users\Rajagopal Kumar\Downloads\ubuntu-12.04-desktop-amd64.iso
2012-07-13 20:23 - 2012-07-13 21:56 - 625509130 ____A C:\Users\Rajagopal Kumar\Downloads\01747_downloadyo.com.rar
2012-07-13 19:55 - 2012-07-13 19:55 - 17545488 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.757.hot girl.3gp
2012-07-13 19:55 - 2012-07-13 19:55 - 04111111 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.755.seema khurana.3gp
2012-07-11 00:54 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 00:50 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 00:50 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 00:50 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 00:50 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 00:50 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 00:50 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 00:50 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 00:50 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 00:50 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 00:50 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 00:50 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 00:50 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 00:50 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 00:50 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 00:50 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 00:50 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 00:50 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 00:50 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 00:50 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 00:50 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 00:50 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 00:50 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 00:50 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 00:50 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 00:50 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 00:50 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 00:50 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 00:50 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

============ 3 Months Modified Files ========================

2012-08-02 14:50 - 2011-11-21 08:28 - 07199154 ____A C:\FaceProv.log
2012-07-30 23:32 - 2012-07-30 23:21 - 00009462 ____A C:\Users\Rajagopal Kumar\Documents\suba_to_be_Deleted.txt
2012-07-30 21:17 - 2012-07-30 21:17 - 00016896 ____A C:\Users\Rajagopal Kumar\Documents\Suba_Matrimony_tracker.xls
2012-07-29 00:18 - 2012-07-28 22:12 - 104052997 ____A C:\Users\Rajagopal Kumar\Downloads\backup.constant.part5.rar
2012-07-28 22:11 - 2012-07-28 21:13 - 104857601 ____A C:\Users\Rajagopal Kumar\Downloads\backup.constant.part4.rar
2012-07-28 21:13 - 2012-07-28 20:14 - 104857601 ____A C:\Users\Rajagopal Kumar\Downloads\backup.constant.part3.rar
2012-07-28 20:14 - 2012-07-28 19:16 - 104857601 ____A C:\Users\Rajagopal Kumar\Downloads\backup.constant.part2.rar
2012-07-28 19:54 - 2012-07-28 17:35 - 641863159 ____A C:\Users\Rajagopal Kumar\Downloads\Constantine (2005) m720p.mkv
2012-07-28 19:16 - 2012-07-28 17:24 - 104857601 ____A C:\Users\Rajagopal Kumar\Downloads\backup.constant.part1.rar
2012-07-22 00:59 - 2011-11-21 08:25 - 01435155 ____A C:\Windows\WindowsUpdate.log
2012-07-22 00:54 - 2011-11-25 17:07 - 00000948 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180650751-2005149398-3877183700-1000UA.job
2012-07-22 00:52 - 2010-09-08 07:55 - 00179712 ____A C:\Windows\System32\TPHDLOG0.LOG
2012-07-22 00:24 - 2010-09-08 07:55 - 00472832 ____A C:\Windows\System32\TPAPSLOG.LOG
2012-07-21 22:02 - 2011-11-25 17:07 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180650751-2005149398-3877183700-1000Core.job
2012-07-21 12:23 - 2012-07-21 12:23 - 08399774 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.775.office girl.wmv
2012-07-21 11:59 - 2009-07-13 20:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-21 11:59 - 2009-07-13 20:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-21 11:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-21 11:51 - 2009-07-13 20:51 - 00083120 ____A C:\Windows\setupact.log
2012-07-19 00:44 - 2012-07-16 22:15 - 00001168 ____A C:\Users\Rajagopal Kumar\_viminfo
2012-07-18 20:24 - 2009-07-13 21:13 - 00729752 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-18 00:28 - 2011-12-10 15:54 - 00002505 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk
2012-07-17 21:46 - 2012-07-17 21:46 - 00039622 ____A C:\Users\Rajagopal Kumar\Downloads\iyngr-page-309.htm
2012-07-16 22:18 - 2012-07-16 22:17 - 00000357 ____A C:\subaList
2012-07-16 22:17 - 2012-07-16 22:17 - 00000357 ____A C:\subaList~
2012-07-16 22:14 - 2012-07-16 22:14 - 00001871 ____A C:\Users\Public\Desktop\gVim Read only 7.3.lnk
2012-07-16 22:14 - 2012-07-16 22:14 - 00001871 ____A C:\Users\Public\Desktop\gVim Easy 7.3.lnk
2012-07-16 22:14 - 2012-07-16 22:14 - 00001865 ____A C:\Users\Public\Desktop\gVim 7.3.lnk
2012-07-16 22:10 - 2012-07-16 22:10 - 09585439 ____A C:\Users\Rajagopal Kumar\Downloads\gvim73_46.exe
2012-07-15 17:58 - 2012-07-15 17:58 - 08052188 ____A C:\Users\Rajagopal Kumar\Downloads\bengali_hot_girl_nupur_with_love.3gp
2012-07-15 17:58 - 2012-07-15 17:58 - 02434510 ____A C:\Users\Rajagopal Kumar\Downloads\school_students_after_school.3gp
2012-07-15 13:43 - 2012-05-30 06:24 - 00002064 ___AH C:\Users\Rajagopal Kumar\Documents\Default.rdp
2012-07-15 11:43 - 2011-12-06 00:24 - 00000600 ____A C:\Users\Rajagopal Kumar\AppData\Local\PUTTY.RND
2012-07-13 21:56 - 2012-07-13 20:23 - 625509130 ____A C:\Users\Rajagopal Kumar\Downloads\01747_downloadyo.com.rar
2012-07-13 21:52 - 2012-07-13 21:42 - 735358976 ____A C:\Users\Rajagopal Kumar\Downloads\ubuntu-12.04-desktop-i386.iso
2012-07-13 21:31 - 2012-07-13 21:31 - 00001083 ____A C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2012-07-13 21:28 - 2012-07-13 21:14 - 732213248 ____A C:\Users\Rajagopal Kumar\Downloads\ubuntu-12.04-desktop-amd64.iso
2012-07-13 21:23 - 2012-07-13 21:22 - 95228248 ____A (Oracle Corporation) C:\Users\Rajagopal Kumar\Downloads\VirtualBox-4.1.18-78361-Win.exe
2012-07-13 19:55 - 2012-07-13 19:55 - 17545488 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.757.hot girl.3gp
2012-07-13 19:55 - 2012-07-13 19:55 - 04111111 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.755.seema khurana.3gp
2012-07-13 19:50 - 2011-11-25 17:08 - 00002420 ____A C:\Users\Rajagopal Kumar\Desktop\Google Chrome.lnk
2012-07-13 19:36 - 2009-07-13 21:08 - 00032626 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-11 22:40 - 2009-07-13 20:45 - 00428600 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 00:54 - 2009-07-13 18:34 - 00000510 ____A C:\Windows\win.ini
2012-07-08 13:33 - 2012-07-08 13:26 - 141514996 ____A C:\Users\Rajagopal Kumar\Desktop\EmsisoftEmergencyKit.zip
2012-07-08 13:03 - 2012-07-08 12:51 - 04503728 ___AT C:\Users\All Users\go_0molg.pad
2012-07-07 15:36 - 2012-07-07 13:15 - 526095158 ____A C:\Users\Rajagopal Kumar\Downloads\Vaagai_Sooda_Vaa_-_Suara.mkv
2012-07-06 20:33 - 2012-07-06 20:33 - 00062735 ____A C:\Users\Rajagopal Kumar\Downloads\the.aviator.(2004).eng.1cd.(4214913).zip
2012-07-05 01:44 - 2012-07-05 01:44 - 00697616 ____A C:\Windows\Minidump\070512-30186-01.dmp
2012-07-05 01:44 - 2011-11-28 22:54 - 485129917 ____A C:\Windows\MEMORY.DMP
2012-07-02 01:00 - 2012-07-02 00:59 - 06653231 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.722.girl_on_rock.3gp
2012-07-02 00:58 - 2012-07-02 00:58 - 03079437 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.730.desi_threesome.3gp
2012-07-01 19:19 - 2012-07-01 15:28 - 838172908 ____A C:\Users\Rajagopal Kumar\Downloads\440r00d.rar
2012-07-01 16:33 - 2012-07-01 15:20 - 576624785 ____A C:\Users\Rajagopal Kumar\Downloads\avengers-ichthyander.mkv
2012-07-01 15:30 - 2012-07-01 15:21 - 889646563 ____A C:\Users\Rajagopal Kumar\Downloads\backup.SHAGOS72.0ne.rar
2012-06-30 21:00 - 2012-07-01 19:20 - 00000170 ____A C:\Users\Rajagopal Kumar\Downloads\2raod_info.txt
2012-06-28 00:21 - 2012-06-28 00:18 - 19067658 ____A C:\Users\Rajagopal Kumar\Downloads\College_Lo.avi
2012-06-28 00:18 - 2012-06-28 00:18 - 01318555 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.603.manipur_girl.3gp
2012-06-28 00:18 - 2012-06-28 00:12 - 33581690 ____A C:\Users\Rajagopal Kumar\Downloads\18 Year Teen _ed on Beach.avi
2012-06-28 00:03 - 2012-06-28 00:03 - 01682161 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.717.college_girl.3gp
2012-06-28 00:01 - 2012-06-28 00:01 - 01996626 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.719.mast_girl.3gp
2012-06-26 22:46 - 2012-06-26 22:41 - 29237901 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.720.dimapur_girl.3gp
2012-06-25 23:26 - 2012-06-25 23:25 - 07815767 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.714.2_girl.3gp
2012-06-25 21:54 - 2012-06-25 21:54 - 00262144 ____A C:\Windows\Minidump\062512-23992-01.dmp
2012-06-23 22:57 - 2012-06-23 22:57 - 00697616 ____A C:\Windows\Minidump\062312-27253-01.dmp
2012-06-23 05:04 - 2012-06-22 23:46 - 940314607 ____A C:\Users\Rajagopal Kumar\Downloads\Age004.rar
2012-06-19 21:56 - 2012-03-13 20:48 - 00002447 ____A C:\Users\Public\Desktop\VMware vSphere Client.lnk
2012-06-19 21:45 - 2012-06-19 21:37 - 367065912 ____A (Igor Pavlov) C:\Users\Rajagopal Kumar\Downloads\VMware-viclient.exe
2012-06-17 00:45 - 2012-06-17 00:45 - 00018495 ____A C:\Users\Rajagopal Kumar\Downloads\[ Music- Video ] Kalakalappu @ Masala Cafe - Lotus - Xvid - [email protected]
2012-06-15 00:04 - 2012-06-15 00:04 - 00001724 ____A C:\users\Rajagopal
2012-06-14 21:27 - 2012-07-01 19:20 - 00000224 ____A C:\Users\Rajagopal Kumar\Downloads\Redroseee Small Size Movies1.url
2012-06-14 21:19 - 2012-07-01 19:20 - 00000239 ____A C:\Users\Rajagopal Kumar\Downloads\Redrosee Small Size Movies2.url
2012-06-14 14:43 - 2012-06-14 14:40 - 00000413 ____A C:\Users\Rajagopal Kumar\Downloads\myentunnel.ini
2012-06-14 14:43 - 2012-06-14 14:40 - 00000002 ____A C:\Users\Rajagopal Kumar\Downloads\remoteports.txt
2012-06-14 14:43 - 2012-06-14 14:40 - 00000002 ____A C:\Users\Rajagopal Kumar\Downloads\localports.txt
2012-06-14 14:39 - 2012-06-14 14:39 - 00249856 ____A (Nemesis][) C:\Users\Rajagopal Kumar\Downloads\myentunnel.exe
2012-06-14 14:38 - 2012-06-14 14:38 - 00246433 ____A C:\Users\Rajagopal Kumar\Downloads\myentunnel-unicode.zip
2012-06-14 13:10 - 2012-06-14 13:09 - 00001486 ____A C:\Users\Rajagopal Kumar\Documents\id_rsa
2012-06-14 13:08 - 2012-06-14 13:08 - 00180224 ____A (Simon Tatham) C:\Users\Rajagopal Kumar\Downloads\puttygen.exe
2012-06-11 19:02 - 2012-07-11 00:54 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 23:21 - 2012-06-09 23:18 - 126609688 ____A (Lenovo Group ) C:\Users\Rajagopal Kumar\Downloads\IN3VDO43WW6.exe
2012-06-08 21:30 - 2012-07-10 22:04 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-10 22:04 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 21:50 - 2012-07-10 22:04 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-10 22:04 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-10 22:04 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-10 22:04 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 15:03 - 2012-07-13 21:31 - 00224088 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2012-06-05 15:03 - 2012-07-13 21:31 - 00130904 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2012-06-05 15:03 - 2012-06-05 15:03 - 00166232 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetFlt.sys
2012-06-05 15:03 - 2012-06-05 15:03 - 00147288 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
2012-06-05 15:02 - 2012-06-05 15:02 - 00320856 ____A (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll
2012-06-03 11:41 - 2012-06-03 11:41 - 00697728 ____A C:\Windows\Minidump\060312-30451-01.dmp
2012-06-02 14:19 - 2012-06-18 22:02 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 22:02 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 22:02 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-18 22:02 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 22:02 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 22:02 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-18 22:02 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 22:02 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-18 22:02 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 13:58 - 2012-06-24 15:12 - 682671301 ____A C:\Users\Rajagopal Kumar\Downloads\The.Aviator.2004.720p.mkv
2012-06-02 04:49 - 2012-07-11 00:50 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 00:50 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 00:50 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 00:50 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 00:50 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 00:50 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 00:50 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 00:50 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 00:50 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 00:50 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 00:50 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 00:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 00:50 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 00:50 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 00:50 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 00:50 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 00:50 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 00:50 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 00:50 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 00:50 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 00:50 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 00:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 00:50 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 00:50 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 00:50 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 00:50 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 00:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 00:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 00:04 - 2012-06-01 22:56 - 836422613 ____A C:\Users\Rajagopal Kumar\Downloads\jodibreakers.mkv
2012-06-01 21:38 - 2012-07-10 22:04 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-10 22:04 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-10 22:04 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-10 22:04 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-10 22:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-10 22:04 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-10 22:04 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-10 22:04 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-10 22:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-30 19:42 - 2012-05-30 19:40 - 07562869 ____A C:\Users\Rajagopal Kumar\Downloads\fsi.615.desi girl in hotel.3gp
2012-05-30 16:09 - 2012-05-30 16:09 - 00000242 ____A C:\Users\Rajagopal Kumar\Downloads\local.properties
2012-05-30 12:38 - 2010-09-08 07:54 - 01252452 ____A C:\Windows\PFRO.log
2012-05-30 12:14 - 2012-05-30 12:14 - 00732160 ____A C:\Users\Rajagopal Kumar\Downloads\hpvrplugin.msi
2012-05-30 10:17 - 2012-05-30 10:17 - 00002042 ____A C:\Users\Public\Desktop\Nitro Reader.lnk
2012-05-30 10:16 - 2012-05-30 10:16 - 00001162 ____A C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
2012-05-30 10:16 - 2012-05-30 10:15 - 07549704 ____A C:\Users\Rajagopal Kumar\Downloads\InternationalPrimoPDF.exe
2012-05-30 10:16 - 2011-02-09 20:03 - 00000326 ____A C:\Windows\primopdf.ini
2012-05-30 09:31 - 2012-05-30 09:29 - 00001035 ____A C:\Users\Rajagopal Kumar\Desktop\magicJack.lnk
2012-05-30 06:40 - 2012-05-30 06:40 - 00015124 ____A C:\Users\Rajagopal Kumar\Desktop\viewBoardingPass.htm
2012-05-30 06:39 - 2012-05-30 06:39 - 00015084 ____A C:\Users\Rajagopal Kumar\Desktop\viewBoardingPass.action.htm
2012-05-27 20:02 - 2012-07-01 19:20 - 00032688 ____A C:\Users\Rajagopal Kumar\Downloads\2raod.srt
2012-05-27 08:26 - 2012-07-01 19:19 - 838003988 ____A C:\Users\Rajagopal Kumar\Downloads\2raod.mkv
2012-05-13 19:03 - 2012-05-13 00:14 - 734167772 ____A C:\Users\Rajagopal Kumar\Downloads\Lot1k2eq.crazy.avi

ZeroAccess:
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\@
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\L
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\n
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\U
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\L\00000004.@
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\U\00000004.@
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\U\00000008.@
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\U\000000cb.@
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\U\80000000.@
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\U\80000032.@
C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7}\U\80000064.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3893.86 MB
Available physical RAM: 3263.5 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3256.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (Windows) (Fixed) (Total:420.66 GB) (Free:320.76 GB) NTFS
2 Drive e: () (Fixed) (Total:30 GB) (Free:29.91 GB) NTFS
3 Drive f: () (Removable) (Total:7.46 GB) (Free:7.24 GB) NTFS
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 15 GB
Disk 1 Online 7643 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 420 GB 101 MB
Partition 3 Primary 30 GB 420 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y System NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Windows NTFS Partition 420 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E NTFS Partition 30 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7643 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F NTFS Removable 7643 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-28 15:25

======================= End Of Log ==========================

Attached Files

  • Attached File  FRST.txt   39.28KB   505 downloads

  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Please go into recovery console again and do this fix:
Attached File  fixlist.txt   163bytes   498 downloads

Then try to reboot into windows.

If it reboots successfully into Windows to this:

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to something problems. Simply reboot the computer.





If it does not boot into windows do this:


Reboot your computer and tap the F10 key until Edit Boot Options screen appears.
Write down everything and post it here or just take a picture and post that.



Regards,

CompCav
  • 0

#5
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Did the fix using fixlist and tried booting into windows again, blue screen flashes for a sec when it loads up windows and computer reboots again giving me two options - either to launch startup repair or start windows normally

Please see below for the fix log -

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012 03
Ran by SYSTEM at 2012-08-10 12:08:53 Run:2
Running from F:\

==============================================

C:\Users\Rajagopal Kumar\AppData\Local\{415fdb6d-355a-b025-9d22-69c8990fe1a7} moved successfully.
C:\Windows\Installer\{415fdb6d-355a-b025-9d22-69c8990fe1a7} not found.

An error occurred while attempting to delete the specified data element.
Element not found.
The operation completed successfully.

==== End of Fixlog ====
  • 0

#6
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Additional information - I tried rebooting into safe mode and the computer struggles after/during CLASSPNP.SYS driver load. Then it ends up at the PAGE_FAULT_IN_NONPAGE_AREA blue screen. This is same as what was happening before running the FRST64 tool.
  • 0

#7
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in C:\ and press ENTER
[*]Then at the C:\ prompt type chkdsk /r and press ENTER.
[*]We want to force a dismount so type Y and press ENTER
[*]Let check disk run to completion, it will take a while, then let the computer reboot and see if it boots normally.[/list]
Please update me after trying this.
  • 0

#8
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Without having my USB (which has FRST64 and the win recovery image) plugged in, I restarted my computer and it landed up in "startup repair or start windows normally" and I selected startup repair -> Then it searched for problems as usual and it was not able to fix it -> Then I selected view advanced options -> Command prompt -> I typed in C:\ in the prompt

X:\windows\system32> 'C:\' is not recognized as an internal or an external command,operable program or batch file

X:\windows\system32> chkdsk /r

The type of the file system is NTFS.
Cannot lock current drive.
Windows cannot run disk checking on this volume because it is write protected.
  • 0

#9
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Try this command at the X:\Windows\system32> chkdsk c: /r
  • 0

#10
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
If that does not work go back to the post #7 and use c: not C:\
  • 0

Advertisements


#11
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
I typed C:\ and it took me to to C:\> prompt. Then I typed chkdsk /r and it ran really quickly with final message being "Windows has checked the file system and found no problems" with some stats and then the last line being "Failed to transfer logged messages to the event log with status 50"
and then I tried a reboot which landed at the blue screen again when trying to load windows.
  • 0

#12
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
When you did chkdsk /r it did only the recovery partition.

Please do it this way:

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in C: and press ENTER
[*]Then at the C:\ prompt type chkdsk /r and press ENTER.
[*]We want to force a dismount so type Y and press ENTER
[*]Let check disk run to completion, it will take a while, then let the computer reboot and see if it boots normally.[/list]
Please update me after trying this.

If you cannot get to the Repair your computer screen, please let me know what operating system you have on the computer you are using
  • 0

#13
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
I am using Win 7 64 bit and I am able to get to the repair computer screen.
I followed the exact steps from your previous post and chkdsk /r ran pretty quickly this time too... messages are the same as from the previous attempt of running chkdsk.. Also one additional info...I noticed the volume label while running chkdsk and it is System.

I also tried rebooting -> Asked me to either repair computer or start windows normally and I seletec start windows normally which ended up in blue screen again..
  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Does it show all 5 stages of running check disk?
  • 0

#15
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
yes it does and it does say that there are zero bad sectors and it did not scan any big sized files..It scanned only small sized and small number of files.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP