my system freezes and restarts while i am scanning through malwarebytes

[Luffy_zoro]

My system asked for reboot ...i have pasted "newest.log" as u mentioned................i need some time for  Dr.wed Scan......

 

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-3756954993-494701191-2749408217-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.

C:\Windows\System32\zzmbkjttcv.ini moved successfully.

C:\Windows\System32\zyadeizbstq.ini moved successfully.

C:\Windows\System32\zmpm.dat moved successfully.

C:\Windows\System32\zlvlgaoro.dat moved successfully.

C:\Windows\System32\zhbezzk.ini moved successfully.

C:\Windows\System32\zgtn.dat moved successfully.

C:\Windows\System32\zbu.ini moved successfully.

C:\Windows\System32\yztg.dat moved successfully.

C:\Windows\System32\ywcotf.ini moved successfully.

C:\Windows\System32\yruogei.ini moved successfully.

C:\Windows\System32\yqwnxmuqkr.ini moved successfully.

C:\Windows\System32\ynbpico.ini moved successfully.

C:\Windows\System32\yft.ini moved successfully.

C:\Windows\System32\yfddtyco.ini moved successfully.

C:\Windows\System32\yeqc.ini moved successfully.

C:\Windows\System32\ybcwdcj.ini moved successfully.

C:\Windows\System32\xrjmwls.ini moved successfully.

C:\Windows\System32\xratz.ini moved successfully.

C:\Windows\System32\xnrwoffi.ini moved successfully.

C:\Windows\System32\xkiazoygsu.dat moved successfully.

C:\Windows\System32\xitroqxj.dat moved successfully.

C:\Windows\xibfo.dat moved successfully.

C:\Windows\System32\xhxj.ini moved successfully.

C:\Windows\System32\xhliavnncf.ini moved successfully.

C:\Windows\System32\xhi.dat moved successfully.

C:\Windows\System32\xhepiahgu.ini moved successfully.

C:\Windows\System32\xei.ini moved successfully.

C:\Windows\System32\xdu.dat moved successfully.

C:\Windows\System32\xbwudob.ini moved successfully.

C:\Windows\System32\xbeumyws.ini moved successfully.

C:\Windows\System32\xabxrnwognq.ini moved successfully.

C:\Windows\System32\wztapis.ini moved successfully.

C:\Windows\System32\wvpmojcpagc.ini moved successfully.

C:\Windows\System32\wvmaql.ini moved successfully.

C:\Windows\System32\wuienx.ini moved successfully.

C:\Windows\System32\wtkvqxla.ini moved successfully.

C:\Windows\System32\wmcwjfwebcg.dat moved successfully.

C:\Windows\System32\wmaeoulj.ini moved successfully.

C:\Windows\System32\wjjkwjxof.dat moved successfully.

C:\Windows\System32\wjd.ini moved successfully.

C:\Windows\System32\wgfzxqxc.dat moved successfully.

C:\Windows\System32\vwx.ini moved successfully.

C:\Windows\System32\vwvpxtf.dat moved successfully.

C:\Windows\System32\vtccpjjxhbl.ini moved successfully.

C:\Windows\System32\vpymgh.ini moved successfully.

C:\Windows\System32\vky.dat moved successfully.

C:\Windows\System32\vhgdwwy.ini moved successfully.

C:\Windows\System32\vexcv.ini moved successfully.

C:\Windows\System32\vekhfmquvd.dat moved successfully.

C:\Windows\System32\uvhkeoo.dat moved successfully.

C:\Windows\System32\uuknvmo.ini moved successfully.

C:\Windows\System32\upqsk.dat moved successfully.

C:\Windows\System32\uilhoi.dat moved successfully.

C:\Windows\System32\uhgxcxne.ini moved successfully.

C:\Windows\System32\ugh.ini moved successfully.

C:\Windows\System32\ubomomrwsdk.dat moved successfully.

C:\Windows\System32\uaqqwmjt.ini moved successfully.

C:\Windows\System32\tubh.ini moved successfully.

C:\Windows\System32\tttpgilubhz.ini moved successfully.

C:\Windows\System32\tmksiwyo.ini moved successfully.

C:\Windows\System32\tjerrruiu.ini moved successfully.

C:\Windows\System32\tgysztaa.ini moved successfully.

C:\Windows\System32\tgp.dat moved successfully.

C:\Windows\System32\tcu.ini moved successfully.

C:\Windows\System32\szanch.dat moved successfully.

C:\Windows\System32\swrosmstc.ini moved successfully.

C:\Windows\System32\swmx.dat moved successfully.

C:\Windows\System32\svh.dat moved successfully.

C:\Windows\System32\surl.ini moved successfully.

C:\Windows\System32\sthnpbr.ini moved successfully.

C:\Windows\System32\srt.ini moved successfully.

C:\Windows\System32\sqrvkkbktxz.dat moved successfully.

C:\Windows\System32\slfzi.ini moved successfully.

C:\Windows\System32\skjqlknoa.ini moved successfully.

C:\Windows\System32\sfsz.dat moved successfully.

C:\Windows\System32\rzuc.ini moved successfully.

C:\Windows\System32\rvitifkhda.ini moved successfully.

C:\Windows\System32\ruwy.dat moved successfully.

C:\Windows\System32\rumiqlhw.dat moved successfully.

C:\Windows\System32\rtsquze.dat moved successfully.

C:\Windows\rnni.ini moved successfully.

C:\Windows\System32\rnaxcorvnpm.ini moved successfully.

C:\Windows\System32\rmkgnn.ini moved successfully.

C:\Windows\System32\riffaw.ini moved successfully.

C:\Windows\System32\rifbww.ini moved successfully.

C:\Windows\System32\rhw.dat moved successfully.

C:\Windows\System32\rfbddh.dat moved successfully.

C:\Windows\refyhravcw.dat moved successfully.

C:\Windows\System32\rckntimj.dat moved successfully.

C:\Windows\System32\rbou.dat moved successfully.

C:\Windows\System32\qzegqoobxiy.ini moved successfully.

C:\Windows\System32\qxbus.dat moved successfully.

C:\Windows\System32\qsopsnklrnj.dat moved successfully.

C:\Windows\System32\qrpcq.dat moved successfully.

C:\Windows\System32\qqqewpfdl.ini moved successfully.

C:\Windows\System32\qpghwlpi.ini moved successfully.

C:\Windows\System32\qnretzig.ini moved successfully.

C:\Windows\System32\qheefqe.dat moved successfully.

C:\Windows\qgqkumwr.ini moved successfully.

C:\Windows\System32\qbdvroefxtf.ini moved successfully.

C:\Windows\pxluctu.dat moved successfully.

C:\Windows\System32\pvsbacopgo.ini moved successfully.

C:\Windows\System32\puxozpwjj.dat moved successfully.

C:\Windows\System32\ptfcgaof.dat moved successfully.

C:\Windows\System32\psxulyb.ini moved successfully.

C:\Windows\System32\psuezqksw.dat moved successfully.

C:\Windows\System32\pqjjgvrcrr.ini moved successfully.

C:\Windows\System32\pplmagu.ini moved successfully.

C:\Windows\System32\pefaimbebk.ini moved successfully.

C:\Windows\System32\pedcjlq.ini moved successfully.

C:\Windows\System32\pcpmvigyknw.dat moved successfully.

C:\Windows\System32\pclkwlz.ini moved successfully.

C:\Windows\System32\pathdekgnl.dat moved successfully.

C:\Windows\System32\oxxpcqneqfk.dat moved successfully.

C:\Windows\System32\ousspnt.ini moved successfully.

C:\Windows\System32\oofsbkfk.ini moved successfully.

C:\Windows\System32\onuhfaqdr.dat moved successfully.

C:\Windows\System32\olcfhmx.ini moved successfully.

C:\Windows\System32\okbzdweogsf.ini moved successfully.

C:\Windows\System32\oicryjbsxhd.ini moved successfully.

C:\Windows\System32\ogn.ini moved successfully.

C:\Windows\System32\ogknbwh.ini moved successfully.

C:\Windows\System32\ocduhsoaeky.ini moved successfully.

C:\Windows\System32\netcd.ini moved successfully.

C:\Windows\System32\ndpxrjvfik.dat moved successfully.

C:\Windows\System32\mxdvmytw.ini moved successfully.

C:\Windows\System32\mwzhlh.ini moved successfully.

C:\Windows\System32\mwuwz.dat moved successfully.

C:\Windows\System32\mpuqpwyjjoe.ini moved successfully.

C:\Windows\System32\mlfml.ini moved successfully.

C:\Windows\System32\mhymnl.ini moved successfully.

C:\Windows\System32\mhefcltipun.ini moved successfully.

C:\Windows\System32\mcrrrdylbyb.dat moved successfully.

C:\Windows\System32\mbufohzbd.dat moved successfully.

C:\Windows\System32\mbpbf.ini moved successfully.

C:\Windows\System32\lxjydaq.dat moved successfully.

C:\Windows\System32\lwcnbd.ini moved successfully.

C:\Windows\System32\lvzw.dat moved successfully.

C:\Windows\System32\lvjfqnrfy.dat moved successfully.

C:\Windows\System32\lqya.dat moved successfully.

C:\Windows\System32\lnm.ini moved successfully.

C:\Windows\System32\lmkwvtfa.ini moved successfully.

C:\Windows\System32\liif.ini moved successfully.

C:\Windows\System32\lhlcj.ini moved successfully.

C:\Windows\System32\lffhqjpt.dat moved successfully.

C:\Windows\System32\ldna.ini moved successfully.

C:\Windows\System32\ktkvvqws.dat moved successfully.

C:\Windows\System32\kokjkgnayl.dat moved successfully.

C:\Windows\System32\knk.ini moved successfully.

C:\Windows\System32\kkrk.ini moved successfully.

C:\Windows\System32\kgqeevfnt.dat moved successfully.

C:\Windows\System32\kfkegdfzsmf.dat moved successfully.

C:\Windows\System32\kblu.ini moved successfully.

C:\Windows\System32\kaddzumq.ini moved successfully.

C:\Windows\System32\jxqxva.ini moved successfully.

C:\Windows\System32\jvpytddxshm.ini moved successfully.

C:\Windows\System32\jvanbm.ini moved successfully.

C:\Windows\System32\jscxtijpp.ini moved successfully.

C:\Windows\System32\jecbuzopv.ini moved successfully.

C:\Windows\System32\ixrmyzmuf.ini moved successfully.

C:\Windows\System32\ivz.ini moved successfully.

C:\Windows\System32\itshnv.ini moved successfully.

C:\Windows\System32\isnvgwxvzx.ini moved successfully.

C:\Windows\System32\imisiwl.ini moved successfully.

C:\Windows\System32\ilppyukvb.ini moved successfully.

C:\Windows\System32\ikvd.ini moved successfully.

C:\Windows\System32\ifvbafbi.dat moved successfully.

C:\Windows\System32\iduxw.ini moved successfully.

C:\Windows\System32\ict.ini moved successfully.

C:\Windows\System32\ibqvywo.ini moved successfully.

C:\Windows\System32\hxpuo.dat moved successfully.

C:\Windows\System32\hulemjbpzih.dat moved successfully.

C:\Windows\System32\htzs.dat moved successfully.

C:\Windows\System32\htubwk.ini moved successfully.

C:\Windows\System32\hrfumedgw.ini moved successfully.

C:\Windows\System32\hqwxnfwmq.ini moved successfully.

C:\Windows\System32\hoboh.dat moved successfully.

C:\Windows\System32\hmzimwaq.dat moved successfully.

C:\Windows\System32\hhxjfatux.dat moved successfully.

C:\Windows\System32\hgu.ini moved successfully.

C:\Windows\System32\hgdxppghmnp.dat moved successfully.

C:\Windows\System32\hfaptb.dat moved successfully.

C:\Windows\System32\hbqnkzjqm.dat moved successfully.

C:\Windows\System32\gzswrdxw.ini moved successfully.

C:\Windows\System32\gxveh.dat moved successfully.

C:\Windows\System32\gxiglgpq.ini moved successfully.

C:\Windows\System32\gswxesatox.ini moved successfully.

C:\Windows\System32\gksspjwk.dat moved successfully.

C:\Windows\System32\gjrxn.dat moved successfully.

C:\Windows\System32\giemuzl.ini moved successfully.

C:\Windows\System32\ggjxmqh.ini moved successfully.

C:\Windows\System32\gecrm.ini moved successfully.

C:\Windows\System32\gcgii.ini moved successfully.

C:\Windows\System32\gbx.ini moved successfully.

C:\Windows\System32\fyvyvw.ini moved successfully.

C:\Windows\System32\fqat.dat moved successfully.

C:\Windows\System32\fnyj.ini moved successfully.

C:\Windows\System32\fmlgoxxnn.ini moved successfully.

C:\Windows\System32\fkuuzbgv.dat moved successfully.

C:\Windows\System32\fhagevihj.dat moved successfully.

C:\Windows\fas.ini moved successfully.

C:\Windows\System32\ezafudvoiyt.ini moved successfully.

C:\Windows\err.ini moved successfully.

C:\Windows\System32\epuzw.ini moved successfully.

C:\Windows\System32\ehe.dat moved successfully.

C:\Windows\System32\egskehx.ini moved successfully.

C:\Windows\System32\eesejbzog.ini moved successfully.

C:\Windows\System32\edsljcdivuy.ini moved successfully.

C:\Windows\ecisfvuhpa.ini moved successfully.

C:\Windows\System32\dxrnzku.ini moved successfully.

C:\Windows\System32\dqajfj.ini moved successfully.

C:\Windows\System32\dmtlsnues.dat moved successfully.

C:\Windows\System32\dkfd.ini moved successfully.

C:\Windows\System32\djzobvavx.ini moved successfully.

C:\Windows\System32\dgppwo.dat moved successfully.

C:\Windows\System32\detwvkklv.ini moved successfully.

C:\Windows\System32\defhdp.ini moved successfully.

C:\Windows\System32\cqbt.ini moved successfully.

C:\Windows\System32\cntaml.ini moved successfully.

C:\Windows\System32\civwzqm.ini moved successfully.

C:\Windows\System32\cfclssx.ini moved successfully.

C:\Windows\System32\cdntf.dat moved successfully.

C:\Windows\System32\cbqynozbpo.ini moved successfully.

C:\Windows\System32\cbgvboorrjj.dat moved successfully.

C:\Windows\System32\bzyz.dat moved successfully.

C:\Windows\System32\byoqvakieh.ini moved successfully.

C:\Windows\System32\bxqecmpfn.ini moved successfully.

C:\Windows\System32\bulcyfilrrd.dat moved successfully.

C:\Windows\System32\bsmobir.dat moved successfully.

C:\Windows\System32\blxcchdo.dat moved successfully.

C:\Windows\System32\betjex.ini moved successfully.

C:\Windows\baxqskha.dat moved successfully.

C:\Windows\System32\azuxhafgo.ini moved successfully.

C:\Windows\System32\ayyyufnvi.ini moved successfully.

C:\Windows\System32\aso.dat moved successfully.

C:\Windows\System32\arembuqqlhl.ini moved successfully.

C:\Windows\System32\apluecjxljh.ini moved successfully.

C:\Windows\System32\akjgqsepny.ini moved successfully.

C:\Windows\System32\ajnzyssdz.dat moved successfully.

C:\Windows\System32\ajfm.ini moved successfully.

C:\Windows\System32\aesvs.dat moved successfully.

C:\Windows\System32\aclcvmx.ini moved successfully.

C:\Windows\System32\zvxuplfqaiv.dat moved successfully.

C:\Windows\System32\zmulmsalvp.ini moved successfully.

C:\Windows\System32\yfguqg.dat moved successfully.

C:\Windows\System32\vuzy.ini moved successfully.

C:\Windows\System32\ujupkolaxz.ini moved successfully.

C:\Windows\System32\udixx.ini moved successfully.

C:\Windows\System32\tixbprzs.dat moved successfully.

C:\Windows\System32\sntlrnm.dat moved successfully.

C:\Windows\System32\skcx.dat moved successfully.

C:\Windows\System32\sjzadmi.ini moved successfully.

C:\Windows\System32\rpz.ini moved successfully.

C:\Windows\System32\qttwzyei.dat moved successfully.

C:\Windows\System32\qqqt.ini moved successfully.

C:\Windows\System32\pqognjycvt.dat moved successfully.

C:\Windows\System32\pjtdqi.ini moved successfully.

C:\Windows\System32\phcioojd.ini moved successfully.

C:\Windows\System32\otvbczqzr.dat moved successfully.

C:\Windows\System32\otorwgb.ini moved successfully.

C:\Windows\System32\oofzxmm.dat moved successfully.

C:\Windows\System32\ooaomuyhvz.ini moved successfully.

C:\Windows\System32\olhdsirhbjm.dat moved successfully.

C:\Windows\System32\ntpp.ini moved successfully.

C:\Windows\System32\npuailglpt.dat moved successfully.

C:\Windows\System32\narceunvfsr.ini moved successfully.

C:\Windows\System32\mvhxlyyr.dat moved successfully.

C:\Windows\System32\minowwpnhw.dat moved successfully.

C:\Windows\System32\mflohpswrxl.dat moved successfully.

C:\Windows\System32\maynwlp.ini moved successfully.

C:\Windows\kragnbr.dat moved successfully.

C:\Windows\System32\kppamcnflm.dat moved successfully.

C:\Windows\System32\kjvzwobzke.ini moved successfully.

C:\Windows\System32\jazdltqdat.ini moved successfully.

C:\Windows\System32\ithugwck.dat moved successfully.

C:\Windows\System32\hxokmtz.ini moved successfully.

C:\Windows\System32\hiushfclfla.ini moved successfully.

C:\Windows\System32\gwegf.dat moved successfully.

C:\Windows\System32\ghdvcccqxcv.ini moved successfully.

C:\Windows\System32\fzzu.dat moved successfully.

C:\Windows\System32\fnxe.dat moved successfully.

C:\Windows\eewo.ini moved successfully.

C:\Windows\System32\dmuuqmc.ini moved successfully.

C:\Windows\System32\dgckkqqq.ini moved successfully.

C:\Windows\System32\dfswulgomz.ini moved successfully.

C:\Windows\System32\ctxnogspj.ini moved successfully.

C:\Windows\System32\bsxkwl.dat moved successfully.

C:\Windows\System32\auemdu.ini moved successfully.

========== FILES ==========

File\Folder C:\Users\Swamy\AppData\Roaming\W3YJWGZC46.exe not found.

File\Folder C:\Users\Swamy\AppData\Local\Temp\W3YJWGZC46.exe not found.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Swamy\Desktop\cmd.bat deleted successfully.

C:\Users\Swamy\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: Swamy

->Temp folder emptied: 46139717 bytes

->Temporary Internet Files folder emptied: 2628360 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 74766454 bytes

->Google Chrome cache emptied: 185461036 bytes

->Flash cache emptied: 720 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 66079 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 295.00 mb

 

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.69.0 log created on 10132013_214648

 

Files\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

[kevinf80]

OK, post Dr Web log when you`re ready..

[Luffy_zoro]

There were no threats found....What next

[kevinf80]

Run a quick scan with Malwarebytes, post its log...

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Post hose logs, let me know if any remaining issues or concerns...

[Luffy_zoro]

dr.web log

[kevinf80]

You stated nothing was found, I don`t need the log if that is true...

 

Have you ran Malwarebytes quick scan and Security Checks scan?

[Luffy_zoro]

I am sure during DR.web scan there were no threats found................I ran the malware scan but system restarted during the scan................I did the security check ...

Results of screen317's Security Check version 0.99.74

Windows 7 x86 (UAC is enabled)

Out of date service pack!!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG AntiVirus Free Edition 2013

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

TuneUp Utilities 2012

TuneUp Utilities Language Pack (en-US)

Java 7 Update 21

Java version out of Date!

Adobe Flash Player 11.9.900.117

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox 16.0.2 Firefox out of Date!

Google Chrome 27.0.1453.116

Google Chrome 30.0.1599.69

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

AVG avgwdsvc.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

[kevinf80]

Do you tell me the system restarted during Malwarebytes scan or DR Web

[Luffy_zoro]

System restarted during malwarebytes scan...Dr.web scan there no problems it went smooth found threats...

[kevinf80]

Can you see if there was a log produced during the last scan with Malwarebytes, open the program, select "Logs" tab. The most recent log is at the bottom, select that log, then use "Open" copy and paste that log

[Luffy_zoro]

this the recent log

2013/10/15 01:16:04 +0530 SWAMY-PC (null) MESSAGE Starting protection

2013/10/15 01:16:05 +0530 SWAMY-PC (null) MESSAGE Protection started successfully

2013/10/15 01:16:05 +0530 SWAMY-PC (null) MESSAGE Starting IP protection

2013/10/15 01:16:07 +0530 SWAMY-PC (null) MESSAGE IP Protection started successfully

2013/10/15 11:29:17 +0530 SWAMY-PC (null) MESSAGE Starting protection

2013/10/15 11:29:17 +0530 SWAMY-PC (null) MESSAGE Protection started successfully

2013/10/15 11:29:17 +0530 SWAMY-PC (null) MESSAGE Starting IP protection

2013/10/15 11:29:21 +0530 SWAMY-PC (null) MESSAGE IP Protection started successfully

[kevinf80]

That is not a log from a scan, that is a protection log. The one you require will end with \Logs\mbam-log\date of run\time of run.txt the date and time will be when you ran the scan

[Luffy_zoro]

No there are no such logs...only protection logs are there in the Log Tab...............

[kevinf80]

ok so Malwarebytes never completed the quick scan...  Can you complete a clean boot of your system and then run Malwarebytes again...

 

Go here http://support.microsoft.com/kb/929135   and follow the instructions to clean boot...

[Luffy_zoro]

I did the clean boot and ran the malwarebytes as soon as the system restarted but again the system froze and restarted.....

 

 Now i have found out that even mozilla firefox causes the problem.. i was not using firefox for sometime only chrome i used......When i tried to run firefox system restarted...Even after complete uninstall and during the installation of firefox the system restarted...... Is this malware contagious...

 

I have attached Dr.web scan log just in case.....

cureit.log

[kevinf80]

OK, still problems, best way forward is to run a scan from outside of windows, Do the following:

 

STEP A:

 

Download and create a bootable Kaspersky Rescue Disk CD

 

1. Download the Kaspersky Rescue Disk ISOimage from below.

 

 KASPERSKY RESCUE DISK DOWNLOAD LINK (This link will open a new page from where you can download Kaspersky Rescue Disk ISO)

 

2. Download ImgBurn, a software that will help us create this bootable disk. (If you already have necessary software, use that)

 

 IMGBURN DOWNLOAD LINK (This link will open a new page from where you can download ImgBurn)

3. You can now insert your blank DVD/CD in your burner.

 

4. Install ImgBurn by following the prompts and then start this program.

 

5. Click on the Write image file to disc button.

 

6. Under 'Source' click on the Browse for file button, then browse to the location where you previously saved the Kaspersky Rescue Disk ISO file.(kav_rescue_10.iso)

 

7. Click on the big Write button.

 

8. The disc creation process will now start and it will take around 5-10 minutes to complete.

 

 

STEP B:

 

Configure the computer to boot from CD-ROM

 

On some machines,if you restart the computer and repeatedly tap the F11 key it should bring up the Boot Menu, from there you can select to boot from the CD.

IF this doesn't happen then you'll need to configure your computer to boot for a CD like you'll see below.

 

 Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:

 

1. Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:

 

2. In your PC BIOS settings select the Boot menu and set CD/DVD-ROM as a primary boot device.

 

3. Insert your Kaspersky Rescue Disk and restart your computer.

 

STEP C:

 

Boot your computer from Kaspersky Rescue Disk

 

1. Your computer will now boot from the Kaspersky Rescue Disk,and you'll be asked to press any key to proceed with this process

 

 

 

 

2. In the start up wizard window that will open, select your language using the cursor moving keys. Press the ENTER key on the keyboard.

 

 

 

 

3. On the next screen, select Kaspersky Rescue Disk. Graphic Mode then press ENTER.

 

 

 

 

4. The End User License Agreement of Kaspersky Rescue Disk will be displayed on the screen. Read carefully the agreement then press the C button on your keyboard.

 

5. Once the actions described above have been performed, the Kasprsky operating system will start.

 

STEP D:

 

Launch Kaspersky WindowsUnlocker to remove the malicious registry changes

 

This ransomware trojan has modified your Windows system registry so that when you're trying to boot your computer it will instead launch his lock screen.To remove this malicious registry changes we need to use the Kasersky WindowsUnlocker from Kaspersky Rescue Disk.

 

1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky WindowsUnlocker.

 

 

 

 

IF you can't find the WindowsUnlocker button, you can select Terminal and in the command prompt type windowsunlocker and then press Enter on the keyboard.

 

2. A white colored console window will appear and will automatically start loading the registry files for scanning and disinfection. The whole process will take only a couple of seconds and after this process you should be able to boot your computer in normal mode.

 

 

 

 

STEP E:

 

Scan your system with Kaspersky Rescue Disk

 

1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky Rescue Disk then click on My Update Center and press Start update.

 

 

 

 

2. When the update process has completed, the light at the top of the window will turn green, and the databases release date will be updated.

 

 

 

 

3. Click on the Objects Scan tab, then click Start Objects Scanto begin the scan.

 

 

 

 

4. If any malicious items are found, the default settings are to prompt you for action with a red popup window on the bottom right. Delete is the recommended action in most cases but we strongly recommend that you try first to disinfect , and if it doesn't work chose to quarantine the infected files just to be on the safe side.

 

 

 

 

5. When all detected items have been processed and removed, the light in the window will turn green and the scan will show as completed.

 

 

 

 

6. When done you can close the Kaspersky Rescue Disk window and use the Start Menu to Restart the computer.

 

7. When booted back into Windows Navigate > Start > Computer > C:\Kaspersky Rescue Disck 10.0 Open the folder, inside is log from KRD run named "ScanObject" copy/paste that file to your reply.

[Luffy_zoro]

should i write this in a disk....... cant i boot using portable drive..

[kevinf80]

Yes if you would prefer that option, http://support.kaspersky.com/8092

[Luffy_zoro]

i Scaned using kaspersky.... after restarting into windows there is no log in the specified folder....

the scan went smoothly ....there was no problems ....It found 5 threats it couldn disinfect ...i deleted them.... 

[Luffy_zoro]

i couldn find the scanoject log.... so i booted again with kaspersky  and from there i  saved the detailed report manually of the previous scan.....i am attaching the file i obtained.....i also have the threats detected seperately........

scan object.txt

12334.txt

[kevinf80]

You have deleted the issues located by Kaspersky, is that correct. Ok continue and run quick scan with Malwarebytes, post that log

[Luffy_zoro]

The system again restarted during the mawarebytes scan....only this time before restarting blue screen flashed for a second and the system restarted again.....

[kevinf80]

Do you mean the system suffered a BSOD, Blue Screen of Death? Can you navigate to this folder C:\Windows\Minidump are there any files in that folder, if so zip up the two most recent and attach to your reply. The files will have a series of digits, they are the date the file was saved...

[Luffy_zoro]

NO there are no files in the minidump folder......The  system restarted during the malwarebytes scan i am sure of it....but there was a blue screen just this time, it only flashed for a second...

[Luffy_zoro]

Something really simple and fantastic happened......I have scanned so many times using malwarebytes i have looked at the point where the scan would freeze and make the system restart.....The path which used to do tht is:

C:\Windows\ServiceProfiles\LocalProfiles\Appdata\Local\FontCache..."lots of numbers"..dat.......this was the point where Scan froze......I saw it so Many times...I got really pissed off went to safe mode and deleted the file in location....There were three files......

 

And later started a scan in malwarebytes the scan went smoothly and completed...................But i am still worried though a simple delete would solve the issue... So what to do now.... I have posted  the log from malwarebytes so please check on it and tell me what to... i have not deleted anything from threats found in malwarebytes...i have left it like that...Do u want me simply remove the threats????

 

 

MBAM-log-2013-10-17 (12-31-21).txt