I think i have a virus; i can't access some sites

crossword · February 11, 2014

A beta reader sent me her feedback of my novel in a .pages file. I googled how to open such files and followed the instructions given. They said to change file ext to .zip etc. didnt work for me. Still could not open.

Then another site said IE and Open office could open them. didnt work for me.

So I downloaded this:

FreeFileViewer

Cos they said it could open any file. And I got only junk characters when I opened with it.

On top of that it automatically installed on my comp 2 programs:

My search dial

And

Right Surf

And those were annoying, so I had to uninstall.

I'm worried I may have got some virus with all the above. I now regret downloading anything.

Problem is: I can access some pages at my writing site zoetrope.com. but when I try to access the discussion pages:

http://www.zoetrope.com/members/sub/sub_discuss.cgi?section_id=1

and

http://www.zoetrope.com/members/sub/sub_discuss.cgi?section_id=2

I often cannot. In fact today I couldnt at all. The bar at the bottom of the screen starts off by saying "waiting for www.zoetrope.com."

And then it says "waiting for google-analytics.com"

And the page simply does not appear for me.

Same problem when I try to access this site for those who write and publish e-books:

http://www.kboards.com/index.php/topic,177586.0.html

I get the message waiting for bluedotmedia.org and the page simply does not load.

So I fear the junkware installed on my comp and which I uninstalled as soon as I saw it was there, may be causing my problems.

I live in india and was recommended QuickHeal Anti virus. The west does not seem to have heard of it but its popular here. So I ran it, plus ccleaner, wisedisk cleaner, wise registry cleaner. They detected no problems.

Someone told me to run this:

http://housecall.trendmicro.com/

but I can't because it too is another site I simply cannot acess.

Thanks for any help.

My logs:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.0.0

Run by Vidya Samson at 9:14:46 on 2014-02-11

Microsoft Windows 8 Enterprise 6.2.9200.0.1252.1.1033.18.3326.1895 [GMT 5.5:30]

.

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Quick Heal Total Security 2013 *Enabled/Updated* {D8418B0E-EE80-1320-B172-3D5DEB3CE14F}

SP: Quick Heal Total Security 2013 *Enabled/Updated* {63206AEA-C8BA-1CAE-8BC2-062F90BBABF2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Quick Heal Firewall *Enabled* {E07A0A2B-A4EF-1278-9A2D-946815EFA634}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhostex.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE

C:\Windows\Explorer.EXE

C:\Program Files\Classic Shell\ClassicStartMenu.exe

C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe

C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe

C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Quick Heal\Quick Heal Total Security\onlinent.exe

C:\Program Files\Microsoft Encarta\Encarta Reference Library DVD 2003\EDICT.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

C:\Windows\system32\CNAB4RPK.EXE

C:\Windows\splwow64.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE

C:\Windows\system32\taskmgr.exe

C:\Program Files\Microsoft Encarta\Encarta Reference Library DVD 2003\encarta.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Users\VIDYAS~1\AppData\Local\Temp\Rar$EX00.748\Everything-1.2.1.371.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CtA0FyEyE0BtA0D0BzytBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=863098808&ir=

mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CtA0FyEyE0BtA0D0BzytBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=863098808&ir=

BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - c:\program files\classic shell\ClassicExplorer32.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - c:\program files\classic shell\ClassicIEDLL_32.dll

TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - c:\program files\classic shell\ClassicExplorer32.dll

EB: Encarta &Researcher: {9455301C-CF6B-11D3-A266-00C04F689C50} - c:\program files\common files\microsoft shared\encarta researcher\EROPROJ.DLL

mRun: [Quick Heal Core UI] "c:\program files\quick heal\quick heal total security\strtupap.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\canonl~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\CNAB4LAK.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: disablecad = dword:1

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\classic shell\ClassicIE_32.exe

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {9455301C-CF6B-11D3-A266-00C04F689C50} - {9455301C-CF6B-11D3-A266-00C04F689C50}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{E5E84425-7882-4C62-BDB5-54E5415D47D4} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - c:\program files\common files\microsoft shared\encarta researcher\MSERO.DLL

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\vidya samson\appdata\roaming\mozilla\firefox\profiles\g9ecgrm8.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.zoetrope.com/members/priv/index.cgi?show_page=discuss&owner=14437

FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.mysearchdial.hmpg - true

FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CtA0FyEyE0BtA0D0BzytBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=863098808&ir=

FF - user.js: extensions.mysearchdial.dfltSrch - true

FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial

FF - user.js: extensions.mysearchdial.dnsErr - true

FF - user.js: extensions.mysearchdial_i.newTab - false

FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd0103&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CtA0FyEyE0BtA0D0BzytBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=863098808&ir=

FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd0103&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CtA0FyEyE0BtA0D0BzytBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=863098808&ir=&q=

FF - user.js: extensions.mysearchdial.id - 60A44C3F44B3DB92

FF - user.js: extensions.mysearchdial.instlDay - 16106

FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0

FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0

FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.010:55:32

FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial

FF - user.js: extensions.mysearchdial.prdct - mysearchdial

FF - user.js: extensions.mysearchdial.aflt - irmsd0103

FF - user.js: extensions.mysearchdial_i.smplGrp - none

FF - user.js: extensions.mysearchdial.tlbrId - base

FF - user.js: extensions.mysearchdial.instlRef -

FF - user.js: extensions.mysearchdial.dfltLng -

FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}

FF - user.js: extensions.mysearchdial.excTlbr - false

FF - user.js: extensions.mysearchdial_i.hmpg - true

FF - user.js: extensions.mysearchdial.cr - 863098808

FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzuyCtD0AyEyE0CtA0FyEyE0BtA0D0BzytBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R

FF - user.js: extensions.mysearchdial.AL - 2

FF - user.js: extensions.irmysearch.aflt - irmsd0103

FF - user.js: extensions.irmysearch.instlRef -

FF - user.js: extensions.irmysearch.cr - 863098808

FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzuyCtD0AyEyE0CtA0FyEyE0BtA0D0BzytBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R

.

============= SERVICES / DRIVERS ===============

.

R1 ggc;ggc;c:\windows\system32\drivers\ggc.sys [2013-7-30 49904]

R1 wsnf;Network Filter Driver;c:\windows\system32\drivers\wsnf.sys [2013-7-30 38856]

R1 wstif;wstif;c:\windows\system32\drivers\wstif.sys [2013-7-30 68448]

R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [2012-9-8 40416]

R2 Core Mail Protection;Core Mail Protection;c:\program files\quick heal\quick heal total security\EMLPROXY.EXE [2012-7-28 29680]

R2 Core Scanning Server;Core Scanning Server;c:\program files\quick heal\quick heal total security\SAPISSVC.EXE [2012-7-28 206320]

R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [2013-7-30 29424]

R2 Online Protection System;Online Protection System;c:\program files\quick heal\quick heal total security\OPSSVC.EXE [2012-7-28 25584]

R2 Quick Update Service;Quick Update Service;c:\program files\quick heal\quick heal total security\QUHLPSVC.EXE [2012-7-28 91120]

R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\drivers\Rt630x86.sys [2012-7-26 495104]

S0 mscank;mscank;c:\windows\system32\drivers\mscank.sys [2013-7-30 33136]

S2 Core Scanning ServerEx;Core Scanning ServerEx;c:\program files\quick heal\quick heal total security\SAPISSVC.EXE [2012-7-28 206320]

S3 llio;llio;c:\windows\system32\drivers\llio.sys [2013-8-14 55712]

.

=============== Created Last 30 ================

.

2014-02-10 06:04:31 -------- d-----w- c:\users\vidya samson\appdata\roaming\Wise Registry Cleaner

2014-02-10 05:47:45 -------- d-----w- c:\program files\CCleaner

2014-02-10 05:41:29 -------- d-----w- c:\program files\Wise Registry Cleaner

2014-02-10 05:39:25 -------- d-----w- c:\users\vidya samson\appdata\roaming\Wise Disk Cleaner

2014-02-10 05:39:14 -------- d-----w- c:\program files\Wise Disk Cleaner

2014-02-08 22:42:56 31856 ----a-w- c:\program files\mozilla firefox\CommandExecuteHandler.exe

2014-02-05 05:40:17 -------- d-----w- c:\users\vidya samson\appdata\roaming\OpenOffice.org

2014-02-05 05:37:30 -------- d-----w- c:\program files\OpenOffice.org 3

2014-02-05 05:26:50 -------- d-----w- c:\program files\File Type Assistant

2014-01-30 07:02:53 -------- d-----w- c:\program files\Microsoft Synchronization Services

2014-01-30 07:02:39 -------- d-----w- c:\windows\PCHEALTH

2014-01-30 07:02:39 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2014-01-30 07:02:11 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2014-01-30 07:02:02 -------- d-----w- c:\program files\Microsoft Analysis Services

2014-01-16 07:50:27 611224 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2014-01-16 07:50:27 544656 ----a-w- c:\windows\system32\deployJava1.dll

.

==================== Find3M ====================

.

============= FINISH: 9:16:55.55 ===============

2^nd log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Enterprise

Boot Device: \Device\HarddiskVolume1

Install Date: 7/30/2013 2:23:05 PM

System Uptime: 2/11/2014 4:48:47 AM (5 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M5A78L-M LX V2

Processor: AMD Athlon II X2 270 Processor | AM3R2 | 3400/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 63 GiB total, 33.695 GiB free.

D: is FIXED (NTFS) - 146 GiB total, 132.394 GiB free.

E: is FIXED (NTFS) - 186 GiB total, 183.98 GiB free.

F: is FIXED (NTFS) - 70 GiB total, 68.699 GiB free.

G: is CDROM ()

H: is FIXED (NTFS) - 244 GiB total, 238.616 GiB free.

I: is FIXED (NTFS) - 222 GiB total, 211.324 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP30: 2/5/2014 11:07:06 AM - Installed Java 6 Update 13

RP31: 2/10/2014 10:33:15 AM - Removed OpenOffice.org 3.1

.

==== Installed Programs ======================

.

Adobe Reader X (10.1.9)

Amazon Kindle

American Heritage Talking Dictionary

Canon LBP2900

CCleaner

Classic Shell

Final Draft 5

Java Auto Updater

Java 7

Microsoft Encarta Reference Library 2003

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Text-to-Speech Engine 4.0 (English)

Mozilla Firefox 28.0 (x86 en-US)

Mozilla Maintenance Service

Nero 7 Essentials

neroxml

Quick Heal Total Security

Scriptware for Windows

Shockwave

UBitMenu UK

VLC media player 2.0.3

WinRAR archiver

Wise Disk Cleaner 6.14

Wise Registry Cleaner 6.14

.

==== Event Viewer Messages From Past Week ========

.

2/11/2014 4:49:32 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

2/11/2014 4:49:25 AM, Error: Microsoft-Windows-Ntfs [98] - Volume I: (\Device\HarddiskVolume7) needs to be taken offline to perform a Full Chkdsk. Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.

.

==== End Of File ===========================

Edited February 11, 2014 by Juliet

**Juliet** · February 11, 2014

Hi and welcome

Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.

I will be asking you to try and download a couple of tools to scan the computer.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK)

*********************************

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 6 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr
rkill.pif
WiNlOgOn.exe
uSeRiNiT.exe
************************************

NEXT**

Please download Farbar's Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ and save it to your Desktop.

(use correct version for your system.....Which system am I using?)

and Tutorial

http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Copies of logs are saved at %systemdrive%:\FRST\Logs (in most cases this will be C:\FRST\Logs).

**Juliet** · February 13, 2014

still need help?

crossword · February 14, 2014

yes i still need help. will get back to you. been having trouble accessing this site and others.

**Juliet** · February 14, 2014

Sorry to hear your having all these problems.

Since I don't see any logs to diagnose I can only suspect whats happening.

Try to run the below tool and see if it will allow you access to a couple of malware removal sites to download the tools I need you to scan with.

lease download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 6 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

crossword · February 15, 2014

I downloaded rogue killer from bleeping forums. Ran the scan. I think the below is the log, I got it when I clicked MBR

Tried to download Farbar's Recovery Scan Tool but was told I had to register. Tried to but kept being told:

Sorry, you don't have permission for that!

[#2000]

You are not allowed to visit this community.

Need Help?

Click here to log in

Our help documentation

Contact the community administrator

***

But when I tried to contact admin again it took me nowhere.

Anyway I deleted after I ran Rogue. But my problems remain, I still get redirected when I try to access my usual sites like gmail and my writing sites.

the RK log, after I pressed delete :

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AZRX-00A8LB0 +++++

--- User ---

[MBR] 4c60b75ac5499f737528ec3ec06fd380

[bSP] efa6806e77e4a8092b21dd211a11fc43 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 64650 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 133122048 | Size: 71938 Mo

3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 280451072 | Size: 340000 Mo

33 c0 8e d0 bc 00 7c 8e c0 8e d8 be 00 7c bf 00 06

b9 00 02 fc f3 a4 50 68 1c 06 cb fb b9 04 00 bd be

07 80 7e 00 00 7c 0b 0f 85 0e 01 83 c5 10 e2 f1 cd

18 88 56 00 55 c6 46 11 05 c6 46 10 00 b4 41 bb aa

55 cd 13 5d 72 0f 81 fb 55 aa 75 09 f7 c1 01 00 74

03 fe 46 10 66 60 80 7e 10 00 74 26 66 68 00 00 00

00 66 ff 76 08 68 00 00 68 00 7c 68 01 00 68 10 00

b4 42 8a 56 00 8b f4 cd 13 9f 83 c4 10 9e eb 14 b8

01 02 bb 00 7c 8a 56 00 8a 76 01 8a 4e 02 8a 6e 03

cd 13 66 61 73 1c fe 4e 11 75 0c 80 7e 00 80 0f 84

8a 00 b2 80 eb 84 55 32 e4 8a 56 00 cd 13 5d eb 9e

81 3e fe 7d 55 aa 75 6e ff 76 00 e8 8d 00 75 17 fa

b0 d1 e6 64 e8 83 00 b0 df e6 60 e8 7c 00 b0 ff e6

64 e8 75 00 fb b8 00 bb cd 1a 66 23 c0 75 3b 66 81

fb 54 43 50 41 75 32 81 f9 02 01 72 2c 66 68 07 bb

00 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66

53 66 55 66 68 00 00 00 00 66 68 00 7c 00 00 66 61

68 00 00 07 cd 1a 5a 32 f6 ea 00 7c 00 00 cd 18 a0

b7 07 eb 08 a0 b6 07 eb 03 a0 b5 07 32 e4 05 00 07

8b f0 ac 3c 00 74 09 bb 07 00 b4 0e cd 10 eb f2 f4

eb fd 2b c9 e4 64 eb 00 24 02 e0 f8 24 02 c3 49 6e

76 61 6c 69 64 20 70 61 72 74 69 74 69 6f 6e 20 74

61 62 6c 65 00 45 72 72 6f 72 20 6c 6f 61 64 69 6e

67 20 6f 70 65 72 61 74 69 6e 67 20 73 79 73 74 65

6d 00 4d 69 73 73 69 6e 67 20 6f 70 65 72 61 74 69

6e 67 20 73 79 73 74 65 6d 00 00 00 63 7b 9a b1 c9

55 88 00 00

3.....|......|.........Ph...........~..|.............V.U.F...F...A..U..]r...U.u.....t..F.f`.~..t&fh....f.v.h..h.|h..h...B.V.................|.V..v..N..n...fas..N.u..~..........U2..V...]...>.}U.un.v....u.....d......`.|....d.u.......f#.u;f..TCPAu2....r,fh....fh....fh....fSfSfUfh....fh.|..fah.....Z2...|.................2.......<.t.............+..d..$...$..Invalid partition table.Error loading operating system.Missing operating system...c{...U...

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Seagate Portable USB Device +++++

--- User ---

[MBR] 2e55e29d1a2e061b3a72ea87510616c3

[bSP] efeadd22efe89143fc9f1ce47f61cffb : Empty MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 250003 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 512007615 | Size: 226933 Mo

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 46 c5

8b 1e 00 00

........................................................................................................................................................................................................................................................................................................................................................................................................................................................F.....

User = LL1 ... OK!

Error reading LL2 MBR!

crossword · February 15, 2014

Also, as I said I'm not always able to access sites, including this page. Sometimes I get my gmail, sometimes no.

since I couldn’t get to this page earlier, I asked a friend to look at teh problem. He said the prob was the malware my search dial has been installed on my comp and he directed me to these links:

http://community.trendmicro.com/t5/Titanium/How-do-I-get-rid-of-My-Search-Dial/td-p/136281

malwaretips.com/blogs/start-mysearchdial-removal/

botcrawl.com/how-to-remove-mysearchdial-toolbar/‎

www.techsupportall.com/remove-start-mysearchdial-com-removal-help

I studied all of them and followed all the instructions to remove my search dial from IE and Firefox [i don’t have google chrome]

And it seemed to work. I even reset both IE and FF as one of the above sites advised.

I ran the latest version of Ccleaner wisedisk cleaner, wise registry cleaner.

I ran AdwCleaner and then checked the dds logs again. AdwCleaner did NOT succeed in removing the mysearchdial

Then I ran Adware Removal mentioned in one of the above sites.

and then checked the dds logs again. Mysearchdial was no longer in them.

So what does this mean? Does it mean:

1. even removing the malware manually from IE and FF wasn’t enough? Well I suppose obviously.

2. AdwCleaner is pretty useless since AdwCleaner did NOT succeed in removing the mysearchdial

But Adware Removal is DA BOMB since it seemed to have removed it?

I ask cos I should know which are the reliable programs to trust. And you too will be able i suppose to recommend strongly on your forum the ones that really work.

Anyway the comp worked ok for some time but I was still suspicious cos I still saw it trying to redirect these sites even if gmail etc did load pretty quickly.

And now once again I can't access certain pages/sites.

So I downloaded Junkware Removal Tool and Hitman Pro also mentioned on these sites.

No use.

Then I remembered I had got TWO unwanteds.

So I searched for Right Surf in my finder EVERYTHING.

Found 4 instances. they're all .exe files and all the path names have a "prefetch" at teh end.

I suspect this is what is causing the problem now.

But who knows if there are other problems too?

Another ques:

So, DDs logs dont show every problem? Because they didnt show Right Surf though they showed

AND: which are the absolute best junkware and adware removal tools? Do you have a page where you list the best? You can see I tried various but no use. Thanks!

**Juliet** · February 15, 2014

I think the infection you have is embedded deeply in this machine and is much worse then simple adware.

Please try to disable your computers security just long enough to see if you can access the sites again,

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix

Download ComboFix from here:

Link 1

Link 2

Link 3

Place ComboFix.exe on your Desktop <--Important

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:

Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.

Firefox:

Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.

Chrome:

Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

Safari

Launch Safari

Go to general settings menu

Then in Preferences/ Advanced

Then on line click Proxies change settings ...

Click Internet Options, then click the Connections tab, click Network Settings.

Disable option (uncheck) for the use of proxy server ...

crossword · February 15, 2014

Thanks. Below is the log. I doubt the problem has been solved since after I got the log, I searched again for Right Surf in my finder EVERYTHING.

Found the same 4 instances. they're all .exe files and all the path names have a "prefetch" at teh end.

Two are in C Folder, 2 in H, which is my ext drive. I had had my drive plugged in when I got the virus and never removed it since I figured antivirus scans etc would benefit the drive too.

Now I'm worried. How do I remove this malware from my comp and also my ext drive?

Also I managed just now to Download Farbar Recovery Scan Tool

Do you still want me to run the scan with this?

Log:

ComboFix 14-02-14.01 - Vidya Samson 02/15/2014 13:50:37.1.2 - x86

Microsoft Windows 8 Enterprise 6.2.9200.0.1252.1.1033.18.3326.2448 [GMT 5.5:30]

Running from: c:\users\Vidya Samson\Desktop\ComboFix.exe

AV: Quick Heal Total Security 2013 *Disabled/Updated* {D8418B0E-EE80-1320-B172-3D5DEB3CE14F}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Quick Heal Firewall *Enabled* {E07A0A2B-A4EF-1278-9A2D-946815EFA634}

SP: Quick Heal Total Security 2013 *Disabled/Updated* {63206AEA-C8BA-1CAE-8BC2-062F90BBABF2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Vidya Samson\Desktop\Adware-Removal-Tool-V3.7.exe

c:\windows\wininit.ini

.

Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected

Restored copy from - c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_79ee6a786812523f\atapi.sys

.

((((((((((((((((((((((((( Files Created from 2014-01-15 to 2014-02-15 )))))))))))))))))))))))))))))))

.

2014-02-15 08:24 . 2014-02-15 08:26 -------- d-----w- c:\users\Vidya Samson\AppData\Local\temp

2014-02-15 08:24 . 2014-02-15 08:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-02-14 16:38 . 2014-02-15 08:13 -------- d-----w- c:\users\Vidya Samson\AppData\Roaming\Wise Care 365

2014-02-14 16:25 . 2014-02-14 16:25 -------- d-----w- c:\users\Vidya Samson\AppData\Roaming\Wise PC 1stAid

2014-02-14 16:25 . 2014-02-14 16:35 -------- d-----w- c:\program files\Wise

2014-02-14 04:28 . 2014-02-14 04:28 -------- d-----w- c:\users\Vidya Samson\AppData\Local\Programs

2014-02-13 11:01 . 2014-02-13 11:01 -------- d-----w- c:\windows\ERUNT

2014-02-13 10:45 . 2014-02-13 10:45 -------- d-----w- c:\program files\HitmanPro

2014-02-13 10:29 . 2014-02-14 07:53 -------- d-----w- c:\programdata\HitmanPro

2014-02-13 10:02 . 2014-02-13 10:02 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp

2014-02-12 04:00 . 2014-02-13 09:58 -------- d-----w- c:\program files\AdwareRemovalToolv3.7

2014-02-12 04:00 . 2014-02-12 04:00 -------- d-----w- c:\program files\Common Files\Microsoft

2014-02-11 19:45 . 2014-02-11 19:45 -------- d-----w- c:\users\Vidya Samson\AppData\Roaming\Malwarebytes

2014-02-11 19:45 . 2009-09-10 09:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2014-02-11 19:45 . 2014-02-11 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2014-02-11 19:45 . 2014-02-11 19:45 -------- d-----w- c:\programdata\Malwarebytes

2014-02-11 19:45 . 2009-09-10 09:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-02-10 06:04 . 2014-02-14 16:21 -------- d-----w- c:\users\Vidya Samson\AppData\Roaming\Wise Registry Cleaner

2014-02-10 05:47 . 2014-02-13 16:44 -------- d-----w- c:\program files\CCleaner

2014-02-10 05:41 . 2014-02-14 04:31 -------- d-----w- c:\program files\Wise Registry Cleaner

2014-02-10 05:39 . 2014-02-14 17:21 -------- d-----w- c:\users\Vidya Samson\AppData\Roaming\Wise Disk Cleaner

2014-02-10 05:39 . 2014-02-14 04:37 -------- d-----w- c:\program files\Wise Disk Cleaner

2014-02-08 22:42 . 2014-02-08 22:42 31856 ----a-w- c:\program files\Mozilla Firefox\CommandExecuteHandler.exe

2014-02-05 05:40 . 2014-02-05 05:40 -------- d-----w- c:\users\Vidya Samson\AppData\Roaming\OpenOffice.org

2014-02-05 05:37 . 2014-02-10 05:04 -------- d-----w- c:\program files\OpenOffice.org 3

2014-02-05 05:26 . 2014-02-10 05:10 -------- d-----w- c:\program files\File Type Assistant

2014-01-30 07:02 . 2014-01-30 07:02 -------- d-----w- c:\program files\Microsoft Synchronization Services

2014-01-30 07:02 . 2014-01-30 07:02 -------- d-----w- c:\windows\PCHEALTH

2014-01-30 07:02 . 2014-01-30 07:02 -------- d-----w- c:\program files\Microsoft Sync Framework

2014-01-30 07:02 . 2014-01-30 07:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2014-01-30 07:02 . 2014-01-30 07:02 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2014-01-30 07:02 . 2014-01-30 07:02 -------- d-----w- c:\program files\Microsoft Analysis Services

2014-01-30 07:01 . 2014-01-30 07:01 -------- d-----r- C:\MSOCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-16 07:50 . 2014-01-16 07:50 544656 ----a-w- c:\windows\system32\deployJava1.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]

@="{594D4122-1F87-41E2-96C7-825FB4796516}"

[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]

2013-07-21 04:39 592352 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Quick Heal Core UI"="c:\program files\Quick Heal\Quick Heal Total Security\strtupap.exe" [2012-08-03 161264]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"PromptOnSecureDesktop"= 0 (0x0)

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"EnableCursorSuppression"= 1 (0x1)

"EnableUIADesktopToggle"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"disablecad"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\QUICKH~1\QUICKH~1\PCTuner\ntdefrag.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

R0 mscank;mscank;c:\windows\system32\DRIVERS\mscank.sys [2012-07-27 33136]

R2 Core Scanning ServerEx;Core Scanning ServerEx;c:\program files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [2012-07-27 206320]

R2 WiseBootAssistant;Wise Boot Assistant;c:\program files\Wise\Wise Care 365\BootTime.exe [2014-01-21 580232]

R3 28139;28139;c:\users\VIDYAS~1\AppData\Local\Temp\34845337\28139.sys [x]

R3 llio;llio;c:\windows\system32\DRIVERS\llio.sys [2013-08-14 55712]

R4 Online Protection System;Online Protection System;c:\program files\Quick Heal\Quick Heal Total Security\opssvc.exe [2012-07-27 25584]

S1 ggc;ggc;c:\windows\system32\DRIVERS\ggc.sys [2012-07-27 49904]

S1 wsnf;Network Filter Driver;c:\windows\system32\DRIVERS\wsnf.sys [2012-07-10 38856]

S1 wstif;wstif;c:\windows\system32\drivers\wstif.sys [2012-08-05 68448]

S2 catflt;catflt;c:\windows\system32\DRIVERS\catflt.sys [2012-09-08 40416]

S2 Core Mail Protection;Core Mail Protection;c:\program files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [2012-07-27 29680]

S2 Core Scanning Server;Core Scanning Server;c:\program files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [2012-07-27 206320]

S2 EMLSS;EMLSS;c:\windows\system32\drivers\emltdi.sys [2012-08-03 29424]

S2 Quick Update Service;Quick Update Service;c:\program files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [2012-07-27 91120]

S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x86.sys [2012-07-25 495104]

.

Contents of the 'Scheduled Tasks' folder

.

2014-02-15 c:\windows\Tasks\Quick Heal AntiMalware Scan.job

- c:\program files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE [2012-07-27 20:21]

.

2014-02-15 c:\windows\Tasks\Resume Quickup Download.job

- c:\program files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE [2012-07-27 15:20]

.

2014-02-10 c:\windows\Tasks\Wise Disk Cleaner Schedule Task.job

- c:\program files\Wise Disk Cleaner\WiseDiskCleaner.exe [2014-02-10 08:30]

.

2014-02-15 c:\windows\Tasks\Wise Turbo Checker.job

- c:\program files\Wise\Wise Care 365\WiseTurbo.exe [2014-02-14 09:55]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mSearch Bar = hxxp://www.google.com

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Vidya Samson\AppData\Roaming\Mozilla\Firefox\Profiles\jx62iwu2.default-1392285308308\

FF - prefs.js: browser.startup.homepage - hxxp://www.zoetrope.com/members/priv/index.cgi?show_page=discuss&owner=14437

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-American Heritage Talking Dictionary - c:\program files\Compton's Home Library\ahtd\isl_ahtd.log

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

@SACL=(02 0000)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE

c:\windows\system32\taskhostex.exe

c:\windows\system32\conhost.exe

c:\program files\Classic Shell\ClassicStartMenu.exe

c:\program files\Quick Heal\Quick Heal Total Security\onlinent.exe

c:\windows\system32\msiexec.exe

c:\windows\System32\WUDFHost.exe

c:\windows\system32\SppExtComObj.exe

.

**************************************************************************

.

Completion time: 2014-02-15 13:57:29 - machine was rebooted

ComboFix-quarantined-files.txt 2014-02-15 08:27

.

Pre-Run: 37,591,343,104 bytes free

Post-Run: 37,524,180,992 bytes free

.

- - End Of File - - 301B9E9573B30A19E69D6386A9C1264D

A36C5E4F47E84449FF07ED3517B43A31

crossword · February 15, 2014

Now when I try to open Firefox I'm told:

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

I only managed to open a window cos I rightclicked and clicked on a frequently used window. If there had been no such, I don’t know how I would have got it.

I did as you said:

"Firefox:

Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself."

***

Still have the same problem with FF.

When I scanned with farbar and clicked on fix I was told:

No fixlisttxt found

The fixlisttxt should be in the same folder/directory the tool is located.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01

Ran by Vidya Samson (administrator) on VIDYA on 15-02-2014 14:50:10

Running from C:\Users\Vidya Samson\Desktop

Microsoft Windows 8 Enterprise (X86) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE

(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE

(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe

(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\onlinent.exe

(CANON INC.) C:\Windows\system32\CNAB4RPK.EXE

() C:\Program Files\WinRAR\WinRAR.exe

() C:\Users\Vidya Samson\AppData\Local\temp\Rar$EX00.404\Everything-1.2.1.371.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe

(SurfRight B.V.) C:\Users\Vidya Samson\Desktop\HitmanPro.exe

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Quick Heal Core UI] - C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [161264 2012-08-04] (Quick Heal Technologies (P) Ltd.)

HKU\S-1-5-21-2261785502-2541491869-2394418403-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

SearchScopes: HKLM - DefaultScope value is missing.

BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\MSERO.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF ProfilePath: C:\Users\Vidya Samson\AppData\Roaming\Mozilla\Firefox\Profiles\jx62iwu2.default-1392285308308

FF Homepage: hxxp://www.zoetrope.com/members/priv/index.cgi?show_page=discuss&owner=14437

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Oracle Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSWF32.dll ()

FF Extension: ImageBlock - C:\Users\Vidya Samson\AppData\Roaming\Mozilla\Firefox\Profiles\jx62iwu2.default-1392285308308\Extensions\imageblock@hemantvats.com.xpi [2014-02-13]

========================== Services (Whitelisted) =================

R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [29680 2012-07-28] (Quick Heal Technologies (P) Ltd.)

R2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [206320 2012-07-28] (Quick Heal Technologies (P) Ltd.)

S2 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [206320 2012-07-28] (Quick Heal Technologies (P) Ltd.)

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-02-15] (SurfRight B.V.)

R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [25584 2012-07-28] (Quick Heal Technologies (P) Ltd.)

R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [91120 2012-07-28] (Quick Heal Technologies (P) Ltd.)

R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [243320 2012-08-09] (Quick Heal Technologies (P) Ltd.)

S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13344 2013-01-29] (Microsoft Corporation)

S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation)

R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [40416 2012-09-08] (Quick Heal Technologies (P) Ltd.)

R2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [29424 2012-08-04] (Quick Heal Technologies (P) Ltd.)

R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [49904 2012-07-28] (Quick Heal Technologies (P) Ltd.)

R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-02-15] ()

S3 llio; C:\Windows\system32\DRIVERS\llio.sys [55712 2013-08-14] (Quick Heal Technologies (P) Ltd.)

S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [33136 2012-07-28] (Quick Heal Technologies (P) Ltd.)

R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [16256 2013-05-17] ()

R1 wsnf; C:\Windows\system32\DRIVERS\wsnf.sys [38856 2012-07-10] (Quick Heal Technologies (P) Ltd.)

R1 wstif; C:\Windows\System32\drivers\wstif.sys [68448 2012-08-06] (Quick Heal Technologies (P) Ltd.)

S3 28139; \??\C:\Users\VIDYAS~1\AppData\Local\Temp\34845337\28139.sys [X]

S3 catchme; \??\C:\Users\VIDYAS~1\AppData\Local\Temp\catchme.sys [X]

U3 mbr; \??\C:\Users\VIDYAS~1\AppData\Local\Temp\mbr.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys E7B9E170EFF01486D3118E372BA0AF21

C:\Windows\System32\drivers\3ware.sys 96191579DDB1A201A2FB79C1D05680B4

C:\Windows\System32\drivers\ACPI.sys 682595B152AA55B2237D40EB9A3271FC

C:\Windows\System32\Drivers\acpiex.sys 3A5DA97644B9E2662CFF186A8798519C

C:\Windows\System32\drivers\acpipagr.sys 87C4AE693CA8AB6E2A13B7C7453466DB

C:\Windows\System32\drivers\acpipmi.sys C7D2BA04BA3C6CA702C2615A0C50469C

C:\Windows\System32\drivers\acpitime.sys 38E110C96B2ACAB4D9A701777C9BCD98

C:\Windows\System32\drivers\adp94xx.sys 2FE756FD6E0336990D0B3652A07EBB9B

C:\Windows\System32\drivers\adpahci.sys CC579EC50EE5435A4070306C0E4EF9E6

C:\Windows\System32\drivers\adpu320.sys 82743090D0259BF9F1373AD48372CBAC

C:\Windows\system32\drivers\afd.sys 6043C72306D5C7B8BC823A1CC49F53B8

C:\Windows\System32\drivers\agp440.sys 73BB2C687305C4195ED7511587B041AA

C:\Windows\System32\drivers\amdagp.sys E44885EA3E89A54BF14C78892CE85EA0

C:\Windows\System32\drivers\amdk8.sys E546E3E390EFD4C2AB908E29C5BEA55D

C:\Windows\system32\DRIVERS\atikmdag.sys 0B2D841BE0E9BB975DE943A4072431FD

C:\Windows\system32\DRIVERS\atikmpag.sys 77C11737D6F136F33F30FC4827A27F81

C:\Windows\System32\drivers\amdppm.sys DF8CD36E27310F425A7ABB586AB05550

C:\Windows\System32\drivers\amdsata.sys 8D5D89177552EDFD5C9730CCE79F7FCC

C:\Windows\System32\drivers\amdsbs.sys 5725597CF5E002FB665C6C69787DAA8A

C:\Windows\System32\drivers\amdxata.sys FB336B5F110770CF22F6BFEB1906E773

C:\Windows\system32\drivers\appid.sys CB3613E82A5B058AB6A69846B0DDC6C5

C:\Windows\System32\drivers\arc.sys A0982052EE6B01DC9B0CB7FEFD13040F

C:\Windows\System32\drivers\arcsas.sys 7E17A734B0D33B8F9287F28F1C583DD7

C:\Windows\System32\DRIVERS\asyncmac.sys E12BC771325E70C2A875136B0BAF491E

C:\Windows\System32\drivers\atapi.sys 48D8C3F2006698691F5AE0BB595FDCC8

C:\Windows\System32\drivers\BasicDisplay.sys A96A499B6C931B7242D964D5D695A506

C:\Windows\System32\drivers\BasicRender.sys D313E4D7DF0187CEDA121793F937EA89

C:\Windows\system32\Drivers\Beep.sys E53DDF8C101E3CB6A0483D592A8CC476

C:\Windows\System32\DRIVERS\bowser.sys D7148E90581185DB2CC6A2EED9C8281C

C:\Windows\System32\drivers\BthAvrcpTg.sys 4F7981232826D677FBE4D3D37845ADD7

C:\Windows\System32\drivers\bthhfenum.sys 3EEEA1B69C16A8D159B53896EC78420C

C:\Windows\System32\drivers\BthHFHid.sys 403C9BA247F4D4C0E4FF6FFA5F096EF6

C:\Windows\System32\drivers\bthmodem.sys 0C706A8B022A44413F6C36ECEAAA2838

C:\Windows\System32\DRIVERS\catflt.sys D49635CE0F6BE5DDA7F462987A050EF9

C:\Windows\System32\DRIVERS\cdfs.sys 00B4FA77732C7823D292ECD672660882

C:\Windows\System32\drivers\cdrom.sys 4E707EC5071DD8F5C29A7410780BD4C3

C:\Windows\System32\drivers\circlass.sys 17BE1CB162768E886B2BBA63F8B89371

C:\Windows\System32\drivers\CLFS.sys D5370A0D3A8F7E531FE9BA3E3C81BAC8

C:\Windows\System32\drivers\CmBatt.sys 16744C84320D33880E38DF7409585EBF

C:\Windows\System32\Drivers\cng.sys FC5C6FC2D889D34CDFE50ECBCE0EDDD6

C:\Windows\System32\DRIVERS\cnghwassist.sys E65DF0F65ECD3F74012C5C6D4F0523FD

C:\Windows\System32\drivers\CompositeBus.sys 357444DE560252A907F8B687005B3DCA

C:\Windows\System32\drivers\condrv.sys F1B79B7B595B0D7990756C12FA64F00E

C:\Windows\System32\drivers\csc.sys 8AF45624AD6EA2F4D44B06E7E06983AD

C:\Windows\System32\drivers\dam.sys 05107EAC6D02D8789BABB79199152BC6

C:\Windows\System32\Drivers\dfsc.sys B21FDAC50FCD4CE53C203F097273532A

C:\Windows\System32\drivers\discache.sys C0C87CCE88C4532B575AD60A95E7FD57

C:\Windows\System32\drivers\disk.sys 4E3237D8266580412CCA774321056111

C:\Windows\System32\drivers\dmvsc.sys 9B20A9DB154249E0E40036BC8BDC3E38

C:\Windows\system32\drivers\drmkaud.sys E48E86694E57723C67478F3AC082D42B

C:\Windows\System32\drivers\dxgkrnl.sys A46E69E1AEC3CD106610CCF90A517C4A

C:\Windows\System32\drivers\EhStorClass.sys BC7119CF5B5BC9F54C8FAE221C3227F2

C:\Windows\System32\drivers\EhStorTcgDrv.sys 1A5945FA87A05A97A1175657B7BA4EDB

C:\Windows\System32\drivers\emltdi.sys 775B48998AF0B5FD614406F7E98AA7C9

C:\Windows\System32\drivers\errdev.sys 8B22B788A329645F08AB4F86B9580AF3

C:\Windows\system32\Drivers\exfat.sys B60B2A0E110D640440263268FC02C726

C:\Windows\system32\Drivers\fastfat.sys C8B18803E1521225BDBA86B5F7D2E9FC

C:\Windows\System32\drivers\fdc.sys 9709867A1354A4D10046ADE31DA67511

C:\Windows\System32\drivers\fileinfo.sys 1018AE04A4D36BA60247C2C22D7BA7D1

C:\Windows\System32\drivers\filetrace.sys 3A2F87EF4400B5E542E2C2BA8FAB4222

C:\Windows\System32\drivers\flpydisk.sys F37314C92AB8C876DB478A36A6D9FF0E

C:\Windows\System32\drivers\fltmgr.sys 13C0B6F6EFD0D5C6871C07B56CB5403D

C:\Windows\System32\drivers\FsDepends.sys 16D4CC9AE485BC60B6AE026FF2497DE8

C:\Windows\system32\Drivers\Fs_Rec.sys 28E64CAC27FE3A7CA34E2F93E9A8092A

C:\Windows\System32\DRIVERS\fvevol.sys D49DB3B4F82296B3BDF3336442A10516

C:\Windows\System32\drivers\fxppm.sys BD9C0C40ED4DEB4FC7562DD62FA18FD7

C:\Windows\System32\drivers\gagp30kx.sys B5AD0B13AD7FD1C749FC45D81392B9DF

C:\Windows\System32\drivers\vmgencounter.sys A9608FF3B1B577BFC969A7B6797B1FC1

C:\Windows\System32\DRIVERS\ggc.sys 8350BA8454BDC8F47046F9C40CC88507

C:\Windows\System32\Drivers\msgpioclx.sys 9F3695F4FAEA73BE6D0BA856C4D5C3BD

C:\Windows\system32\drivers\HdAudio.sys 7A63087EDE3504684055A57A45E2AFF9

C:\Windows\System32\drivers\HDAudBus.sys 0E3FC2062E796F6A9B1ED995E1CBB25E

C:\Windows\System32\drivers\HidBatt.sys 8CBCFA78D2B43CCC23BF5A4C09A700CA

C:\Windows\System32\drivers\hidbth.sys 9133AFFBA020B97100703DB8E598C73F

C:\Windows\System32\drivers\hidi2c.sys 804019176228EBE260A821C5688CAFD2

C:\Windows\System32\drivers\hidir.sys 11A4D12F4CADD18CDA334C2756FE450A

C:\Windows\System32\drivers\hidusb.sys 48ADFEFD445291AE7D619B3F4638B092

C:\Windows\system32\drivers\hitmanpro37.sys CE77439BAF613019D6B7658292D1E4A6

C:\Windows\System32\drivers\HpSAMD.sys D7544353157E11864C00A48BC90EF183

C:\Windows\System32\drivers\HTTP.sys 8FE9867871C32E9B9A3276C61A0FACC0

C:\Windows\System32\drivers\hwpolicy.sys 4A3E6732E5BEF6DF531A217B5EBB5C54

C:\Windows\System32\drivers\hyperkbd.sys 0F819743721DFB5906734243ED0CE935

C:\Windows\system32\DRIVERS\HyperVideo.sys A14A2EBA22929901F64B496C1D555982

C:\Windows\System32\drivers\i8042prt.sys 11EDC37780E8A2F8E311D73F7658A4D7

C:\Windows\System32\drivers\iaStorV.sys C444F83C318BE18719DC1FDAEFF10898

C:\Windows\System32\drivers\iirsp.sys 7BB542C7156FA72CC83C1177BB190F94

C:\Windows\System32\drivers\intelide.sys A43BC9416741ABEA2B8DF60D2C0EA6A2

C:\Windows\System32\drivers\intelppm.sys 9081A954273763F0AC25DE0C2B2DB593

C:\Windows\System32\DRIVERS\ipfltdrv.sys AB308167857138B84E4DECDF2000DD27

C:\Windows\System32\drivers\IPMIDrv.sys 7E4FEE6D5C5BC52199C481DAC564FE43

C:\Windows\System32\drivers\ipnat.sys 57B0C0D982013C72911A3F5CBA795034

C:\Windows\System32\drivers\irenum.sys 9D6DB34476AC6448B3CA59D8676F7CE6

C:\Windows\System32\drivers\isapnp.sys 2E1347C9CC7DDB43183AF725135ACF0D

C:\Windows\System32\drivers\msiscsi.sys 0E3BDF6F27031D5BBC030E14EB7EACCB

C:\Windows\System32\drivers\kbdclass.sys 4533BE9F8D67BDCF5FECA87DCC345448

C:\Windows\System32\drivers\kbdhid.sys 8F73A6DAEF7F7D102FBBA6F3EBC47F97

C:\Windows\system32\DRIVERS\kdnic.sys F7E302012680B0617C904B58594E0376

C:\Windows\System32\Drivers\ksecdd.sys 65AE68224E27425871354430E542252A

C:\Windows\System32\Drivers\ksecpkg.sys 6FABC01A91D5F2D5B4DAD2F5F1C6C249

C:\Windows\system32\DRIVERS\llio.sys 3885A9AA8217D84A09A8DC21A414EFA3

C:\Windows\system32\DRIVERS\lltdio.sys AD581D8BA8C2CE46933D44392BA35C24

C:\Windows\System32\drivers\lsi_sas.sys 6B01CB678E1E390CEA9514D4774EFB51

C:\Windows\System32\drivers\lsi_sas2.sys 4C3AFBA9ED36535313054AC26532E9DE

C:\Windows\System32\drivers\lsi_scsi.sys 0715DC27611C202D04BC0365D666DD27

C:\Windows\System32\drivers\lsi_sss.sys DB6B9554AA4F83212E80D5107D8C53EE

C:\Windows\system32\drivers\luafv.sys F731770C339FEB6563397D410793A756

C:\Windows\System32\drivers\megasas.sys 125C3C5A315500A1AD54F0B4766AF815

C:\Windows\System32\drivers\MegaSR.sys 05457CC7F5586C6E8D02FFA7F23FCEDF

C:\Windows\System32\drivers\modem.sys 049E433162AFE9B08C05D81D2C62CD61

C:\Windows\System32\drivers\monitor.sys 81F2FEE55660E51820C93A388AE8FEB9

C:\Windows\System32\drivers\mouclass.sys 9D3F069A705325E7B7CEA36BFB65E616

C:\Windows\System32\drivers\mouhid.sys 3C3C50AA12E2E48A9FEAA4BF5AA789A0

C:\Windows\System32\drivers\mountmgr.sys 13D8E3077EF0AE583F4634236D9A0992

C:\Windows\System32\drivers\mpsdrv.sys C8D0E7A4C5033EF0A7DD076F08CF2F70

C:\Windows\system32\drivers\mrxdav.sys 329E3ACBFC616666D3D04C6FDC1B71E0

C:\Windows\System32\DRIVERS\mrxsmb.sys 5FAC7AC77D9ADD42579EDF678F08DF9F

C:\Windows\System32\DRIVERS\mrxsmb10.sys B9F3DA35CDE171B5CBA70319AD7D5E59

C:\Windows\System32\DRIVERS\mrxsmb20.sys 96E88C54A0CF32A74483819DA7DA3A15

C:\Windows\system32\DRIVERS\bridge.sys 61E23CF0A54EDBAE5CFE3322E960ECC9

C:\Windows\System32\DRIVERS\mscank.sys 17E08A26EF51CFA71BA6007DFE884759

C:\Windows\system32\Drivers\Msfs.sys 651DEF4337DD77E6A607CEE49D3C4B30

C:\Windows\System32\drivers\msgpiowin32.sys 8F47F5F31F001C4F97840DB723618DD0

C:\Windows\System32\drivers\mshidkmdf.sys 26BBD77D23FFABB14C3291A1B8555EA5

C:\Windows\System32\drivers\mshidumdf.sys 51808FEF911B77758A6CF7CEB469AF9E

C:\Windows\System32\drivers\msisadrv.sys F103DF830D370B7535FDA3D477C8D8A0

C:\Windows\system32\drivers\MSKSSRV.sys 3FCF6AA904516872CF70ED248F86889B

C:\Windows\system32\DRIVERS\mslldp.sys 10C229EAC28FDB8550EE93D955932F83

C:\Windows\system32\drivers\MSPCLOCK.sys BA786F089895196E18120F66F996A3D2

C:\Windows\system32\drivers\MSPQM.sys 362950A5F7B1794DA9CB985AF7BBCC4B

C:\Windows\system32\Drivers\MsRPC.sys 79A14AB6C6A5B01E9CE99937D1304D13

C:\Windows\System32\drivers\mssmbios.sys A819A3006C27870AF05E408AD06FACFF

C:\Windows\system32\drivers\MSTEE.sys FB1D61A2998A5C4456C6B73DD41D5352

C:\Windows\System32\drivers\MTConfig.sys 3CC687876469F0FD3B2D936FA7A6EC59

C:\Windows\system32\DRIVERS\ASACPI.sys 98F1A21FEB21AA86402AD35CB09074D4

C:\Windows\System32\Drivers\mup.sys 6779B2A319A563C68B56DE8491E9EA76

C:\Windows\System32\drivers\mvumis.sys 1DEF95DC467131BF4AB52A8F72C42D89

C:\Windows\system32\DRIVERS\nwifi.sys D48E3B33BD911BA28413A4337456724F

C:\Windows\System32\drivers\ndis.sys 714F5CAA4510805BD29DF7BE4587F770

C:\Windows\system32\DRIVERS\ndiscap.sys 9B8BC481DEEAA07C51DA214D2CEF2FC9

C:\Windows\system32\DRIVERS\NdisImPlatform.sys 1EA68DB9E05248EF9B940D6D0A0725B3

C:\Windows\system32\DRIVERS\ndistapi.sys 71F6E2AF63B0E52B36CEE7F0AE076A18

C:\Windows\system32\DRIVERS\ndisuio.sys DDC67239BFE82DC5A878039B464B1968

C:\Windows\system32\DRIVERS\ndiswan.sys 556DB924D61BC4A5E0F95D383E9B1009

C:\Windows\system32\Drivers\NDProxy.sys B8C10B9DE50120E8CA3E995F94CA80D7

C:\Windows\System32\drivers\Ndu.sys 583F95CEFCD5D896B5531BD338030401

C:\Windows\System32\DRIVERS\netbios.sys 4CA677A214248DB8227F8035B546F7D0

C:\Windows\System32\DRIVERS\netbt.sys 303A053C25E468B9925C22288BEF8484

C:\Windows\System32\drivers\nfrd960.sys 4B539272E9F5C3B8D9714D137FD340A6

C:\Windows\system32\Drivers\Npfs.sys EAC569A77BE92B247FCA51E498B17DF1

C:\Windows\System32\drivers\npsvctrig.sys 6E994702ED294CDBED7621590EC75735

C:\Windows\System32\drivers\nsiproxy.sys 9588CCD14571FA22F8F2ECCF198AB448

C:\Windows\system32\Drivers\Ntfs.sys 99C73E3FE9B36275BD91D2009F2BA2E0

C:\Windows\system32\Drivers\Null.sys 0F965AF67042AF539274738FFD0C8C71

C:\Windows\System32\drivers\nvraid.sys BD23FF50A9A59AAF48052F5E7D0682B0

C:\Windows\System32\drivers\nvstor.sys 108DD54A5B1E73F583AF7DC94CCE52B8

C:\Windows\System32\drivers\nv_agp.sys 5ED87C9C51CFE59B1DDFF8290719E0E4

C:\Windows\System32\drivers\parport.sys 8BCE63AF5B52642E832630F862DE96EF

C:\Windows\System32\drivers\partmgr.sys 7289BE4566F0E5126868EB6E4292CC3C

C:\Windows\System32\drivers\parvdm.sys 49A439FEAB060F74B8EC7DBF44D4A7BA

C:\Windows\System32\drivers\pci.sys EA828C84C8948D0E4994C1E0A45EB05F

C:\Windows\System32\drivers\pciide.sys B4444133ED61F87FD49A2ADD28285115

C:\Windows\System32\drivers\pcmcia.sys 6E11FDE71F2015007CDD4AE9D2D700C9

C:\Windows\System32\drivers\pcw.sys 8A56B080B12950D448D556FE4BA6C68C

C:\Windows\System32\drivers\pdc.sys 58F99F74C33B7615ABEECF70BAD5FE1E

C:\Windows\System32\drivers\peauth.sys 8C7EE53A9F6A5F01E77DBB81654E5B66

C:\Windows\system32\DRIVERS\raspptp.sys 03D522782A0BB5108C8A43A10EE51CB0

C:\Windows\System32\drivers\processr.sys 03B982CAD4C2661076061F726200699E

C:\Windows\system32\DRIVERS\pacer.sys 42E46DC7767F5AB664E3F6B36D9764AD

C:\Windows\system32\drivers\qwavedrv.sys 29E548E1C511BFBE56FA6438488DE0E0

C:\Windows\System32\DRIVERS\rasacd.sys C07E9331431C78D41F30E62A15E1D324

C:\Windows\system32\DRIVERS\AgileVpn.sys F63755B2DCE1BE7927F5CEAB7991EFED

C:\Windows\system32\DRIVERS\rasl2tp.sys 6E0649D7325D85C47C844EB3267E4625

C:\Windows\system32\DRIVERS\raspppoe.sys 5BA6DB7AD04A8EADE0A41E6C8427582B

C:\Windows\system32\DRIVERS\rassstp.sys 3A421DDA09E3BF96E9D698D13FDC139E

C:\Windows\System32\DRIVERS\rdbss.sys ED1CBB55D5946520994FCD8CA9596D9D

C:\Windows\System32\drivers\rdpbus.sys 4FB0345ADE5C2E15EA1A22F173E71D37

C:\Windows\System32\drivers\rdpdr.sys 2CAD2A13569741C67CD9C52F97E0F992

C:\Windows\System32\drivers\rdpvideominiport.sys DD7A269C2E3CDEBDBC872A1BBB547FFD

C:\Windows\system32\Drivers\RDPWD.sys EA0E833A1418C28E6085DFFA68731EA5

C:\Windows\System32\drivers\rdyboost.sys 38A8012D03150D6852B9CDDB24280F1A

C:\Windows\system32\DRIVERS\rspndr.sys C7BD738B9BF45E797A6089AF946BAC47

C:\Windows\system32\DRIVERS\Rt630x86.sys BF93264AE817867448A1A8D9F650A288

C:\Windows\System32\drivers\vms3cap.sys E21867D4A8FF3824150E56979E333610

C:\Windows\System32\drivers\sbp2port.sys 434F805B0B3840A52C19C96A7BB64AA3

C:\Windows\System32\DRIVERS\scfilter.sys 3F21FBE0550B41240B6A864F6C8C15E4

C:\Windows\System32\drivers\sdbus.sys 725EF6FE7EDB150BF25B3D8EA7819FD4

C:\Windows\System32\drivers\sdstor.sys BCAE716C7A79CCE1012BF6BF910D31A3

C:\Windows\system32\Drivers\secdrv.sys A8CC993CED4DF9710ADAABC9DA66B660

C:\Windows\System32\drivers\SerCx.sys 3DE395F302C4DCD3D4792EB786A7B402

C:\Windows\System32\drivers\serenum.sys C706C88BAEE6B23C86C791EF47D901D4

C:\Windows\System32\drivers\serial.sys F492965E2EDDB1BCA2E000A1085BE082

C:\Windows\System32\drivers\sermouse.sys 409C91880A6A70FDD33CFEDC43D0F808

C:\Windows\System32\drivers\sfloppy.sys BDF7F7AC3700DAF0A19D19C008D408C0

C:\Windows\System32\drivers\sisagp.sys A5A3C56B5E46F77E6992A3772F8E4C8D

C:\Windows\System32\drivers\SiSRaid2.sys 39763193254A265FDA6F08EF375549DF

C:\Windows\System32\drivers\sisraid4.sys 2A95CC135283B3C56B783171532B62D0

C:\Windows\System32\drivers\spaceport.sys 5C9F014F1D52160CEC897C7A684673AA

C:\Windows\System32\drivers\SpbCx.sys C8E9372645392E23CF36B4C1686B1509

C:\Windows\System32\DRIVERS\srv.sys 8B20E19AF56E21E9549D4CA496BB78D6

C:\Windows\System32\DRIVERS\srv2.sys DD81ABA1081A9A4E2999568C0DB61A49

C:\Windows\System32\DRIVERS\srvnet.sys C4006F04178E58192FFD0A82A5E5E897

C:\Windows\System32\drivers\stexstor.sys CC17B7A7C4DD72BE2B10DAF254147A2B

C:\Windows\System32\drivers\storahci.sys EC9B71B41184284E65F496B39C572F30

C:\Windows\System32\DRIVERS\vmstorfl.sys B00DA575ADF228C1D33269CDE92A68EC

C:\Windows\System32\drivers\storvsc.sys 5C538C4975B53C31500BC535FF436CDC

C:\Windows\System32\drivers\swenum.sys 8DCA45AD5E2D83E00A1952BE2B541A27

C:\Windows\System32\drivers\Synth3dVsc.sys 997F0D578CDB5D25EB242B84FC24E0D4

C:\Windows\System32\drivers\tcpip.sys 04FF6793A4083FA17B224D316A5B0BF8

C:\Windows\system32\DRIVERS\tcpip.sys 04FF6793A4083FA17B224D316A5B0BF8

C:\Windows\System32\drivers\tcpipreg.sys D40FB114D559FDDE599293E1B5107644

C:\Windows\System32\DRIVERS\tdx.sys 0886D9F1B5A5334FBB143A260E4BFB5C

C:\Windows\System32\drivers\terminpt.sys 0E099CC6D72DD47CAB9CC3D5DDF0A93E

C:\Windows\system32\drivers\tpm.sys A3E6E1E7DA37D0C919D2A0EA1C18A9F9

C:\Windows\System32\drivers\tsusbflt.sys B9E622309DE8C780E6818531586F2221

C:\Windows\System32\drivers\TsUsbGD.sys 074440A1C04913F7DF81839565A47917

C:\Windows\System32\drivers\tsusbhub.sys 8E998D0E9AFFC3712FC86C484A17827C

C:\Windows\system32\DRIVERS\tunnel.sys 62EE13D4EE7DB793C13F33F51A21170E

C:\Windows\System32\drivers\uagp35.sys E0750A399E378C8433165C843FD7F732

C:\Windows\System32\drivers\uaspstor.sys B3B9DDEEFC3B823B3067DCADCD80014D

C:\Windows\System32\drivers\ucx01000.sys B4475F3B30A06B0E977F44AA3745765C

C:\Windows\System32\DRIVERS\udfs.sys 942D7B29F95DC6C5D14B8758044627C1

C:\Windows\System32\drivers\uliagpkx.sys C4FE9CC8AA769B1D140C07308574969D

C:\Windows\System32\drivers\umbus.sys D54E16CE5FF8493E611CFF34F96F5A00

C:\Windows\System32\drivers\umpass.sys 4F92FB5D2353C1B75F0C3138C1822FC3

C:\Windows\System32\drivers\usbccgp.sys ABFF3E6009343A2613D31FDC241A6D6E

C:\Windows\System32\drivers\usbcir.sys 614BDD1AB210F6DCE5EDFE0624717C94

C:\Windows\System32\drivers\usbehci.sys E7614B639357ADCB056D5FAAB9E2FB00

C:\Windows\System32\drivers\usbhub.sys A091EDE464BB2406BB78DAE7B35B590C

C:\Windows\System32\drivers\UsbHub3.sys DD0AA53DFBCE547020AB57A107B2B7A7

C:\Windows\System32\drivers\usbohci.sys D3641BCE4BE9858423CF0FA843A77AC1

C:\Windows\System32\drivers\usbprint.sys 81F2E53B5945995FD5D459180EB21AE7

C:\Windows\System32\drivers\USBSTOR.SYS 727CE341DF7EFDC94F2868393549F497

C:\Windows\System32\drivers\usbuhci.sys 599D7D0A2DD4F5517DA1ADEAAF0B468F

C:\Windows\System32\drivers\USBXHCI.SYS 3C4D95B57D60FC6871FCE49ADE7CA2EF

C:\Windows\System32\drivers\vdrvroot.sys 0AA85E1C967652071D283147AC4B17CD

C:\Windows\System32\drivers\VerifierExt.sys F70882757673FA7D4E466D811E1AC029

C:\Windows\System32\drivers\vhdmp.sys 01F65399F930E5F26D39F18C1F665B03

C:\Windows\System32\drivers\viaagp.sys 91A67D2DDDD75D173A6590B75E305E3C

C:\Windows\System32\drivers\viac7.sys 0C3370E2CFE0C1A51C37B58A1938837F

C:\Windows\System32\drivers\viaide.sys 11283532CE62BA51557D00E09262ED78

C:\Windows\System32\drivers\vmbus.sys 2E4777120FC246CCF76A69C7BB4AEF57

C:\Windows\System32\drivers\VMBusHID.sys FA7B57977E55B60409FD9E36FC57395C

C:\Windows\System32\drivers\volmgr.sys 7E8BCEEA56197925D944CA7D230596F7

C:\Windows\System32\drivers\volmgrx.sys 9C21037D3983D9B93190D2AA16570395

C:\Windows\System32\drivers\volsnap.sys 8E15C3D58A8ADE841060661DBA6E7A9B

C:\Windows\System32\drivers\vsmraid.sys C5B79DA9C82C01EEFAABA713A858649E

C:\Windows\System32\drivers\vstxraid.sys AB5F5CC034E31E496606E666657F3CC2

C:\Windows\System32\drivers\vwifibus.sys 23044877230094EE20D057BC63ED19F0

C:\Windows\System32\drivers\wacompen.sys B4254668F5806AAA051A320FE88146F6

C:\Windows\system32\DRIVERS\wanarp.sys 44D1EF3CDB0B286FD73A7C0144CC6B1E

C:\Windows\System32\drivers\wd.sys 9BF0CE1E215789664EB563A52EC0B83B

C:\Windows\system32\drivers\WdBoot.sys 4B4BCF47C86C10322046952D6B4B80E0

C:\Windows\System32\drivers\Wdf01000.sys CEA67D4279BF8A268062F08330179738

C:\Windows\system32\drivers\WdFilter.sys 5CA29AF6E4C46E73311E68FB63066B09

C:\Windows\System32\DRIVERS\wfplwfs.sys B7ADB3799F1B6D8172DFDCE1DA8937F5

C:\Windows\System32\drivers\wimmount.sys 8B7BBA41B67E92B73BAFEBDF570B3703

C:\Windows\System32\drivers\wmiacpi.sys F8A31500A1B7EFDB95E5103A7C7275C1

C:\Windows\System32\DRIVERS\wpcfltr.sys 9C3F5C7B716247756575235A3218FD38

C:\Windows\System32\drivers\WpdUpFltr.sys E5DCECD5A6A21AE48E94F6C9DC0E093C

C:\Windows\system32\drivers\ws2ifsl.sys D646A22FA57F29BB06018CB7C6E0CD6A

C:\Windows\system32\DRIVERS\wsnf.sys C3824F134EE64A70F3F401AB455616B9

C:\Windows\System32\drivers\wstif.sys C22FD7EEEBE7B666AD093E070CB74493

C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070

C:\Windows\System32\drivers\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

C:\Windows\system32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-15 14:50 - 2014-02-15 14:50 - 00027902 _____ () C:\Users\Vidya Samson\Desktop\FRST.txt

2014-02-15 14:50 - 2014-02-15 14:50 - 00000000 ____D () C:\FRST

2014-02-15 14:41 - 2014-02-15 14:41 - 01141248 _____ (Farbar) C:\Users\Vidya Samson\Desktop\FRST.exe

2014-02-15 14:40 - 2014-02-15 14:40 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys

2014-02-15 13:57 - 2014-02-15 13:57 - 00010209 _____ () C:\ComboFix.txt

2014-02-15 13:49 - 2014-02-15 13:57 - 00000000 ____D () C:\Qoobox

2014-02-15 13:49 - 2014-02-15 13:56 - 00000000 ____D () C:\Windows\erdnt

2014-02-15 13:49 - 2011-06-26 12:15 - 00256000 _____ () C:\Windows\PEV.exe

2014-02-15 13:49 - 2010-11-07 22:50 - 00208896 _____ () C:\Windows\MBR.exe

2014-02-15 13:49 - 2009-04-20 10:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-02-15 13:49 - 2000-08-31 05:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-02-15 13:49 - 2000-08-31 05:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-02-15 13:49 - 2000-08-31 05:30 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe

2014-02-15 13:49 - 2000-08-31 05:30 - 00098816 _____ () C:\Windows\sed.exe

2014-02-15 13:49 - 2000-08-31 05:30 - 00080412 _____ () C:\Windows\grep.exe

2014-02-15 13:49 - 2000-08-31 05:30 - 00068096 _____ () C:\Windows\zip.exe

2014-02-15 12:56 - 2014-02-15 12:57 - 05183211 ____R (Swearware) C:\Users\Vidya Samson\Desktop\ComboFix.exe

2014-02-15 08:41 - 2014-02-15 13:06 - 00005129 _____ () C:\Users\Vidya Samson\Documents\virus removal instructions.txt

2014-02-15 07:20 - 2014-02-15 13:55 - 00014924 _____ () C:\Windows\PFRO.log

2014-02-15 07:20 - 2014-02-15 07:20 - 00460312 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-02-14 23:49 - 2014-02-15 14:06 - 00085634 _____ () C:\Windows\WindowsUpdate.log

2014-02-14 23:21 - 2014-02-14 23:56 - 00000000 ____D () C:\Users\Vidya Samson\Desktop\RK_Quarantine

2014-02-14 23:20 - 2014-02-14 23:20 - 03813376 _____ () C:\Users\Vidya Samson\Desktop\RogueKiller.exe

2014-02-14 22:09 - 2014-02-15 07:20 - 00000404 _____ () C:\Windows\Tasks\Wise Turbo Checker.job

2014-02-14 22:08 - 2014-02-15 13:56 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise Care 365

2014-02-14 22:05 - 2014-02-14 22:05 - 00001118 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk

2014-02-14 21:55 - 2014-02-14 22:05 - 00000000 ____D () C:\Program Files\Wise

2014-02-14 21:55 - 2014-02-14 21:55 - 00001115 _____ () C:\Users\Public\Desktop\Wise PC 1stAid.lnk

2014-02-14 21:55 - 2014-02-14 21:55 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise PC 1stAid

2014-02-14 10:13 - 2014-02-14 10:13 - 00930440 _____ (CNET Download.com) C:\Users\Vidya Samson\Desktop\cbsidlm-cbsi176-Wise_Care_365_Free-BP-75744630.exe

2014-02-14 10:12 - 2014-02-14 10:12 - 04749448 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Desktop\WPCASetup.exe

2014-02-14 10:11 - 2014-02-14 10:11 - 04749448 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Downloads\WPCASetup.exe

2014-02-14 10:05 - 2014-02-14 10:05 - 00930440 _____ (CNET Download.com) C:\Users\Vidya Samson\Desktop\cbsidlm-cbsi176-Wise_Registry_Cleaner-BP-10605508.exe

2014-02-14 09:57 - 2014-02-14 09:58 - 03917960 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Desktop\WDCFree.exe

2014-02-13 22:14 - 2014-02-13 22:14 - 04721920 _____ (Piriform Ltd) C:\Users\Vidya Samson\Desktop\ccsetup410.exe

2014-02-13 18:39 - 2014-02-13 18:39 - 00000852 _____ () C:\Users\Vidya Samson\Desktop\JRT.txt

2014-02-13 18:28 - 2014-02-13 18:33 - 00000368 _____ () C:\Windows\system32\.crusader

2014-02-13 16:31 - 2014-02-13 16:31 - 00000000 ____D () C:\Windows\ERUNT

2014-02-13 16:30 - 2014-02-13 16:30 - 01037530 _____ (Thisisu) C:\Users\Vidya Samson\Desktop\JunkwareRemovalTool.exe

2014-02-13 16:15 - 2014-02-15 14:40 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk

2014-02-13 16:15 - 2014-02-13 16:15 - 00000000 ____D () C:\Program Files\HitmanPro

2014-02-13 15:59 - 2014-02-14 13:23 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-02-13 15:52 - 2014-02-13 15:57 - 09988304 _____ (SurfRight B.V.) C:\Users\Vidya Samson\Desktop\HitmanPro.exe

2014-02-13 15:35 - 2014-02-13 15:35 - 00009203 _____ () C:\Users\Vidya Samson\Desktop\dds.txt

2014-02-13 15:35 - 2014-02-13 15:35 - 00002843 _____ () C:\Users\Vidya Samson\Desktop\attach.txt

2014-02-13 15:30 - 2014-02-13 15:30 - 00001353 _____ () C:\AdwCleaner[s3].txt

2014-02-13 15:30 - 2014-02-13 15:30 - 00001293 _____ () C:\AdwCleaner[R7].txt

2014-02-13 15:25 - 2014-02-13 15:25 - 00000000 ____D () C:\Users\Vidya Samson\Desktop\Old Firefox Data

2014-02-12 10:44 - 2014-02-15 14:25 - 00001139 _____ () C:\Users\Vidya Samson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-02-12 09:48 - 2014-02-12 09:48 - 00001219 _____ () C:\AdwCleaner[s2].txt

2014-02-12 09:47 - 2014-02-12 09:48 - 00001158 _____ () C:\AdwCleaner[R6].txt

2014-02-12 09:46 - 2014-02-12 09:47 - 00001098 _____ () C:\AdwCleaner[R5].txt

2014-02-12 09:44 - 2013-06-12 07:45 - 00648201 _____ () C:\Users\Vidya Samson\Desktop\AdwCleaner.exe

2014-02-12 09:30 - 2014-02-13 15:28 - 00000000 ____D () C:\Program Files\AdwareRemovalToolv3.7

2014-02-12 01:18 - 2014-02-12 01:18 - 00001070 _____ () C:\AdwCleaner[R4].txt

2014-02-12 01:15 - 2014-02-12 01:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware

2014-02-12 01:15 - 2014-02-12 01:15 - 00000983 _____ () C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

2014-02-12 01:15 - 2014-02-12 01:15 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Malwarebytes

2014-02-12 01:15 - 2014-02-12 01:15 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-02-12 01:15 - 2009-09-10 14:54 - 00038224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys

2014-02-12 01:15 - 2009-09-10 14:53 - 00019160 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-02-12 01:10 - 2014-02-12 01:11 - 00001009 _____ () C:\AdwCleaner[R3].txt

2014-02-12 01:05 - 2014-02-12 01:05 - 00005115 _____ () C:\AdwCleaner[s1].txt

2014-02-12 01:04 - 2014-02-12 01:04 - 00004910 _____ () C:\AdwCleaner[R2].txt

2014-02-12 01:04 - 2014-02-12 01:04 - 00004850 _____ () C:\AdwCleaner[R1].txt

2014-02-11 18:00 - 2014-02-11 18:00 - 01043533 _____ () C:\Users\Vidya Samson\AppData\Local\census.cache

2014-02-11 18:00 - 2014-02-11 18:00 - 00142741 _____ () C:\Users\Vidya Samson\AppData\Local\ars.cache

2014-02-11 16:15 - 2014-02-11 16:15 - 00000036 _____ () C:\Users\Vidya Samson\AppData\Local\housecall.guid.cache

2014-02-11 09:12 - 2014-02-11 09:12 - 00688992 ____R (Swearware) C:\Users\Vidya Samson\Desktop\dds.com

2014-02-10 11:36 - 2014-02-10 11:40 - 03917960 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Downloads\WDCFree.exe

2014-02-10 11:34 - 2014-02-14 21:51 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise Registry Cleaner

2014-02-10 11:20 - 2014-02-10 13:06 - 00000426 _____ () C:\Windows\Tasks\Wise Disk Cleaner Schedule Task.job

2014-02-10 11:17 - 2014-02-13 22:14 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-02-10 11:17 - 2014-02-13 22:14 - 00000000 ____D () C:\Program Files\CCleaner

2014-02-10 11:11 - 2014-02-14 10:01 - 00000000 ____D () C:\Program Files\Wise Registry Cleaner

2014-02-10 11:11 - 2014-02-10 11:21 - 00001090 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk

2014-02-10 11:09 - 2014-02-14 22:51 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise Disk Cleaner

2014-02-10 11:09 - 2014-02-14 10:07 - 00001067 _____ () C:\Users\Public\Desktop\Wise Disk Cleaner.lnk

2014-02-10 11:09 - 2014-02-14 10:07 - 00000000 ____D () C:\Program Files\Wise Disk Cleaner

2014-02-05 11:10 - 2014-02-05 11:10 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\OpenOffice.org

2014-02-05 11:07 - 2014-02-10 10:34 - 00000000 ____D () C:\Program Files\OpenOffice.org 3

2014-02-05 10:56 - 2014-02-10 10:40 - 00000000 ____D () C:\Program Files\File Type Assistant

2014-02-05 10:56 - 2014-02-05 10:56 - 16617352 _____ (Bitberry Software ) C:\Users\Vidya Samson\Downloads\FreeFileViewerSetup [1].exe

2014-02-05 10:55 - 2014-02-05 10:55 - 00000046 _____ () C:\Users\Vidya Samson\AppData\Roaming\WB.CFG

2014-02-05 10:52 - 2014-02-05 10:51 - 00139800 _____ () C:\Users\Vidya Samson\Downloads\My Deadly Prince Charming Edits.pages

2014-01-30 12:33 - 2014-01-30 12:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Windows\PCHEALTH

**Juliet** · February 15, 2014

I can see Hitmanpro37 on the computer, you also have Quick Heal Total Security. This means you have 2 antivirus fighting each other for resources and your machine will not function properly.

Make a decission which to keep and which one to uninstall.

We do not recommend the use of registry cleaners. No registry cleaner is completely safe since most do not even create a backup the potential is ever present to cause more problems than they claim to fix.

If you do not have knowledge of the registry, then you would probably be better off leaving it alone, and definitely not placing blind trust in a program to do the job for you.

Our colleague miekiemoes has an excellent writeup here

http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

We suggest uninstalling them via Add or Remove Programs in your Control Panel.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start

SearchScopes: HKLM - DefaultScope value is missing.

S3 28139; \??\C:\Users\VIDYAS~1\AppData\Local\Temp\34845337\28139.sys [X]

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

C:\Windows\System32\Tasks\AutoKMS

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application
Then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Get the report by selecting Reports
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

****************

Please copy and paste the fixlist.txt and TDSSKiller log in your next reply.

crossword · February 15, 2014

I Uninstalled Hitmanpro37 but not the registry cleaners. I will no longer use registry cleaners to clean the registry. But I kept Wise Registry cleaner since it has Registry defrag and I assume defragging the registry would be good? I assume it won't delete any item, unlike the cleaner function?

I did try to Download the latest version of TDSSKiller from the site. Its another site my comp won't connect to. So I ran the version I already had on my comp. it may be the latest; I downloaded it some months ago. Its version 3.0.0.10

The scan showed no threats were found. I did click on report but see no way to copy and paste it since when I right click, nothing happens. I can highlight the report and thats it. I see no copy button anywhere.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-02-2014 01

Ran by Vidya Samson at 2014-02-15 22:25:13 Run:1

Running from C:\Users\Vidya Samson\Desktop

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

start

SearchScopes: HKLM - DefaultScope value is missing.

S3 28139; \??\C:\Users\VIDYAS~1\AppData\Local\Temp\34845337\28139.sys [X]

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

C:\Windows\System32\Tasks\AutoKMS

end

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

28139 => Service deleted successfully.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully.

HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} => Key deleted successfully.

HKCR\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key deleted successfully.

HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key deleted successfully.

C:\Windows\System32\Tasks\AutoKMS => Moved successfully.

==== End of Fixlog ====

**Juliet** · February 15, 2014

I did try to Download the latest version of TDSSKiller from the site. Its another site my comp won't connect to. So I ran the version I already had on my comp. it may be the latest; I downloaded it some months ago. Its version 3.0.0.10

No, it would not be an updated copy.

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

7. The following image opens, select Update

8. When the Update completes, select Next

9. In the following window ensure "Targets" are ticked. Then select "Scan"

10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

13. Select "Exit" to close down.

14. Copy and paste the two following logs from the mbar folder:

System - log

Mbar - log Date and time of scan will also be shown

Post those two logs in your reply.

crossword · February 16, 2014

i was surprised to see it said no malware found. does that mean what i have is so deep and tricky even this software cant find it?

or is it good news?

logs:

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.15.09

Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16635
Vidya Samson :: VIDYA [administrator]

2/16/2014 6:04:20 AM
mbar-log-2014-02-16 (06-04-20).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 216732
Time elapsed: 11 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16635

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED
CPU speed: 3.415000 GHz
Memory total: 3487682560, free: 1927036928

=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16635

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED
CPU speed: 3.415000 GHz
Memory total: 3487682560, free: 1970987008

Downloaded database version: v2014.02.15.09
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
02/16/2014 06:04:13
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\ggc.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\wstif.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\wsnf.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\system32\DRIVERS\Rt630x86.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\parport.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\catflt.sys
\SystemRoot\system32\drivers\emltdi.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\parvdm.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\mslldp.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff84bff7a8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000003e\
Lower Device Object: 0xffffffff84bc4410
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85a71a80
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000002f\
Lower Device Object: 0xffffffff85575b48
Lower Device Driver Name: \Driver\storahci\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85a71a80, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85a71700, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85a71a80, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85575b48, DeviceName: \Device\0000002f\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8855C9B1

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 716800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 718848 Numsec = 132403200

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 133122048 Numsec = 147329024

Partition 3 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 280451072 Numsec = 696320000

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff84bff7a8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84bc5c80, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff84bff7a8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff84bc4410, DeviceName: \Device\0000003e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1E8BC546

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 512007552

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 512007615 Numsec = 464760450

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

**Juliet** · February 16, 2014

i was surprised to see it said no malware found. does that mean what i have is so deep and tricky even this software cant find it?

I was surprised too.

I can't help but think your security software is causing some issues here.

Can we experiment?

Can you uninstall it, download a free version of

to see if you can access sites?

Only if you feel you can download and install again QuickHeal Anti virus/security suite.

What I would also like to do is, remove/delete the tools we have used so far and download fresh updated ones.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 6 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Open AdwCleaner double click on adwcleaner.exe to run the tool.

Click on Uninstall, then confirm with yes to remove AdwCleaner from your computer.

Now, let's try an updated copy

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[s1].txt as well.

crossword · February 16, 2014

I can try all that but heres the thing:

Even when I tried just now to get to gmail and my writing sites, I got redirected. Yes I'm unable to access certain sites but the issue is that I see by the bar at the bottom of the screen that I'm actually getting redirected to other sites though those sites don’t load either and the page just hangs there.

I read its malware that casues sites to redirect so they can steal some info.

So in that scenario, could it really be my quickheal that ispreventing me acessings ites? Isnt it more likely the malware that is doing it and that I must get rid of?

Or do you feel that my QuickHeal Anti virus has been so compromised I should uninstall it? When I ran Hitman pro the first time, I remember it found some problem with quickheal but then I clicked on it to see more and it sort of froze and when I shut down and opened hitman again it didn’t say anything about quickheal. Earlier it had found 5 problems, then it froze. Then when I reopened it found some new prob which it cleaned.

My friend who looked up QuickHeal on wiki said:

"As far as QuickHeal, I found this comment on wikipedia concerning:

2005

• Took a technological leap with the introduction of DNAScan technology capable of detecting unknown viruses in real time without depending on latest signature patterns.

Also this:

2013

• Detected Ransomware that demands a $300 Ransom

http://en.wikipedia.org/wiki/Quick_Heal

What I really don't like about Quickheal is the strange way it is 'advertised' on wikipedia- as if it was written by them and not users.

No other Security Suite that I know makes those claims- especially about ransomware- and would not have allowed you to accidentally install a problematic program without a warning notice or two."

**Juliet** · February 16, 2014

There is something else we can try but it involves using a clean computer to transfer over files to yours?

What I have not been able to do is see the results of logs needed to help delete malicious files from scans we use daily.

it is very possible Quickheal and it's added inside tools can be harmful to your computer but, until now and with your computer I have not seen this before.

It is also possible to be used on many machines in your country. So at this time it is hard to say.

I do not want you on the internet without security.

On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

Select Command Prompt

Once in the Command Prompt:

In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

**Juliet** · February 16, 2014

Let me add, until researching it for your computer, I had not seen Quick Heal antivirus.

I have found reference to it now but I am still unsure of it's claims.

Edited February 16, 2014 by Juliet
typo

crossword · February 16, 2014

I don’t have another machine.

"What I have not been able to do is see the results of logs needed to help delete malicious files from scans we use daily."

What logs do you want to see? If it is something I was unable to download earlier I could try again if you tell me what you want. Sometimes sites load for me, sometimes they don’t.

I know I'm not teh expert but as I said before I think this MAY be the main thing causing the problem:

I searched again for Right Surf in my finder EVERYTHING.

Found the same 4 instances. they're all .exe files and all the path names have a "prefetch" at teh end.

Two are in C Folder, 2 in H, which is my ext drive. I had had my drive plugged in when I got the virus and never removed it since I figured antivirus scans etc would benefit the drive too.

Now I'm worried. How do I remove this malware from my comp and also my ext drive? Maybe if I only could delete this all my probs could be solved? Worth a try, I think.

**Juliet** · February 16, 2014

I dont have another machine.

You would have to use a friend's computer and it would need to be clean.

What logs do you want to see?

I would like to see the results of Farbar Recovery Scan Tool,

If you could please try to download it one more time Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform FULL Scan", then click Scan.
A small window might open, be sure to also include your external drive to be scanned.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you are not able to do the above we can next try:

Download OTL to your desktop.
- Double click on the icon to run it.
  Vista / Windows 7/8 users right-click and select Run As Administrator.
- Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

crossword · February 16, 2014

i have an old version of malwarebytes. I had run it earlier; it showed no threats. When I try to click update it keeps saying error occurred. will try again later.

I'm puzzled. I think I did post the Farbar logs earlier. I still have them on my desktop; were there any other you wanted or are these the ones:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by Vidya Samson (administrator) on VIDYA on 16-02-2014 20:39:23
Running from C:\Users\Vidya Samson\Desktop
Microsoft Windows 8 Enterprise (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\onlinent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Encarta\Encarta Reference Library DVD 2003\EDICT.EXE
(CANON INC.) C:\Windows\system32\CNAB4RPK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Quick Heal Core UI] - C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [161264 2012-08-04] (Quick Heal Technologies (P) Ltd.)
HKU\S-1-5-21-2261785502-2541491869-2394418403-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\MSERO.DLL (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Vidya Samson\AppData\Roaming\Mozilla\Firefox\Profiles\jx62iwu2.default-1392285308308
FF Homepage: hxxp://www.zoetrope.com/members/priv/index.cgi?show_page=discuss&owner=14437
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Oracle Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSWF32.dll ()
FF Extension: ImageBlock - C:\Users\Vidya Samson\AppData\Roaming\Mozilla\Firefox\Profiles\jx62iwu2.default-1392285308308\Extensions\imageblock@hemantvats.com.xpi [2014-02-13]

========================== Services (Whitelisted) =================

R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [29680 2012-07-28] (Quick Heal Technologies (P) Ltd.)
S2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [206320 2012-07-28] (Quick Heal Technologies (P) Ltd.)
R2 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [206320 2012-07-28] (Quick Heal Technologies (P) Ltd.)
R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [25584 2012-07-28] (Quick Heal Technologies (P) Ltd.)
R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [91120 2012-07-28] (Quick Heal Technologies (P) Ltd.)
R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [243320 2012-08-09] (Quick Heal Technologies (P) Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13344 2013-01-29] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation)
R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [40416 2012-09-08] (Quick Heal Technologies (P) Ltd.)
R2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [29424 2012-08-04] (Quick Heal Technologies (P) Ltd.)
R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [49904 2012-07-28] (Quick Heal Technologies (P) Ltd.)
S3 llio; C:\Windows\system32\DRIVERS\llio.sys [55712 2013-08-14] (Quick Heal Technologies (P) Ltd.)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [33136 2012-07-28] (Quick Heal Technologies (P) Ltd.)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [16256 2013-05-17] ()
R1 wsnf; C:\Windows\system32\DRIVERS\wsnf.sys [38856 2012-07-10] (Quick Heal Technologies (P) Ltd.)
R1 wstif; C:\Windows\System32\drivers\wstif.sys [68448 2012-08-06] (Quick Heal Technologies (P) Ltd.)
S3 catchme; \??\C:\Users\VIDYAS~1\AppData\Local\Temp\catchme.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys E7B9E170EFF01486D3118E372BA0AF21
C:\Windows\System32\drivers\3ware.sys 96191579DDB1A201A2FB79C1D05680B4
C:\Windows\System32\drivers\ACPI.sys 682595B152AA55B2237D40EB9A3271FC
C:\Windows\System32\Drivers\acpiex.sys 3A5DA97644B9E2662CFF186A8798519C
C:\Windows\System32\drivers\acpipagr.sys 87C4AE693CA8AB6E2A13B7C7453466DB
C:\Windows\System32\drivers\acpipmi.sys C7D2BA04BA3C6CA702C2615A0C50469C
C:\Windows\System32\drivers\acpitime.sys 38E110C96B2ACAB4D9A701777C9BCD98
C:\Windows\System32\drivers\adp94xx.sys 2FE756FD6E0336990D0B3652A07EBB9B
C:\Windows\System32\drivers\adpahci.sys CC579EC50EE5435A4070306C0E4EF9E6
C:\Windows\System32\drivers\adpu320.sys 82743090D0259BF9F1373AD48372CBAC
C:\Windows\system32\drivers\afd.sys 6043C72306D5C7B8BC823A1CC49F53B8
C:\Windows\System32\drivers\agp440.sys 73BB2C687305C4195ED7511587B041AA
C:\Windows\System32\drivers\amdagp.sys E44885EA3E89A54BF14C78892CE85EA0
C:\Windows\System32\drivers\amdk8.sys E546E3E390EFD4C2AB908E29C5BEA55D
C:\Windows\system32\DRIVERS\atikmdag.sys 0B2D841BE0E9BB975DE943A4072431FD
C:\Windows\system32\DRIVERS\atikmpag.sys 77C11737D6F136F33F30FC4827A27F81
C:\Windows\System32\drivers\amdppm.sys DF8CD36E27310F425A7ABB586AB05550
C:\Windows\System32\drivers\amdsata.sys 8D5D89177552EDFD5C9730CCE79F7FCC
C:\Windows\System32\drivers\amdsbs.sys 5725597CF5E002FB665C6C69787DAA8A
C:\Windows\System32\drivers\amdxata.sys FB336B5F110770CF22F6BFEB1906E773
C:\Windows\system32\drivers\appid.sys CB3613E82A5B058AB6A69846B0DDC6C5
C:\Windows\System32\drivers\arc.sys A0982052EE6B01DC9B0CB7FEFD13040F
C:\Windows\System32\drivers\arcsas.sys 7E17A734B0D33B8F9287F28F1C583DD7
C:\Windows\System32\DRIVERS\asyncmac.sys E12BC771325E70C2A875136B0BAF491E
C:\Windows\System32\drivers\atapi.sys 48D8C3F2006698691F5AE0BB595FDCC8
C:\Windows\System32\drivers\BasicDisplay.sys A96A499B6C931B7242D964D5D695A506
C:\Windows\System32\drivers\BasicRender.sys D313E4D7DF0187CEDA121793F937EA89
C:\Windows\system32\Drivers\Beep.sys E53DDF8C101E3CB6A0483D592A8CC476
C:\Windows\System32\DRIVERS\bowser.sys D7148E90581185DB2CC6A2EED9C8281C
C:\Windows\System32\drivers\BthAvrcpTg.sys 4F7981232826D677FBE4D3D37845ADD7
C:\Windows\System32\drivers\bthhfenum.sys 3EEEA1B69C16A8D159B53896EC78420C
C:\Windows\System32\drivers\BthHFHid.sys 403C9BA247F4D4C0E4FF6FFA5F096EF6
C:\Windows\System32\drivers\bthmodem.sys 0C706A8B022A44413F6C36ECEAAA2838
C:\Windows\System32\DRIVERS\catflt.sys D49635CE0F6BE5DDA7F462987A050EF9
C:\Windows\System32\DRIVERS\cdfs.sys 00B4FA77732C7823D292ECD672660882
C:\Windows\System32\drivers\cdrom.sys 4E707EC5071DD8F5C29A7410780BD4C3
C:\Windows\System32\drivers\circlass.sys 17BE1CB162768E886B2BBA63F8B89371
C:\Windows\System32\drivers\CLFS.sys D5370A0D3A8F7E531FE9BA3E3C81BAC8
C:\Windows\System32\drivers\CmBatt.sys 16744C84320D33880E38DF7409585EBF
C:\Windows\System32\Drivers\cng.sys FC5C6FC2D889D34CDFE50ECBCE0EDDD6
C:\Windows\System32\DRIVERS\cnghwassist.sys E65DF0F65ECD3F74012C5C6D4F0523FD
C:\Windows\System32\drivers\CompositeBus.sys 357444DE560252A907F8B687005B3DCA
C:\Windows\System32\drivers\condrv.sys F1B79B7B595B0D7990756C12FA64F00E
C:\Windows\System32\drivers\csc.sys 8AF45624AD6EA2F4D44B06E7E06983AD
C:\Windows\System32\drivers\dam.sys 05107EAC6D02D8789BABB79199152BC6
C:\Windows\System32\Drivers\dfsc.sys B21FDAC50FCD4CE53C203F097273532A
C:\Windows\System32\drivers\discache.sys C0C87CCE88C4532B575AD60A95E7FD57
C:\Windows\System32\drivers\disk.sys 4E3237D8266580412CCA774321056111
C:\Windows\System32\drivers\dmvsc.sys 9B20A9DB154249E0E40036BC8BDC3E38
C:\Windows\system32\drivers\drmkaud.sys E48E86694E57723C67478F3AC082D42B
C:\Windows\System32\drivers\dxgkrnl.sys A46E69E1AEC3CD106610CCF90A517C4A
C:\Windows\System32\drivers\EhStorClass.sys BC7119CF5B5BC9F54C8FAE221C3227F2
C:\Windows\System32\drivers\EhStorTcgDrv.sys 1A5945FA87A05A97A1175657B7BA4EDB
C:\Windows\System32\drivers\emltdi.sys 775B48998AF0B5FD614406F7E98AA7C9
C:\Windows\System32\drivers\errdev.sys 8B22B788A329645F08AB4F86B9580AF3
C:\Windows\system32\Drivers\exfat.sys B60B2A0E110D640440263268FC02C726
C:\Windows\system32\Drivers\fastfat.sys C8B18803E1521225BDBA86B5F7D2E9FC
C:\Windows\System32\drivers\fdc.sys 9709867A1354A4D10046ADE31DA67511
C:\Windows\System32\drivers\fileinfo.sys 1018AE04A4D36BA60247C2C22D7BA7D1
C:\Windows\System32\drivers\filetrace.sys 3A2F87EF4400B5E542E2C2BA8FAB4222
C:\Windows\System32\drivers\flpydisk.sys F37314C92AB8C876DB478A36A6D9FF0E
C:\Windows\System32\drivers\fltmgr.sys 13C0B6F6EFD0D5C6871C07B56CB5403D
C:\Windows\System32\drivers\FsDepends.sys 16D4CC9AE485BC60B6AE026FF2497DE8
C:\Windows\system32\Drivers\Fs_Rec.sys 28E64CAC27FE3A7CA34E2F93E9A8092A
C:\Windows\System32\DRIVERS\fvevol.sys D49DB3B4F82296B3BDF3336442A10516
C:\Windows\System32\drivers\fxppm.sys BD9C0C40ED4DEB4FC7562DD62FA18FD7
C:\Windows\System32\drivers\gagp30kx.sys B5AD0B13AD7FD1C749FC45D81392B9DF
C:\Windows\System32\drivers\vmgencounter.sys A9608FF3B1B577BFC969A7B6797B1FC1
C:\Windows\System32\DRIVERS\ggc.sys 8350BA8454BDC8F47046F9C40CC88507
C:\Windows\System32\Drivers\msgpioclx.sys 9F3695F4FAEA73BE6D0BA856C4D5C3BD
C:\Windows\system32\drivers\HdAudio.sys 7A63087EDE3504684055A57A45E2AFF9
C:\Windows\System32\drivers\HDAudBus.sys 0E3FC2062E796F6A9B1ED995E1CBB25E
C:\Windows\System32\drivers\HidBatt.sys 8CBCFA78D2B43CCC23BF5A4C09A700CA
C:\Windows\System32\drivers\hidbth.sys 9133AFFBA020B97100703DB8E598C73F
C:\Windows\System32\drivers\hidi2c.sys 804019176228EBE260A821C5688CAFD2
C:\Windows\System32\drivers\hidir.sys 11A4D12F4CADD18CDA334C2756FE450A
C:\Windows\System32\drivers\hidusb.sys 48ADFEFD445291AE7D619B3F4638B092
C:\Windows\System32\drivers\HpSAMD.sys D7544353157E11864C00A48BC90EF183
C:\Windows\System32\drivers\HTTP.sys 8FE9867871C32E9B9A3276C61A0FACC0
C:\Windows\System32\drivers\hwpolicy.sys 4A3E6732E5BEF6DF531A217B5EBB5C54
C:\Windows\System32\drivers\hyperkbd.sys 0F819743721DFB5906734243ED0CE935
C:\Windows\system32\DRIVERS\HyperVideo.sys A14A2EBA22929901F64B496C1D555982
C:\Windows\System32\drivers\i8042prt.sys 11EDC37780E8A2F8E311D73F7658A4D7
C:\Windows\System32\drivers\iaStorV.sys C444F83C318BE18719DC1FDAEFF10898
C:\Windows\System32\drivers\iirsp.sys 7BB542C7156FA72CC83C1177BB190F94
C:\Windows\System32\drivers\intelide.sys A43BC9416741ABEA2B8DF60D2C0EA6A2
C:\Windows\System32\drivers\intelppm.sys 9081A954273763F0AC25DE0C2B2DB593
C:\Windows\System32\DRIVERS\ipfltdrv.sys AB308167857138B84E4DECDF2000DD27
C:\Windows\System32\drivers\IPMIDrv.sys 7E4FEE6D5C5BC52199C481DAC564FE43
C:\Windows\System32\drivers\ipnat.sys 57B0C0D982013C72911A3F5CBA795034
C:\Windows\System32\drivers\irenum.sys 9D6DB34476AC6448B3CA59D8676F7CE6
C:\Windows\System32\drivers\isapnp.sys 2E1347C9CC7DDB43183AF725135ACF0D
C:\Windows\System32\drivers\msiscsi.sys 0E3BDF6F27031D5BBC030E14EB7EACCB
C:\Windows\System32\drivers\kbdclass.sys 4533BE9F8D67BDCF5FECA87DCC345448
C:\Windows\System32\drivers\kbdhid.sys 8F73A6DAEF7F7D102FBBA6F3EBC47F97
C:\Windows\system32\DRIVERS\kdnic.sys F7E302012680B0617C904B58594E0376
C:\Windows\System32\Drivers\ksecdd.sys 65AE68224E27425871354430E542252A
C:\Windows\System32\Drivers\ksecpkg.sys 6FABC01A91D5F2D5B4DAD2F5F1C6C249
C:\Windows\system32\DRIVERS\llio.sys 3885A9AA8217D84A09A8DC21A414EFA3
C:\Windows\system32\DRIVERS\lltdio.sys AD581D8BA8C2CE46933D44392BA35C24
C:\Windows\System32\drivers\lsi_sas.sys 6B01CB678E1E390CEA9514D4774EFB51
C:\Windows\System32\drivers\lsi_sas2.sys 4C3AFBA9ED36535313054AC26532E9DE
C:\Windows\System32\drivers\lsi_scsi.sys 0715DC27611C202D04BC0365D666DD27
C:\Windows\System32\drivers\lsi_sss.sys DB6B9554AA4F83212E80D5107D8C53EE
C:\Windows\system32\drivers\luafv.sys F731770C339FEB6563397D410793A756
C:\Windows\System32\drivers\megasas.sys 125C3C5A315500A1AD54F0B4766AF815
C:\Windows\System32\drivers\MegaSR.sys 05457CC7F5586C6E8D02FFA7F23FCEDF
C:\Windows\System32\drivers\modem.sys 049E433162AFE9B08C05D81D2C62CD61
C:\Windows\System32\drivers\monitor.sys 81F2FEE55660E51820C93A388AE8FEB9
C:\Windows\System32\drivers\mouclass.sys 9D3F069A705325E7B7CEA36BFB65E616
C:\Windows\System32\drivers\mouhid.sys 3C3C50AA12E2E48A9FEAA4BF5AA789A0
C:\Windows\System32\drivers\mountmgr.sys 13D8E3077EF0AE583F4634236D9A0992
C:\Windows\System32\drivers\mpsdrv.sys C8D0E7A4C5033EF0A7DD076F08CF2F70
C:\Windows\system32\drivers\mrxdav.sys 329E3ACBFC616666D3D04C6FDC1B71E0
C:\Windows\System32\DRIVERS\mrxsmb.sys 5FAC7AC77D9ADD42579EDF678F08DF9F
C:\Windows\System32\DRIVERS\mrxsmb10.sys B9F3DA35CDE171B5CBA70319AD7D5E59
C:\Windows\System32\DRIVERS\mrxsmb20.sys 96E88C54A0CF32A74483819DA7DA3A15
C:\Windows\system32\DRIVERS\bridge.sys 61E23CF0A54EDBAE5CFE3322E960ECC9
C:\Windows\System32\DRIVERS\mscank.sys 17E08A26EF51CFA71BA6007DFE884759
C:\Windows\system32\Drivers\Msfs.sys 651DEF4337DD77E6A607CEE49D3C4B30
C:\Windows\System32\drivers\msgpiowin32.sys 8F47F5F31F001C4F97840DB723618DD0
C:\Windows\System32\drivers\mshidkmdf.sys 26BBD77D23FFABB14C3291A1B8555EA5
C:\Windows\System32\drivers\mshidumdf.sys 51808FEF911B77758A6CF7CEB469AF9E
C:\Windows\System32\drivers\msisadrv.sys F103DF830D370B7535FDA3D477C8D8A0
C:\Windows\system32\drivers\MSKSSRV.sys 3FCF6AA904516872CF70ED248F86889B
C:\Windows\system32\DRIVERS\mslldp.sys 10C229EAC28FDB8550EE93D955932F83
C:\Windows\system32\drivers\MSPCLOCK.sys BA786F089895196E18120F66F996A3D2
C:\Windows\system32\drivers\MSPQM.sys 362950A5F7B1794DA9CB985AF7BBCC4B
C:\Windows\system32\Drivers\MsRPC.sys 79A14AB6C6A5B01E9CE99937D1304D13
C:\Windows\System32\drivers\mssmbios.sys A819A3006C27870AF05E408AD06FACFF
C:\Windows\system32\drivers\MSTEE.sys FB1D61A2998A5C4456C6B73DD41D5352
C:\Windows\System32\drivers\MTConfig.sys 3CC687876469F0FD3B2D936FA7A6EC59
C:\Windows\system32\DRIVERS\ASACPI.sys 98F1A21FEB21AA86402AD35CB09074D4
C:\Windows\System32\Drivers\mup.sys 6779B2A319A563C68B56DE8491E9EA76
C:\Windows\System32\drivers\mvumis.sys 1DEF95DC467131BF4AB52A8F72C42D89
C:\Windows\system32\DRIVERS\nwifi.sys D48E3B33BD911BA28413A4337456724F
C:\Windows\System32\drivers\ndis.sys 714F5CAA4510805BD29DF7BE4587F770
C:\Windows\system32\DRIVERS\ndiscap.sys 9B8BC481DEEAA07C51DA214D2CEF2FC9
C:\Windows\system32\DRIVERS\NdisImPlatform.sys 1EA68DB9E05248EF9B940D6D0A0725B3
C:\Windows\system32\DRIVERS\ndistapi.sys 71F6E2AF63B0E52B36CEE7F0AE076A18
C:\Windows\system32\DRIVERS\ndisuio.sys DDC67239BFE82DC5A878039B464B1968
C:\Windows\system32\DRIVERS\ndiswan.sys 556DB924D61BC4A5E0F95D383E9B1009
C:\Windows\system32\DRIVERS\ndiswan.sys 556DB924D61BC4A5E0F95D383E9B1009
C:\Windows\system32\Drivers\NDProxy.sys B8C10B9DE50120E8CA3E995F94CA80D7
C:\Windows\System32\drivers\Ndu.sys 583F95CEFCD5D896B5531BD338030401
C:\Windows\System32\DRIVERS\netbios.sys 4CA677A214248DB8227F8035B546F7D0
C:\Windows\System32\DRIVERS\netbt.sys 303A053C25E468B9925C22288BEF8484
C:\Windows\System32\drivers\nfrd960.sys 4B539272E9F5C3B8D9714D137FD340A6
C:\Windows\system32\Drivers\Npfs.sys EAC569A77BE92B247FCA51E498B17DF1
C:\Windows\System32\drivers\npsvctrig.sys 6E994702ED294CDBED7621590EC75735
C:\Windows\System32\drivers\nsiproxy.sys 9588CCD14571FA22F8F2ECCF198AB448
C:\Windows\system32\Drivers\Ntfs.sys 99C73E3FE9B36275BD91D2009F2BA2E0
C:\Windows\system32\Drivers\Null.sys 0F965AF67042AF539274738FFD0C8C71
C:\Windows\System32\drivers\nvraid.sys BD23FF50A9A59AAF48052F5E7D0682B0
C:\Windows\System32\drivers\nvstor.sys 108DD54A5B1E73F583AF7DC94CCE52B8
C:\Windows\System32\drivers\nv_agp.sys 5ED87C9C51CFE59B1DDFF8290719E0E4
C:\Windows\System32\drivers\parport.sys 8BCE63AF5B52642E832630F862DE96EF
C:\Windows\System32\drivers\partmgr.sys 7289BE4566F0E5126868EB6E4292CC3C
C:\Windows\System32\drivers\parvdm.sys 49A439FEAB060F74B8EC7DBF44D4A7BA
C:\Windows\System32\drivers\pci.sys EA828C84C8948D0E4994C1E0A45EB05F
C:\Windows\System32\drivers\pciide.sys B4444133ED61F87FD49A2ADD28285115
C:\Windows\System32\drivers\pcmcia.sys 6E11FDE71F2015007CDD4AE9D2D700C9
C:\Windows\System32\drivers\pcw.sys 8A56B080B12950D448D556FE4BA6C68C
C:\Windows\System32\drivers\pdc.sys 58F99F74C33B7615ABEECF70BAD5FE1E
C:\Windows\System32\drivers\peauth.sys 8C7EE53A9F6A5F01E77DBB81654E5B66
C:\Windows\system32\DRIVERS\raspptp.sys 03D522782A0BB5108C8A43A10EE51CB0
C:\Windows\System32\drivers\processr.sys 03B982CAD4C2661076061F726200699E
C:\Windows\system32\DRIVERS\pacer.sys 42E46DC7767F5AB664E3F6B36D9764AD
C:\Windows\system32\drivers\qwavedrv.sys 29E548E1C511BFBE56FA6438488DE0E0
C:\Windows\System32\DRIVERS\rasacd.sys C07E9331431C78D41F30E62A15E1D324
C:\Windows\system32\DRIVERS\AgileVpn.sys F63755B2DCE1BE7927F5CEAB7991EFED
C:\Windows\system32\DRIVERS\rasl2tp.sys 6E0649D7325D85C47C844EB3267E4625
C:\Windows\system32\DRIVERS\raspppoe.sys 5BA6DB7AD04A8EADE0A41E6C8427582B
C:\Windows\system32\DRIVERS\rassstp.sys 3A421DDA09E3BF96E9D698D13FDC139E
C:\Windows\System32\DRIVERS\rdbss.sys ED1CBB55D5946520994FCD8CA9596D9D
C:\Windows\System32\drivers\rdpbus.sys 4FB0345ADE5C2E15EA1A22F173E71D37
C:\Windows\System32\drivers\rdpdr.sys 2CAD2A13569741C67CD9C52F97E0F992
C:\Windows\System32\drivers\rdpvideominiport.sys DD7A269C2E3CDEBDBC872A1BBB547FFD
C:\Windows\system32\Drivers\RDPWD.sys EA0E833A1418C28E6085DFFA68731EA5
C:\Windows\System32\drivers\rdyboost.sys 38A8012D03150D6852B9CDDB24280F1A
C:\Windows\system32\DRIVERS\rspndr.sys C7BD738B9BF45E797A6089AF946BAC47
C:\Windows\system32\DRIVERS\Rt630x86.sys BF93264AE817867448A1A8D9F650A288
C:\Windows\System32\drivers\vms3cap.sys E21867D4A8FF3824150E56979E333610
C:\Windows\System32\drivers\sbp2port.sys 434F805B0B3840A52C19C96A7BB64AA3
C:\Windows\System32\DRIVERS\scfilter.sys 3F21FBE0550B41240B6A864F6C8C15E4
C:\Windows\System32\drivers\sdbus.sys 725EF6FE7EDB150BF25B3D8EA7819FD4
C:\Windows\System32\drivers\sdstor.sys BCAE716C7A79CCE1012BF6BF910D31A3
C:\Windows\system32\Drivers\secdrv.sys A8CC993CED4DF9710ADAABC9DA66B660
C:\Windows\System32\drivers\SerCx.sys 3DE395F302C4DCD3D4792EB786A7B402
C:\Windows\System32\drivers\serenum.sys C706C88BAEE6B23C86C791EF47D901D4
C:\Windows\System32\drivers\serial.sys F492965E2EDDB1BCA2E000A1085BE082
C:\Windows\System32\drivers\sermouse.sys 409C91880A6A70FDD33CFEDC43D0F808
C:\Windows\System32\drivers\sfloppy.sys BDF7F7AC3700DAF0A19D19C008D408C0
C:\Windows\System32\drivers\sisagp.sys A5A3C56B5E46F77E6992A3772F8E4C8D
C:\Windows\System32\drivers\SiSRaid2.sys 39763193254A265FDA6F08EF375549DF
C:\Windows\System32\drivers\sisraid4.sys 2A95CC135283B3C56B783171532B62D0
C:\Windows\System32\drivers\spaceport.sys 5C9F014F1D52160CEC897C7A684673AA
C:\Windows\System32\drivers\SpbCx.sys C8E9372645392E23CF36B4C1686B1509
C:\Windows\System32\DRIVERS\srv.sys 8B20E19AF56E21E9549D4CA496BB78D6
C:\Windows\System32\DRIVERS\srv2.sys DD81ABA1081A9A4E2999568C0DB61A49
C:\Windows\System32\DRIVERS\srvnet.sys C4006F04178E58192FFD0A82A5E5E897
C:\Windows\System32\drivers\stexstor.sys CC17B7A7C4DD72BE2B10DAF254147A2B
C:\Windows\System32\drivers\storahci.sys EC9B71B41184284E65F496B39C572F30
C:\Windows\System32\DRIVERS\vmstorfl.sys B00DA575ADF228C1D33269CDE92A68EC
C:\Windows\System32\drivers\storvsc.sys 5C538C4975B53C31500BC535FF436CDC
C:\Windows\System32\drivers\swenum.sys 8DCA45AD5E2D83E00A1952BE2B541A27
C:\Windows\System32\drivers\Synth3dVsc.sys 997F0D578CDB5D25EB242B84FC24E0D4
C:\Windows\System32\drivers\tcpip.sys 04FF6793A4083FA17B224D316A5B0BF8
C:\Windows\system32\DRIVERS\tcpip.sys 04FF6793A4083FA17B224D316A5B0BF8
C:\Windows\System32\drivers\tcpipreg.sys D40FB114D559FDDE599293E1B5107644
C:\Windows\System32\DRIVERS\tdx.sys 0886D9F1B5A5334FBB143A260E4BFB5C
C:\Windows\System32\drivers\terminpt.sys 0E099CC6D72DD47CAB9CC3D5DDF0A93E
C:\Windows\system32\drivers\tpm.sys A3E6E1E7DA37D0C919D2A0EA1C18A9F9
C:\Windows\System32\drivers\tsusbflt.sys B9E622309DE8C780E6818531586F2221
C:\Windows\System32\drivers\TsUsbGD.sys 074440A1C04913F7DF81839565A47917
C:\Windows\System32\drivers\tsusbhub.sys 8E998D0E9AFFC3712FC86C484A17827C
C:\Windows\system32\DRIVERS\tunnel.sys 62EE13D4EE7DB793C13F33F51A21170E
C:\Windows\System32\drivers\uagp35.sys E0750A399E378C8433165C843FD7F732
C:\Windows\System32\drivers\uaspstor.sys B3B9DDEEFC3B823B3067DCADCD80014D
C:\Windows\System32\drivers\ucx01000.sys B4475F3B30A06B0E977F44AA3745765C
C:\Windows\System32\DRIVERS\udfs.sys 942D7B29F95DC6C5D14B8758044627C1
C:\Windows\System32\drivers\uliagpkx.sys C4FE9CC8AA769B1D140C07308574969D
C:\Windows\System32\drivers\umbus.sys D54E16CE5FF8493E611CFF34F96F5A00
C:\Windows\System32\drivers\umpass.sys 4F92FB5D2353C1B75F0C3138C1822FC3
C:\Windows\System32\drivers\usbccgp.sys ABFF3E6009343A2613D31FDC241A6D6E
C:\Windows\System32\drivers\usbcir.sys 614BDD1AB210F6DCE5EDFE0624717C94
C:\Windows\System32\drivers\usbehci.sys E7614B639357ADCB056D5FAAB9E2FB00
C:\Windows\System32\drivers\usbhub.sys A091EDE464BB2406BB78DAE7B35B590C
C:\Windows\System32\drivers\UsbHub3.sys DD0AA53DFBCE547020AB57A107B2B7A7
C:\Windows\System32\drivers\usbohci.sys D3641BCE4BE9858423CF0FA843A77AC1
C:\Windows\System32\drivers\usbprint.sys 81F2E53B5945995FD5D459180EB21AE7
C:\Windows\System32\drivers\USBSTOR.SYS 727CE341DF7EFDC94F2868393549F497
C:\Windows\System32\drivers\usbuhci.sys 599D7D0A2DD4F5517DA1ADEAAF0B468F
C:\Windows\System32\drivers\USBXHCI.SYS 3C4D95B57D60FC6871FCE49ADE7CA2EF
C:\Windows\System32\drivers\vdrvroot.sys 0AA85E1C967652071D283147AC4B17CD
C:\Windows\System32\drivers\VerifierExt.sys F70882757673FA7D4E466D811E1AC029
C:\Windows\System32\drivers\vhdmp.sys 01F65399F930E5F26D39F18C1F665B03
C:\Windows\System32\drivers\viaagp.sys 91A67D2DDDD75D173A6590B75E305E3C
C:\Windows\System32\drivers\viac7.sys 0C3370E2CFE0C1A51C37B58A1938837F
C:\Windows\System32\drivers\viaide.sys 11283532CE62BA51557D00E09262ED78
C:\Windows\System32\drivers\vmbus.sys 2E4777120FC246CCF76A69C7BB4AEF57
C:\Windows\System32\drivers\VMBusHID.sys FA7B57977E55B60409FD9E36FC57395C
C:\Windows\System32\drivers\volmgr.sys 7E8BCEEA56197925D944CA7D230596F7
C:\Windows\System32\drivers\volmgrx.sys 9C21037D3983D9B93190D2AA16570395
C:\Windows\System32\drivers\volsnap.sys 8E15C3D58A8ADE841060661DBA6E7A9B
C:\Windows\System32\drivers\vsmraid.sys C5B79DA9C82C01EEFAABA713A858649E
C:\Windows\System32\drivers\vstxraid.sys AB5F5CC034E31E496606E666657F3CC2
C:\Windows\System32\drivers\vwifibus.sys 23044877230094EE20D057BC63ED19F0
C:\Windows\System32\drivers\wacompen.sys B4254668F5806AAA051A320FE88146F6
C:\Windows\system32\DRIVERS\wanarp.sys 44D1EF3CDB0B286FD73A7C0144CC6B1E
C:\Windows\system32\DRIVERS\wanarp.sys 44D1EF3CDB0B286FD73A7C0144CC6B1E
C:\Windows\System32\drivers\wd.sys 9BF0CE1E215789664EB563A52EC0B83B
C:\Windows\system32\drivers\WdBoot.sys 4B4BCF47C86C10322046952D6B4B80E0
C:\Windows\System32\drivers\Wdf01000.sys CEA67D4279BF8A268062F08330179738
C:\Windows\system32\drivers\WdFilter.sys 5CA29AF6E4C46E73311E68FB63066B09
C:\Windows\System32\DRIVERS\wfplwfs.sys B7ADB3799F1B6D8172DFDCE1DA8937F5
C:\Windows\System32\drivers\wimmount.sys 8B7BBA41B67E92B73BAFEBDF570B3703
C:\Windows\System32\drivers\wmiacpi.sys F8A31500A1B7EFDB95E5103A7C7275C1
C:\Windows\System32\DRIVERS\wpcfltr.sys 9C3F5C7B716247756575235A3218FD38
C:\Windows\System32\drivers\WpdUpFltr.sys E5DCECD5A6A21AE48E94F6C9DC0E093C
C:\Windows\system32\drivers\ws2ifsl.sys D646A22FA57F29BB06018CB7C6E0CD6A
C:\Windows\system32\DRIVERS\wsnf.sys C3824F134EE64A70F3F401AB455616B9
C:\Windows\System32\drivers\wstif.sys C22FD7EEEBE7B666AD093E070CB74493
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\drivers\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\system32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-16 09:36 - 2014-02-12 09:30 - 00414944 _____ () C:\Users\Vidya Samson\Desktop\Adware-Removal-Tool-V3.7.exe
2014-02-16 09:32 - 2014-02-16 09:32 - 00001473 _____ () C:\AdwCleaner[s4].txt
2014-02-16 09:31 - 2014-02-16 09:32 - 00001413 _____ () C:\AdwCleaner[R8].txt
2014-02-16 09:31 - 2014-02-16 09:31 - 00030301 _____ () C:\Users\Vidya Samson\Desktop\RKreport[0]_D_02162014_093102.txt
2014-02-16 09:31 - 2014-02-16 09:31 - 00000998 _____ () C:\Users\Vidya Samson\Desktop\RKreport[0]_H_02162014_093106.txt
2014-02-16 09:31 - 2014-02-16 09:31 - 00000909 _____ () C:\Users\Vidya Samson\Desktop\RKreport[0]_PR_02162014_093108.txt
2014-02-16 09:31 - 2014-02-16 09:31 - 00000873 _____ () C:\Users\Vidya Samson\Desktop\RKreport[0]_DN_02162014_093110.txt
2014-02-16 09:29 - 2014-02-16 09:29 - 00030257 _____ () C:\Users\Vidya Samson\Desktop\RKreport[0]_S_02162014_092942.txt
2014-02-16 06:04 - 2014-02-16 09:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-16 06:01 - 2014-02-16 09:16 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-16 05:40 - 2014-02-16 05:40 - 00001833 _____ () C:\Users\Vidya Samson\Desktop\malwarebytes rootkit tool.txt
2014-02-16 05:13 - 2014-02-16 05:14 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Vidya Samson\Desktop\mbar-1.07.0.1009.exe
2014-02-15 14:52 - 2014-02-15 22:24 - 00017433 _____ () C:\Users\Vidya Samson\Desktop\Addition.txt
2014-02-15 14:50 - 2014-02-16 20:39 - 00026889 _____ () C:\Users\Vidya Samson\Desktop\FRST.txt
2014-02-15 14:50 - 2014-02-16 20:39 - 00000000 ____D () C:\FRST
2014-02-15 14:41 - 2014-02-15 14:41 - 01141248 _____ (Farbar) C:\Users\Vidya Samson\Desktop\FRST.exe
2014-02-15 13:57 - 2014-02-15 13:57 - 00010209 _____ () C:\ComboFix.txt
2014-02-15 13:49 - 2014-02-15 13:57 - 00000000 ____D () C:\Qoobox
2014-02-15 13:49 - 2014-02-15 13:56 - 00000000 ____D () C:\Windows\erdnt
2014-02-15 13:49 - 2011-06-26 12:15 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-15 13:49 - 2010-11-07 22:50 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-15 13:49 - 2009-04-20 10:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-15 13:49 - 2000-08-31 05:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-15 13:49 - 2000-08-31 05:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-15 13:49 - 2000-08-31 05:30 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-02-15 13:49 - 2000-08-31 05:30 - 00098816 _____ () C:\Windows\sed.exe
2014-02-15 13:49 - 2000-08-31 05:30 - 00080412 _____ () C:\Windows\grep.exe
2014-02-15 13:49 - 2000-08-31 05:30 - 00068096 _____ () C:\Windows\zip.exe
2014-02-15 12:56 - 2014-02-15 12:57 - 05183211 ____R (Swearware) C:\Users\Vidya Samson\Desktop\ComboFix.exe
2014-02-15 08:41 - 2014-02-15 13:06 - 00005129 _____ () C:\Users\Vidya Samson\Documents\virus removal instructions.txt
2014-02-15 07:20 - 2014-02-16 05:07 - 00015484 _____ () C:\Windows\PFRO.log
2014-02-15 07:20 - 2014-02-15 07:20 - 00460312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-14 23:49 - 2014-02-16 18:01 - 00251566 _____ () C:\Windows\WindowsUpdate.log
2014-02-14 23:21 - 2014-02-16 09:31 - 00000000 ____D () C:\Users\Vidya Samson\Desktop\RK_Quarantine
2014-02-14 23:20 - 2014-02-14 23:20 - 03813376 _____ () C:\Users\Vidya Samson\Desktop\RogueKiller.exe
2014-02-14 22:09 - 2014-02-15 07:20 - 00000404 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-02-14 22:08 - 2014-02-16 17:52 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise Care 365
2014-02-14 22:05 - 2014-02-14 22:05 - 00001118 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-02-14 21:55 - 2014-02-14 22:05 - 00000000 ____D () C:\Program Files\Wise
2014-02-14 21:55 - 2014-02-14 21:55 - 00001115 _____ () C:\Users\Public\Desktop\Wise PC 1stAid.lnk
2014-02-14 21:55 - 2014-02-14 21:55 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise PC 1stAid
2014-02-14 10:13 - 2014-02-14 10:13 - 00930440 _____ (CNET Download.com) C:\Users\Vidya Samson\Desktop\cbsidlm-cbsi176-Wise_Care_365_Free-BP-75744630.exe
2014-02-14 10:12 - 2014-02-14 10:12 - 04749448 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Desktop\WPCASetup.exe
2014-02-14 10:11 - 2014-02-14 10:11 - 04749448 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Downloads\WPCASetup.exe
2014-02-14 10:05 - 2014-02-14 10:05 - 00930440 _____ (CNET Download.com) C:\Users\Vidya Samson\Desktop\cbsidlm-cbsi176-Wise_Registry_Cleaner-BP-10605508.exe
2014-02-14 09:57 - 2014-02-14 09:58 - 03917960 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Desktop\WDCFree.exe
2014-02-13 22:14 - 2014-02-13 22:14 - 04721920 _____ (Piriform Ltd) C:\Users\Vidya Samson\Desktop\ccsetup410.exe
2014-02-13 18:39 - 2014-02-13 18:39 - 00000852 _____ () C:\Users\Vidya Samson\Desktop\JRT.txt
2014-02-13 18:28 - 2014-02-13 18:33 - 00000368 _____ () C:\Windows\system32\.crusader
2014-02-13 16:31 - 2014-02-13 16:31 - 00000000 ____D () C:\Windows\ERUNT
2014-02-13 16:30 - 2014-02-13 16:30 - 01037530 _____ (Thisisu) C:\Users\Vidya Samson\Desktop\JunkwareRemovalTool.exe
2014-02-13 16:15 - 2014-02-15 21:46 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-13 15:59 - 2014-02-14 13:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-13 15:52 - 2014-02-13 15:57 - 09988304 _____ (SurfRight B.V.) C:\Users\Vidya Samson\Desktop\HitmanPro.exe
2014-02-13 15:35 - 2014-02-13 15:35 - 00009203 _____ () C:\Users\Vidya Samson\Desktop\dds.txt
2014-02-13 15:35 - 2014-02-13 15:35 - 00002843 _____ () C:\Users\Vidya Samson\Desktop\attach.txt
2014-02-13 15:30 - 2014-02-13 15:30 - 00001353 _____ () C:\AdwCleaner[s3].txt
2014-02-13 15:30 - 2014-02-13 15:30 - 00001293 _____ () C:\AdwCleaner[R7].txt
2014-02-13 15:25 - 2014-02-13 15:25 - 00000000 ____D () C:\Users\Vidya Samson\Desktop\Old Firefox Data
2014-02-12 10:44 - 2014-02-15 14:25 - 00001139 _____ () C:\Users\Vidya Samson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-02-12 09:48 - 2014-02-12 09:48 - 00001219 _____ () C:\AdwCleaner[s2].txt
2014-02-12 09:47 - 2014-02-12 09:48 - 00001158 _____ () C:\AdwCleaner[R6].txt
2014-02-12 09:46 - 2014-02-12 09:47 - 00001098 _____ () C:\AdwCleaner[R5].txt
2014-02-12 09:44 - 2013-06-12 07:45 - 00648201 _____ () C:\Users\Vidya Samson\Desktop\AdwCleaner.exe
2014-02-12 09:30 - 2014-02-16 09:36 - 00000000 ____D () C:\Program Files\AdwareRemovalToolv3.7
2014-02-12 01:18 - 2014-02-12 01:18 - 00001070 _____ () C:\AdwCleaner[R4].txt
2014-02-12 01:15 - 2014-02-16 09:17 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-12 01:15 - 2014-02-12 01:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-12 01:15 - 2014-02-12 01:15 - 00000983 _____ () C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2014-02-12 01:15 - 2014-02-12 01:15 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Malwarebytes
2014-02-12 01:15 - 2014-02-12 01:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-12 01:15 - 2009-09-10 14:53 - 00019160 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-12 01:10 - 2014-02-12 01:11 - 00001009 _____ () C:\AdwCleaner[R3].txt
2014-02-12 01:05 - 2014-02-12 01:05 - 00005115 _____ () C:\AdwCleaner[s1].txt
2014-02-12 01:04 - 2014-02-12 01:04 - 00004910 _____ () C:\AdwCleaner[R2].txt
2014-02-12 01:04 - 2014-02-12 01:04 - 00004850 _____ () C:\AdwCleaner[R1].txt
2014-02-11 18:00 - 2014-02-11 18:00 - 01043533 _____ () C:\Users\Vidya Samson\AppData\Local\census.cache
2014-02-11 18:00 - 2014-02-11 18:00 - 00142741 _____ () C:\Users\Vidya Samson\AppData\Local\ars.cache
2014-02-11 16:15 - 2014-02-11 16:15 - 00000036 _____ () C:\Users\Vidya Samson\AppData\Local\housecall.guid.cache
2014-02-11 09:12 - 2014-02-11 09:12 - 00688992 ____R (Swearware) C:\Users\Vidya Samson\Desktop\dds.com
2014-02-10 11:36 - 2014-02-10 11:40 - 03917960 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Downloads\WDCFree.exe
2014-02-10 11:34 - 2014-02-14 21:51 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise Registry Cleaner
2014-02-10 11:20 - 2014-02-10 13:06 - 00000426 _____ () C:\Windows\Tasks\Wise Disk Cleaner Schedule Task.job
2014-02-10 11:17 - 2014-02-13 22:14 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-10 11:17 - 2014-02-13 22:14 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-10 11:11 - 2014-02-14 10:01 - 00000000 ____D () C:\Program Files\Wise Registry Cleaner
2014-02-10 11:11 - 2014-02-10 11:21 - 00001090 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-02-10 11:09 - 2014-02-14 22:51 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise Disk Cleaner
2014-02-10 11:09 - 2014-02-14 10:07 - 00001067 _____ () C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
2014-02-10 11:09 - 2014-02-14 10:07 - 00000000 ____D () C:\Program Files\Wise Disk Cleaner
2014-02-05 11:10 - 2014-02-05 11:10 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\OpenOffice.org
2014-02-05 11:07 - 2014-02-10 10:34 - 00000000 ____D () C:\Program Files\OpenOffice.org 3
2014-02-05 10:56 - 2014-02-10 10:40 - 00000000 ____D () C:\Program Files\File Type Assistant
2014-02-05 10:56 - 2014-02-05 10:56 - 16617352 _____ (Bitberry Software ) C:\Users\Vidya Samson\Downloads\FreeFileViewerSetup [1].exe
2014-02-05 10:55 - 2014-02-05 10:55 - 00000046 _____ () C:\Users\Vidya Samson\AppData\Roaming\WB.CFG
2014-02-05 10:52 - 2014-02-05 10:51 - 00139800 _____ () C:\Users\Vidya Samson\Downloads\My Deadly Prince Charming Edits.pages
2014-01-30 12:33 - 2014-01-30 12:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Windows\PCHEALTH
2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-01-30 12:31 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-01-30 12:31 - 2014-01-30 12:31 - 00000000 ___RD () C:\MSOCache

==================== One Month Modified Files and Folders =======

2014-02-16 20:39 - 2014-02-15 14:50 - 00026889 _____ () C:\Users\Vidya Samson\Desktop\FRST.txt
2014-02-16 20:39 - 2014-02-15 14:50 - 00000000 ____D () C:\FRST
2014-02-16 20:30 - 2012-07-26 12:23 - 00000000 ____D () C:\Windows\system32\sru
2014-02-16 20:16 - 2013-07-30 14:46 - 00000468 _____ () C:\Windows\Tasks\Resume Quickup Download.job
2014-02-16 20:07 - 2013-07-31 22:59 - 00000000 ____D () C:\Users\Vidya Samson\Desktop\files to save on CD 2
2014-02-16 18:56 - 2013-08-02 15:50 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\ClassicShell
2014-02-16 18:16 - 2013-07-30 14:46 - 00000492 _____ () C:\Windows\Tasks\Quick Heal AntiMalware Scan.job
2014-02-16 18:01 - 2014-02-14 23:49 - 00251566 _____ () C:\Windows\WindowsUpdate.log
2014-02-16 17:55 - 2013-07-30 14:32 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-16 17:52 - 2014-02-14 22:08 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise Care 365
2014-02-16 17:51 - 2012-07-26 11:34 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-16 11:10 - 2012-07-26 12:23 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-02-16 10:29 - 2012-07-26 12:23 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-16 09:36 - 2014-02-12 09:30 - 00000000 ____D () C:\Program Files\AdwareRemovalToolv3.7
2014-02-16 09:32 - 2014-02-16 09:32 - 00001473 _____ () C:\AdwCleaner[s4].txt
2014-02-16 09:32 - 2014-02-16 09:31 - 00001413 _____ () C:\AdwCleaner[R8].txt
2014-02-16 09:31 - 2014-02-16 09:31 - 00030301 _____ () C:\Users\Vidya Samson\Desktop\RKreport[0]_D_02162014_093102.txt
2014-02-16 09:31 - 2014-02-16 09:31 - 00000998 _____ () C:\Users\Vidya Samson\Desktop\RKreport[0]_H_02162014_093106.txt
2014-02-16 09:31 - 2014-02-16 09:31 - 00000909 _____ () C:\Users\Vidya Samson\Desktop\RKreport[0]_PR_02162014_093108.txt
2014-02-16 09:31 - 2014-02-16 09:31 - 00000873 _____ () C:\Users\Vidya Samson\Desktop\RKreport[0]_DN_02162014_093110.txt
2014-02-16 09:31 - 2014-02-14 23:21 - 00000000 ____D () C:\Users\Vidya Samson\Desktop\RK_Quarantine
2014-02-16 09:29 - 2014-02-16 09:29 - 00030257 _____ () C:\Users\Vidya Samson\Desktop\RKreport[0]_S_02162014_092942.txt
2014-02-16 09:26 - 2014-02-16 06:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-16 09:17 - 2014-02-12 01:15 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-16 09:16 - 2014-02-16 06:01 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-16 05:40 - 2014-02-16 05:40 - 00001833 _____ () C:\Users\Vidya Samson\Desktop\malwarebytes rootkit tool.txt
2014-02-16 05:14 - 2014-02-16 05:13 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Vidya Samson\Desktop\mbar-1.07.0.1009.exe
2014-02-16 05:07 - 2014-02-15 07:20 - 00015484 _____ () C:\Windows\PFRO.log
2014-02-16 05:06 - 2013-07-30 14:33 - 00000000 ____D () C:\Windows\system32\gprodat
2014-02-15 22:24 - 2014-02-15 14:52 - 00017433 _____ () C:\Users\Vidya Samson\Desktop\Addition.txt
2014-02-15 21:46 - 2014-02-13 16:15 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-15 14:41 - 2014-02-15 14:41 - 01141248 _____ (Farbar) C:\Users\Vidya Samson\Desktop\FRST.exe
2014-02-15 14:25 - 2014-02-12 10:44 - 00001139 _____ () C:\Users\Vidya Samson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-02-15 13:57 - 2014-02-15 13:57 - 00010209 _____ () C:\ComboFix.txt
2014-02-15 13:57 - 2014-02-15 13:49 - 00000000 ____D () C:\Qoobox
2014-02-15 13:57 - 2012-07-26 10:13 - 00000000 __RHD () C:\Users\Default
2014-02-15 13:57 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Public
2014-02-15 13:56 - 2014-02-15 13:49 - 00000000 ____D () C:\Windows\erdnt
2014-02-15 13:56 - 2012-07-26 09:47 - 00000215 _____ () C:\Windows\system.ini
2014-02-15 13:06 - 2014-02-15 08:41 - 00005129 _____ () C:\Users\Vidya Samson\Documents\virus removal instructions.txt
2014-02-15 12:57 - 2014-02-15 12:56 - 05183211 ____R (Swearware) C:\Users\Vidya Samson\Desktop\ComboFix.exe
2014-02-15 07:20 - 2014-02-15 07:20 - 00460312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-15 07:20 - 2014-02-14 22:09 - 00000404 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-02-15 07:20 - 2013-07-30 14:23 - 00000000 ____D () C:\Users\Vidya Samson
2014-02-14 23:49 - 2013-07-30 15:19 - 00000000 ____D () C:\Windows\Panther
2014-02-14 23:20 - 2014-02-14 23:20 - 03813376 _____ () C:\Users\Vidya Samson\Desktop\RogueKiller.exe
2014-02-14 22:51 - 2014-02-10 11:09 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise Disk Cleaner
2014-02-14 22:05 - 2014-02-14 22:05 - 00001118 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-02-14 22:05 - 2014-02-14 21:55 - 00000000 ____D () C:\Program Files\Wise
2014-02-14 21:55 - 2014-02-14 21:55 - 00001115 _____ () C:\Users\Public\Desktop\Wise PC 1stAid.lnk
2014-02-14 21:55 - 2014-02-14 21:55 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise PC 1stAid
2014-02-14 21:51 - 2014-02-10 11:34 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise Registry Cleaner
2014-02-14 16:59 - 2013-10-21 21:41 - 00000000 ____D () C:\Users\Vidya Samson\Desktop\SAMSON 2
2014-02-14 13:23 - 2014-02-13 15:59 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-14 10:13 - 2014-02-14 10:13 - 00930440 _____ (CNET Download.com) C:\Users\Vidya Samson\Desktop\cbsidlm-cbsi176-Wise_Care_365_Free-BP-75744630.exe
2014-02-14 10:12 - 2014-02-14 10:12 - 04749448 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Desktop\WPCASetup.exe
2014-02-14 10:11 - 2014-02-14 10:11 - 04749448 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Downloads\WPCASetup.exe
2014-02-14 10:07 - 2014-02-10 11:09 - 00001067 _____ () C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
2014-02-14 10:07 - 2014-02-10 11:09 - 00000000 ____D () C:\Program Files\Wise Disk Cleaner
2014-02-14 10:05 - 2014-02-14 10:05 - 00930440 _____ (CNET Download.com) C:\Users\Vidya Samson\Desktop\cbsidlm-cbsi176-Wise_Registry_Cleaner-BP-10605508.exe
2014-02-14 10:01 - 2014-02-10 11:11 - 00000000 ____D () C:\Program Files\Wise Registry Cleaner
2014-02-14 09:58 - 2014-02-14 09:57 - 03917960 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Desktop\WDCFree.exe
2014-02-13 22:14 - 2014-02-13 22:14 - 04721920 _____ (Piriform Ltd) C:\Users\Vidya Samson\Desktop\ccsetup410.exe
2014-02-13 22:14 - 2014-02-10 11:17 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-13 22:14 - 2014-02-10 11:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-13 18:39 - 2014-02-13 18:39 - 00000852 _____ () C:\Users\Vidya Samson\Desktop\JRT.txt
2014-02-13 18:33 - 2014-02-13 18:28 - 00000368 _____ () C:\Windows\system32\.crusader
2014-02-13 16:31 - 2014-02-13 16:31 - 00000000 ____D () C:\Windows\ERUNT
2014-02-13 16:30 - 2014-02-13 16:30 - 01037530 _____ (Thisisu) C:\Users\Vidya Samson\Desktop\JunkwareRemovalTool.exe
2014-02-13 15:57 - 2014-02-13 15:52 - 09988304 _____ (SurfRight B.V.) C:\Users\Vidya Samson\Desktop\HitmanPro.exe
2014-02-13 15:35 - 2014-02-13 15:35 - 00009203 _____ () C:\Users\Vidya Samson\Desktop\dds.txt
2014-02-13 15:35 - 2014-02-13 15:35 - 00002843 _____ () C:\Users\Vidya Samson\Desktop\attach.txt
2014-02-13 15:30 - 2014-02-13 15:30 - 00001353 _____ () C:\AdwCleaner[s3].txt
2014-02-13 15:30 - 2014-02-13 15:30 - 00001293 _____ () C:\AdwCleaner[R7].txt
2014-02-13 15:25 - 2014-02-13 15:25 - 00000000 ____D () C:\Users\Vidya Samson\Desktop\Old Firefox Data
2014-02-12 09:48 - 2014-02-12 09:48 - 00001219 _____ () C:\AdwCleaner[s2].txt
2014-02-12 09:48 - 2014-02-12 09:47 - 00001158 _____ () C:\AdwCleaner[R6].txt
2014-02-12 09:47 - 2014-02-12 09:46 - 00001098 _____ () C:\AdwCleaner[R5].txt
2014-02-12 09:30 - 2014-02-16 09:36 - 00414944 _____ () C:\Users\Vidya Samson\Desktop\Adware-Removal-Tool-V3.7.exe
2014-02-12 09:22 - 2012-07-26 12:23 - 00000024 _____ () C:\AUTOEXEC.BAT
2014-02-12 01:18 - 2014-02-12 01:18 - 00001070 _____ () C:\AdwCleaner[R4].txt
2014-02-12 01:16 - 2014-02-12 01:15 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-12 01:15 - 2014-02-12 01:15 - 00000983 _____ () C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2014-02-12 01:15 - 2014-02-12 01:15 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Malwarebytes
2014-02-12 01:15 - 2014-02-12 01:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-12 01:11 - 2014-02-12 01:10 - 00001009 _____ () C:\AdwCleaner[R3].txt
2014-02-12 01:05 - 2014-02-12 01:05 - 00005115 _____ () C:\AdwCleaner[s1].txt
2014-02-12 01:04 - 2014-02-12 01:04 - 00004910 _____ () C:\AdwCleaner[R2].txt
2014-02-12 01:04 - 2014-02-12 01:04 - 00004850 _____ () C:\AdwCleaner[R1].txt
2014-02-12 00:33 - 2013-07-30 07:39 - 00000539 _____ () C:\Windows\system32\nvscnrpt.log
2014-02-11 18:00 - 2014-02-11 18:00 - 01043533 _____ () C:\Users\Vidya Samson\AppData\Local\census.cache
2014-02-11 18:00 - 2014-02-11 18:00 - 00142741 _____ () C:\Users\Vidya Samson\AppData\Local\ars.cache
2014-02-11 16:15 - 2014-02-11 16:15 - 00000036 _____ () C:\Users\Vidya Samson\AppData\Local\housecall.guid.cache
2014-02-11 09:12 - 2014-02-11 09:12 - 00688992 ____R (Swearware) C:\Users\Vidya Samson\Desktop\dds.com
2014-02-10 13:06 - 2014-02-10 11:20 - 00000426 _____ () C:\Windows\Tasks\Wise Disk Cleaner Schedule Task.job
2014-02-10 13:06 - 2013-07-31 09:53 - 00000000 ____D () C:\Program Files\Scriptware for Windows
2014-02-10 13:06 - 2013-07-30 19:03 - 00000000 ____D () C:\Program Files\Final Draft 5
2014-02-10 13:06 - 2013-07-29 23:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-10 13:06 - 2013-07-29 23:56 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-10 13:05 - 2014-01-12 11:51 - 10223616 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-02-10 13:05 - 2013-07-30 00:14 - 47185920 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-02-10 13:05 - 2012-07-26 09:47 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-02-10 13:05 - 2012-07-26 09:47 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-02-10 13:05 - 2012-07-26 09:47 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-02-10 12:12 - 2013-12-11 14:31 - 00000000 ____D () C:\Users\Vidya Samson\Documents\My Kindle Content
2014-02-10 12:02 - 2013-11-08 11:04 - 00002228 _____ () C:\Users\Vidya Samson\Desktop\Kindle.lnk
2014-02-10 11:40 - 2014-02-10 11:36 - 03917960 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Downloads\WDCFree.exe
2014-02-10 11:21 - 2014-02-10 11:11 - 00001090 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-02-10 10:52 - 2013-07-30 00:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-10 10:40 - 2014-02-05 10:56 - 00000000 ____D () C:\Program Files\File Type Assistant
2014-02-10 10:35 - 2014-01-16 13:20 - 00000000 ____D () C:\Program Files\Java
2014-02-10 10:34 - 2014-02-05 11:07 - 00000000 ____D () C:\Program Files\OpenOffice.org 3
2014-02-09 23:42 - 2012-07-26 09:47 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-02-09 04:39 - 2013-07-29 23:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-05 13:23 - 2013-09-04 11:11 - 00000000 ____D () C:\Users\Vidya Samson\Desktop\SAMSON 3
2014-02-05 11:10 - 2014-02-05 11:10 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\OpenOffice.org
2014-02-05 10:56 - 2014-02-05 10:56 - 16617352 _____ (Bitberry Software ) C:\Users\Vidya Samson\Downloads\FreeFileViewerSetup [1].exe
2014-02-05 10:55 - 2014-02-05 10:55 - 00000046 _____ () C:\Users\Vidya Samson\AppData\Roaming\WB.CFG
2014-02-05 10:51 - 2014-02-05 10:52 - 00139800 _____ () C:\Users\Vidya Samson\Downloads\My Deadly Prince Charming Edits.pages
2014-01-30 12:33 - 2014-01-30 12:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-01-30 12:33 - 2013-07-30 00:04 - 00000000 ____D () C:\Program Files\MSBuild
2014-01-30 12:33 - 2012-07-26 12:23 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Windows\PCHEALTH
2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-01-30 12:32 - 2014-01-30 12:31 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-01-30 12:32 - 2012-07-26 12:23 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-01-30 12:32 - 2012-07-26 12:23 - 00000000 ____D () C:\Program Files\Common Files\System
2014-01-30 12:32 - 2012-07-26 12:19 - 00000000 ____D () C:\Windows\ShellNew
2014-01-30 12:32 - 2012-07-26 09:47 - 00000167 _____ () C:\Windows\win.ini
2014-01-30 12:31 - 2014-01-30 12:31 - 00000000 ___RD () C:\MSOCache

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2012-07-26 04:41] - [2012-07-26 09:20] - 2114936 ____A (Microsoft Corporation) 5B6ED1B57DBFF18D405A0260559B571E

C:\Windows\system32\winlogon.exe
[2012-07-26 05:25] - [2012-07-26 08:51] - 0411648 ____A (Microsoft Corporation) C06BA1F360CEF6AB51F41B3D0D5FE92D

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe
[2012-07-26 05:31] - [2012-07-26 08:50] - 0023040 ____A (Microsoft Corporation) 0A175AF8B65797BD22C11903A8BFEB2D

C:\Windows\system32\services.exe
[2012-07-26 09:47] - [2012-07-26 09:47] - 0333312 ____A (Microsoft Corporation) 575FB4211BB07DB7D2179B1B05FE7EFD

C:\Windows\system32\User32.dll
[2012-07-26 05:33] - [2012-07-26 08:50] - 1171968 ____A (Microsoft Corporation) 4A18E559ECE09C7A1021CEFEC22F0BE6

C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
integrityservices Enable
default {current}
resumeobject {4fbeb3d4-f8fd-11e2-a3dc-fa0863b6e204}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 8
locale en-US
inherit {bootloadersettings}
recoverysequence {4fbeb3d6-f8fd-11e2-a3dc-fa0863b6e204}
integrityservices Enable
recoveryenabled Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \Windows
resumeobject {4fbeb3d4-f8fd-11e2-a3dc-fa0863b6e204}
nx OptIn
bootmenupolicy Standard

Windows Boot Loader
-------------------
identifier {4fbeb3d6-f8fd-11e2-a3dc-fa0863b6e204}
device ramdisk=[\Device\HarddiskVolume1]\Recovery\4fbeb3d6-f8fd-11e2-a3dc-fa0863b6e204\Winre.wim,{4fbeb3d7-f8fd-11e2-a3dc-fa0863b6e204}
path \windows\system32\winload.exe
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\4fbeb3d6-f8fd-11e2-a3dc-fa0863b6e204\Winre.wim,{4fbeb3d7-f8fd-11e2-a3dc-fa0863b6e204}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Resume from Hibernate
---------------------
identifier {4fbeb3d4-f8fd-11e2-a3dc-fa0863b6e204}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {4fbeb3d6-f8fd-11e2-a3dc-fa0863b6e204}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {4fbeb3d7-f8fd-11e2-a3dc-fa0863b6e204}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \Recovery\4fbeb3d6-f8fd-11e2-a3dc-fa0863b6e204\boot.sdi

LastRegBack: 2014-02-16 08:07

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01
Ran by Vidya Samson at 2014-02-15 22:24:02
Running from C:\Users\Vidya Samson\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Quick Heal Total Security 2013 (Enabled - Up to date) {D8418B0E-EE80-1320-B172-3D5DEB3CE14F}
AS: Quick Heal Total Security 2013 (Enabled - Up to date) {63206AEA-C8BA-1CAE-8BC2-062F90BBABF2}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Quick Heal Firewall (Enabled) {E07A0A2B-A4EF-1278-9A2D-946815EFA634}

==================== Installed Programs ======================

Adobe Reader X (10.1.9) (Versi

**Juliet** · February 16, 2014

OK

That shows no remaining malware, it does show your security package as in how heavy it's in your system and appears to be running as you think.

For the external drives we could use EsetOnlineScanner.. But be aware this may take a considerable amount of time as it does a very thorough scan

The drives will need to be connected

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here to run the scan.
http://www.eset.com/us/online-scanner/run Online Virus Scanner

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

crossword · February 17, 2014

"That shows no remaining malware, it does show your security package as in how heavy it's in your system and appears to be running as you think."

But if there is no remaining malware, then why am I still unabe to acess my sites and why does it still keep redirecting to other sites like facebook and google analytics, which I read is a sign of malware?

From what you said I assumed it was my ext drive causing the problem, so I disconnected it. But the problem remains.

"For the external drives we could use EsetOnlineScanner."

Yes I'll do that but what about my computer itself? Why is no program finding any malware yet my problem remains?

**Juliet** · February 17, 2014

I am trying to help you find the cause of all these issues, we do rootkit/bootkit scans and it returns nothing found.

You could download and run HitmanPro again and save the log?

HitmanPro

Please download HitmanPro.
Launch the program by double clicking on the icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
Click on the next button. You must agree with the terms of EULA.
Check the box beside "No, I only want to perform a one-time scan to check this computer".
Click on the next button.
The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
Click on the next button.
Click on the "Export scan results to XML file".
Save that file to your desktop and zip and attach it in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~`

3. Reset the IP/DNS settings of your interent connection:

Go to Start -> Control Panel -> Double click on Network Connections.
Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
Select the General tab.
Double click on Internet Protocol (TCP/IP).
?Under General tab:
Select "Obtain an IP address automatically".
Select "Obtain DNS server address automatically".
Click OK twice to save the settings.
Reboot if you had to change any setting.
4. Flush the DNS cache:
- Click the Start logo in the bottom left corner of the screen
- Click on Run or press Windows Logo+R
- In the command window copy/paste the following (one at a time):
```
ipconfig /flushdns

netsh winsock reset
```
- Then hit enter.
- Exit the command window.
5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Please download aswMBR ( 511KB ) to your desktop.
- Double click the aswMBR.exe icon to run it
- Click the Scan button to start the scan
- On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

**Juliet** · February 19, 2014

It has been 2 days since you have replied, do you still need help?

Sign In

I think i have a virus; i can't access some sites

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites