crossword Posted February 11, 2014 Share Posted February 11, 2014 (edited) A beta reader sent me her feedback of my novel in a .pages file. I googled how to open such files and followed the instructions given. They said to change file ext to .zip etc. didnt work for me. Still could not open. Then another site said IE and Open office could open them. didnt work for me. So I downloaded this: FreeFileViewer Cos they said it could open any file. And I got only junk characters when I opened with it. On top of that it automatically installed on my comp 2 programs: My search dial And Right Surf And those were annoying, so I had to uninstall. I'm worried I may have got some virus with all the above. I now regret downloading anything. Problem is: I can access some pages at my writing site zoetrope.com. but when I try to access the discussion pages: http://www.zoetrope.com/members/sub/sub_discuss.cgi?section_id=1 and http://www.zoetrope.com/members/sub/sub_discuss.cgi?section_id=2 I often cannot. In fact today I couldnt at all. The bar at the bottom of the screen starts off by saying "waiting for www.zoetrope.com." And then it says "waiting for google-analytics.com" And the page simply does not appear for me. Same problem when I try to access this site for those who write and publish e-books: http://www.kboards.com/index.php/topic,177586.0.html I get the message waiting for bluedotmedia.org and the page simply does not load. So I fear the junkware installed on my comp and which I uninstalled as soon as I saw it was there, may be causing my problems. I live in india and was recommended QuickHeal Anti virus. The west does not seem to have heard of it but its popular here. So I ran it, plus ccleaner, wisedisk cleaner, wise registry cleaner. They detected no problems. Someone told me to run this: http://housecall.trendmicro.com/ but I can't because it too is another site I simply cannot acess. Thanks for any help. My logs: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.0.0 Run by Vidya Samson at 9:14:46 on 2014-02-11 Microsoft Windows 8 Enterprise 6.2.9200.0.1252.1.1033.18.3326.1895 [GMT 5.5:30] . AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Quick Heal Total Security 2013 *Enabled/Updated* {D8418B0E-EE80-1320-B172-3D5DEB3CE14F} SP: Quick Heal Total Security 2013 *Enabled/Updated* {63206AEA-C8BA-1CAE-8BC2-062F90BBABF2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Quick Heal Firewall *Enabled* {E07A0A2B-A4EF-1278-9A2D-946815EFA634} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhostex.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE C:\Windows\Explorer.EXE C:\Program Files\Classic Shell\ClassicStartMenu.exe C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Quick Heal\Quick Heal Total Security\onlinent.exe C:\Program Files\Microsoft Encarta\Encarta Reference Library DVD 2003\EDICT.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\Office14\WINWORD.EXE C:\Windows\system32\CNAB4RPK.EXE C:\Windows\splwow64.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE C:\Windows\system32\taskmgr.exe C:\Program Files\Microsoft Encarta\Encarta Reference Library DVD 2003\encarta.exe C:\Program Files\WinRAR\WinRAR.exe C:\Users\VIDYAS~1\AppData\Local\Temp\Rar$EX00.748\Everything-1.2.1.371.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CtA0FyEyE0BtA0D0BzytBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=863098808&ir= mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CtA0FyEyE0BtA0D0BzytBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=863098808&ir= BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - c:\program files\classic shell\ClassicExplorer32.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - c:\program files\classic shell\ClassicIEDLL_32.dll TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - c:\program files\classic shell\ClassicExplorer32.dll EB: Encarta &Researcher: {9455301C-CF6B-11D3-A266-00C04F689C50} - c:\program files\common files\microsoft shared\encarta researcher\EROPROJ.DLL mRun: [Quick Heal Core UI] "c:\program files\quick heal\quick heal total security\strtupap.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\canonl~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\CNAB4LAK.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: disablecad = dword:1 IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\classic shell\ClassicIE_32.exe IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {9455301C-CF6B-11D3-A266-00C04F689C50} - {9455301C-CF6B-11D3-A266-00C04F689C50} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{E5E84425-7882-4C62-BDB5-54E5415D47D4} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - c:\program files\common files\microsoft shared\encarta researcher\MSERO.DLL SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\vidya samson\appdata\roaming\mozilla\firefox\profiles\g9ecgrm8.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.zoetrope.com/members/priv/index.cgi?show_page=discuss&owner=14437 FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.mysearchdial.hmpg - true FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CtA0FyEyE0BtA0D0BzytBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=863098808&ir= FF - user.js: extensions.mysearchdial.dfltSrch - true FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial FF - user.js: extensions.mysearchdial.dnsErr - true FF - user.js: extensions.mysearchdial_i.newTab - false FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd0103&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CtA0FyEyE0BtA0D0BzytBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=863098808&ir= FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd0103&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CtA0FyEyE0BtA0D0BzytBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=863098808&ir=&q= FF - user.js: extensions.mysearchdial.id - 60A44C3F44B3DB92 FF - user.js: extensions.mysearchdial.instlDay - 16106 FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0 FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0 FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.010:55:32 FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial FF - user.js: extensions.mysearchdial.prdct - mysearchdial FF - user.js: extensions.mysearchdial.aflt - irmsd0103 FF - user.js: extensions.mysearchdial_i.smplGrp - none FF - user.js: extensions.mysearchdial.tlbrId - base FF - user.js: extensions.mysearchdial.instlRef - FF - user.js: extensions.mysearchdial.dfltLng - FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} FF - user.js: extensions.mysearchdial.excTlbr - false FF - user.js: extensions.mysearchdial_i.hmpg - true FF - user.js: extensions.mysearchdial.cr - 863098808 FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzuyCtD0AyEyE0CtA0FyEyE0BtA0D0BzytBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R FF - user.js: extensions.mysearchdial.AL - 2 FF - user.js: extensions.irmysearch.aflt - irmsd0103 FF - user.js: extensions.irmysearch.instlRef - FF - user.js: extensions.irmysearch.cr - 863098808 FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzuyCtD0AyEyE0CtA0FyEyE0BtA0D0BzytBtN0D0Tzu0SyByCyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R . . . . . . . ============= SERVICES / DRIVERS =============== . R1 ggc;ggc;c:\windows\system32\drivers\ggc.sys [2013-7-30 49904] R1 wsnf;Network Filter Driver;c:\windows\system32\drivers\wsnf.sys [2013-7-30 38856] R1 wstif;wstif;c:\windows\system32\drivers\wstif.sys [2013-7-30 68448] R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [2012-9-8 40416] R2 Core Mail Protection;Core Mail Protection;c:\program files\quick heal\quick heal total security\EMLPROXY.EXE [2012-7-28 29680] R2 Core Scanning Server;Core Scanning Server;c:\program files\quick heal\quick heal total security\SAPISSVC.EXE [2012-7-28 206320] R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [2013-7-30 29424] R2 Online Protection System;Online Protection System;c:\program files\quick heal\quick heal total security\OPSSVC.EXE [2012-7-28 25584] R2 Quick Update Service;Quick Update Service;c:\program files\quick heal\quick heal total security\QUHLPSVC.EXE [2012-7-28 91120] R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\drivers\Rt630x86.sys [2012-7-26 495104] S0 mscank;mscank;c:\windows\system32\drivers\mscank.sys [2013-7-30 33136] S2 Core Scanning ServerEx;Core Scanning ServerEx;c:\program files\quick heal\quick heal total security\SAPISSVC.EXE [2012-7-28 206320] S3 llio;llio;c:\windows\system32\drivers\llio.sys [2013-8-14 55712] . =============== Created Last 30 ================ . 2014-02-10 06:04:31 -------- d-----w- c:\users\vidya samson\appdata\roaming\Wise Registry Cleaner 2014-02-10 05:47:45 -------- d-----w- c:\program files\CCleaner 2014-02-10 05:41:29 -------- d-----w- c:\program files\Wise Registry Cleaner 2014-02-10 05:39:25 -------- d-----w- c:\users\vidya samson\appdata\roaming\Wise Disk Cleaner 2014-02-10 05:39:14 -------- d-----w- c:\program files\Wise Disk Cleaner 2014-02-08 22:42:56 31856 ----a-w- c:\program files\mozilla firefox\CommandExecuteHandler.exe 2014-02-05 05:40:17 -------- d-----w- c:\users\vidya samson\appdata\roaming\OpenOffice.org 2014-02-05 05:37:30 -------- d-----w- c:\program files\OpenOffice.org 3 2014-02-05 05:26:50 -------- d-----w- c:\program files\File Type Assistant 2014-01-30 07:02:53 -------- d-----w- c:\program files\Microsoft Synchronization Services 2014-01-30 07:02:39 -------- d-----w- c:\windows\PCHEALTH 2014-01-30 07:02:39 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2014-01-30 07:02:11 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2014-01-30 07:02:02 -------- d-----w- c:\program files\Microsoft Analysis Services 2014-01-16 07:50:27 611224 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2014-01-16 07:50:27 544656 ----a-w- c:\windows\system32\deployJava1.dll . ==================== Find3M ==================== . . ============= FINISH: 9:16:55.55 =============== 2nd log: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Enterprise Boot Device: \Device\HarddiskVolume1 Install Date: 7/30/2013 2:23:05 PM System Uptime: 2/11/2014 4:48:47 AM (5 hours ago) . Motherboard: ASUSTeK Computer INC. | | M5A78L-M LX V2 Processor: AMD Athlon II X2 270 Processor | AM3R2 | 3400/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 63 GiB total, 33.695 GiB free. D: is FIXED (NTFS) - 146 GiB total, 132.394 GiB free. E: is FIXED (NTFS) - 186 GiB total, 183.98 GiB free. F: is FIXED (NTFS) - 70 GiB total, 68.699 GiB free. G: is CDROM () H: is FIXED (NTFS) - 244 GiB total, 238.616 GiB free. I: is FIXED (NTFS) - 222 GiB total, 211.324 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP30: 2/5/2014 11:07:06 AM - Installed Java 6 Update 13 RP31: 2/10/2014 10:33:15 AM - Removed OpenOffice.org 3.1 . ==== Installed Programs ====================== . Adobe Reader X (10.1.9) Amazon Kindle American Heritage Talking Dictionary Canon LBP2900 CCleaner Classic Shell Final Draft 5 Java Auto Updater Java 7 Microsoft Encarta Reference Library 2003 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Text-to-Speech Engine 4.0 (English) Mozilla Firefox 28.0 (x86 en-US) Mozilla Maintenance Service Nero 7 Essentials neroxml Quick Heal Total Security Scriptware for Windows Shockwave UBitMenu UK VLC media player 2.0.3 WinRAR archiver Wise Disk Cleaner 6.14 Wise Registry Cleaner 6.14 . ==== Event Viewer Messages From Past Week ======== . 2/11/2014 4:49:32 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 2/11/2014 4:49:25 AM, Error: Microsoft-Windows-Ntfs [98] - Volume I: (\Device\HarddiskVolume7) needs to be taken offline to perform a Full Chkdsk. Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell. . ==== End Of File =========================== Edited February 11, 2014 by Juliet Link to post Share on other sites
Juliet Posted February 11, 2014 Share Posted February 11, 2014 Hi and welcome Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix. I will be asking you to try and download a couple of tools to scan the computer. Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) ********************************* Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com) There are 6 different versions. If one of them won't run then download and try to run the other one. Vista and Win7 users need to right click and choose Run as Admin You only need to get one of them to run, not all of them. rkill.exe rkill.com rkill.scr rkill.pif WiNlOgOn.exe uSeRiNiT.exe ************************************ NEXT** Please download Farbar's Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ and save it to your Desktop. (use correct version for your system.....Which system am I using?) and Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. Press Scan button It will produce a log called FRST.txt in the same directory the tool is run from. Please copy and paste log back here. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. Copies of logs are saved at %systemdrive%:\FRST\Logs (in most cases this will be C:\FRST\Logs). Link to post Share on other sites
Juliet Posted February 13, 2014 Share Posted February 13, 2014 still need help? Link to post Share on other sites
crossword Posted February 14, 2014 Author Share Posted February 14, 2014 yes i still need help. will get back to you. been having trouble accessing this site and others. Link to post Share on other sites
Juliet Posted February 14, 2014 Share Posted February 14, 2014 Sorry to hear your having all these problems. Since I don't see any logs to diagnose I can only suspect whats happening. Try to run the below tool and see if it will allow you access to a couple of malware removal sites to download the tools I need you to scan with. lease download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com) There are 6 different versions. If one of them won't run then download and try to run the other one. Vista and Win7 users need to right click and choose Run as Admin You only need to get one of them to run, not all of them. rkill.exe rkill.com rkill.scr rkill.pif WiNlOgOn.exe uSeRiNiT.exe Link to post Share on other sites
crossword Posted February 15, 2014 Author Share Posted February 15, 2014 I downloaded rogue killer from bleeping forums. Ran the scan. I think the below is the log, I got it when I clicked MBR Tried to download Farbar's Recovery Scan Tool but was told I had to register. Tried to but kept being told: Sorry, you don't have permission for that! [#2000] You are not allowed to visit this community. Need Help? Click here to log in Our help documentation Contact the community administrator *** But when I tried to contact admin again it took me nowhere. Anyway I deleted after I ran Rogue. But my problems remain, I still get redirected when I try to access my usual sites like gmail and my writing sites. the RK log, after I pressed delete : ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AZRX-00A8LB0 +++++ --- User --- [MBR] 4c60b75ac5499f737528ec3ec06fd380 [bSP] efa6806e77e4a8092b21dd211a11fc43 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 64650 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 133122048 | Size: 71938 Mo 3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 280451072 | Size: 340000 Mo 33 c0 8e d0 bc 00 7c 8e c0 8e d8 be 00 7c bf 00 06 b9 00 02 fc f3 a4 50 68 1c 06 cb fb b9 04 00 bd be 07 80 7e 00 00 7c 0b 0f 85 0e 01 83 c5 10 e2 f1 cd 18 88 56 00 55 c6 46 11 05 c6 46 10 00 b4 41 bb aa 55 cd 13 5d 72 0f 81 fb 55 aa 75 09 f7 c1 01 00 74 03 fe 46 10 66 60 80 7e 10 00 74 26 66 68 00 00 00 00 66 ff 76 08 68 00 00 68 00 7c 68 01 00 68 10 00 b4 42 8a 56 00 8b f4 cd 13 9f 83 c4 10 9e eb 14 b8 01 02 bb 00 7c 8a 56 00 8a 76 01 8a 4e 02 8a 6e 03 cd 13 66 61 73 1c fe 4e 11 75 0c 80 7e 00 80 0f 84 8a 00 b2 80 eb 84 55 32 e4 8a 56 00 cd 13 5d eb 9e 81 3e fe 7d 55 aa 75 6e ff 76 00 e8 8d 00 75 17 fa b0 d1 e6 64 e8 83 00 b0 df e6 60 e8 7c 00 b0 ff e6 64 e8 75 00 fb b8 00 bb cd 1a 66 23 c0 75 3b 66 81 fb 54 43 50 41 75 32 81 f9 02 01 72 2c 66 68 07 bb 00 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 53 66 55 66 68 00 00 00 00 66 68 00 7c 00 00 66 61 68 00 00 07 cd 1a 5a 32 f6 ea 00 7c 00 00 cd 18 a0 b7 07 eb 08 a0 b6 07 eb 03 a0 b5 07 32 e4 05 00 07 8b f0 ac 3c 00 74 09 bb 07 00 b4 0e cd 10 eb f2 f4 eb fd 2b c9 e4 64 eb 00 24 02 e0 f8 24 02 c3 49 6e 76 61 6c 69 64 20 70 61 72 74 69 74 69 6f 6e 20 74 61 62 6c 65 00 45 72 72 6f 72 20 6c 6f 61 64 69 6e 67 20 6f 70 65 72 61 74 69 6e 67 20 73 79 73 74 65 6d 00 4d 69 73 73 69 6e 67 20 6f 70 65 72 61 74 69 6e 67 20 73 79 73 74 65 6d 00 00 00 63 7b 9a b1 c9 55 88 00 00 3.....|......|.........Ph...........~..|.............V.U.F...F...A..U..]r...U.u.....t..F.f`.~..t&fh....f.v.h..h.|h..h...B.V.................|.V..v..N..n...fas..N.u..~..........U2..V...]...>.}U.un.v....u.....d......`.|....d.u.......f#.u;f..TCPAu2....r,fh....fh....fh....fSfSfUfh....fh.|..fah.....Z2...|.................2.......<.t.............+..d..$...$..Invalid partition table.Error loading operating system.Missing operating system...c{...U... User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Seagate Portable USB Device +++++ --- User --- [MBR] 2e55e29d1a2e061b3a72ea87510616c3 [bSP] efeadd22efe89143fc9f1ce47f61cffb : Empty MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 250003 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 512007615 | Size: 226933 Mo 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 46 c5 8b 1e 00 00 ........................................................................................................................................................................................................................................................................................................................................................................................................................................................F..... User = LL1 ... OK! Error reading LL2 MBR! Link to post Share on other sites
crossword Posted February 15, 2014 Author Share Posted February 15, 2014 Also, as I said I'm not always able to access sites, including this page. Sometimes I get my gmail, sometimes no. since I couldn’t get to this page earlier, I asked a friend to look at teh problem. He said the prob was the malware my search dial has been installed on my comp and he directed me to these links: http://community.trendmicro.com/t5/Titanium/How-do-I-get-rid-of-My-Search-Dial/td-p/136281 malwaretips.com/blogs/start-mysearchdial-removal/ botcrawl.com/how-to-remove-mysearchdial-toolbar/ www.techsupportall.com/remove-start-mysearchdial-com-removal-help I studied all of them and followed all the instructions to remove my search dial from IE and Firefox [i don’t have google chrome] And it seemed to work. I even reset both IE and FF as one of the above sites advised. I ran the latest version of Ccleaner wisedisk cleaner, wise registry cleaner. I ran AdwCleaner and then checked the dds logs again. AdwCleaner did NOT succeed in removing the mysearchdial Then I ran Adware Removal mentioned in one of the above sites. and then checked the dds logs again. Mysearchdial was no longer in them. So what does this mean? Does it mean: 1. even removing the malware manually from IE and FF wasn’t enough? Well I suppose obviously. 2. AdwCleaner is pretty useless since AdwCleaner did NOT succeed in removing the mysearchdial But Adware Removal is DA BOMB since it seemed to have removed it? I ask cos I should know which are the reliable programs to trust. And you too will be able i suppose to recommend strongly on your forum the ones that really work. Anyway the comp worked ok for some time but I was still suspicious cos I still saw it trying to redirect these sites even if gmail etc did load pretty quickly. And now once again I can't access certain pages/sites. So I downloaded Junkware Removal Tool and Hitman Pro also mentioned on these sites. No use. Then I remembered I had got TWO unwanteds. So I searched for Right Surf in my finder EVERYTHING. Found 4 instances. they're all .exe files and all the path names have a "prefetch" at teh end. I suspect this is what is causing the problem now. But who knows if there are other problems too? Another ques: So, DDs logs dont show every problem? Because they didnt show Right Surf though they showed AND: which are the absolute best junkware and adware removal tools? Do you have a page where you list the best? You can see I tried various but no use. Thanks! Link to post Share on other sites
Juliet Posted February 15, 2014 Share Posted February 15, 2014 I think the infection you have is embedded deeply in this machine and is much worse then simple adware. Please try to disable your computers security just long enough to see if you can access the sites again, Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. How to use ComboFix Download ComboFix from here: Link 1 Link 2 Link 3 Place ComboFix.exe on your Desktop <--Important Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. You can get help on disabling your protection programs here Double click on ComboFix.exe & follow the prompts. You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this) Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. --------------------------------------------------------------------------------------------- If there are Internet issues after running ComboFix: Internet Explorer: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok. Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself. Chrome: Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself. Safari Launch Safari Go to general settings menu Then in Preferences/ Advanced Then on line click Proxies change settings ... Click Internet Options, then click the Connections tab, click Network Settings. Disable option (uncheck) for the use of proxy server ... Link to post Share on other sites
crossword Posted February 15, 2014 Author Share Posted February 15, 2014 Thanks. Below is the log. I doubt the problem has been solved since after I got the log, I searched again for Right Surf in my finder EVERYTHING. Found the same 4 instances. they're all .exe files and all the path names have a "prefetch" at teh end. Two are in C Folder, 2 in H, which is my ext drive. I had had my drive plugged in when I got the virus and never removed it since I figured antivirus scans etc would benefit the drive too. Now I'm worried. How do I remove this malware from my comp and also my ext drive? Also I managed just now to Download Farbar Recovery Scan Tool Do you still want me to run the scan with this? Log: ComboFix 14-02-14.01 - Vidya Samson 02/15/2014 13:50:37.1.2 - x86 Microsoft Windows 8 Enterprise 6.2.9200.0.1252.1.1033.18.3326.2448 [GMT 5.5:30] Running from: c:\users\Vidya Samson\Desktop\ComboFix.exe AV: Quick Heal Total Security 2013 *Disabled/Updated* {D8418B0E-EE80-1320-B172-3D5DEB3CE14F} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Quick Heal Firewall *Enabled* {E07A0A2B-A4EF-1278-9A2D-946815EFA634} SP: Quick Heal Total Security 2013 *Disabled/Updated* {63206AEA-C8BA-1CAE-8BC2-062F90BBABF2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Vidya Samson\Desktop\Adware-Removal-Tool-V3.7.exe c:\windows\wininit.ini . Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected Restored copy from - c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_79ee6a786812523f\atapi.sys . . ((((((((((((((((((((((((( Files Created from 2014-01-15 to 2014-02-15 ))))))))))))))))))))))))))))))) . . 2014-02-15 08:24 . 2014-02-15 08:26 -------- d-----w- c:\users\Vidya Samson\AppData\Local\temp 2014-02-15 08:24 . 2014-02-15 08:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-02-14 16:38 . 2014-02-15 08:13 -------- d-----w- c:\users\Vidya Samson\AppData\Roaming\Wise Care 365 2014-02-14 16:25 . 2014-02-14 16:25 -------- d-----w- c:\users\Vidya Samson\AppData\Roaming\Wise PC 1stAid 2014-02-14 16:25 . 2014-02-14 16:35 -------- d-----w- c:\program files\Wise 2014-02-14 04:28 . 2014-02-14 04:28 -------- d-----w- c:\users\Vidya Samson\AppData\Local\Programs 2014-02-13 11:01 . 2014-02-13 11:01 -------- d-----w- c:\windows\ERUNT 2014-02-13 10:45 . 2014-02-13 10:45 -------- d-----w- c:\program files\HitmanPro 2014-02-13 10:29 . 2014-02-14 07:53 -------- d-----w- c:\programdata\HitmanPro 2014-02-13 10:02 . 2014-02-13 10:02 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp 2014-02-12 04:00 . 2014-02-13 09:58 -------- d-----w- c:\program files\AdwareRemovalToolv3.7 2014-02-12 04:00 . 2014-02-12 04:00 -------- d-----w- c:\program files\Common Files\Microsoft 2014-02-11 19:45 . 2014-02-11 19:45 -------- d-----w- c:\users\Vidya Samson\AppData\Roaming\Malwarebytes 2014-02-11 19:45 . 2009-09-10 09:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2014-02-11 19:45 . 2014-02-11 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2014-02-11 19:45 . 2014-02-11 19:45 -------- d-----w- c:\programdata\Malwarebytes 2014-02-11 19:45 . 2009-09-10 09:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-02-10 06:04 . 2014-02-14 16:21 -------- d-----w- c:\users\Vidya Samson\AppData\Roaming\Wise Registry Cleaner 2014-02-10 05:47 . 2014-02-13 16:44 -------- d-----w- c:\program files\CCleaner 2014-02-10 05:41 . 2014-02-14 04:31 -------- d-----w- c:\program files\Wise Registry Cleaner 2014-02-10 05:39 . 2014-02-14 17:21 -------- d-----w- c:\users\Vidya Samson\AppData\Roaming\Wise Disk Cleaner 2014-02-10 05:39 . 2014-02-14 04:37 -------- d-----w- c:\program files\Wise Disk Cleaner 2014-02-08 22:42 . 2014-02-08 22:42 31856 ----a-w- c:\program files\Mozilla Firefox\CommandExecuteHandler.exe 2014-02-05 05:40 . 2014-02-05 05:40 -------- d-----w- c:\users\Vidya Samson\AppData\Roaming\OpenOffice.org 2014-02-05 05:37 . 2014-02-10 05:04 -------- d-----w- c:\program files\OpenOffice.org 3 2014-02-05 05:26 . 2014-02-10 05:10 -------- d-----w- c:\program files\File Type Assistant 2014-01-30 07:02 . 2014-01-30 07:02 -------- d-----w- c:\program files\Microsoft Synchronization Services 2014-01-30 07:02 . 2014-01-30 07:02 -------- d-----w- c:\windows\PCHEALTH 2014-01-30 07:02 . 2014-01-30 07:02 -------- d-----w- c:\program files\Microsoft Sync Framework 2014-01-30 07:02 . 2014-01-30 07:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2014-01-30 07:02 . 2014-01-30 07:02 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2014-01-30 07:02 . 2014-01-30 07:02 -------- d-----w- c:\program files\Microsoft Analysis Services 2014-01-30 07:01 . 2014-01-30 07:01 -------- d-----r- C:\MSOCache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-16 07:50 . 2014-01-16 07:50 544656 ----a-w- c:\windows\system32\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay] @="{594D4122-1F87-41E2-96C7-825FB4796516}" [HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}] 2013-07-21 04:39 592352 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Quick Heal Core UI"="c:\program files\Quick Heal\Quick Heal Total Security\strtupap.exe" [2012-08-03 161264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "PromptOnSecureDesktop"= 0 (0x0) "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "disablecad"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\QUICKH~1\QUICKH~1\PCTuner\ntdefrag.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . R0 mscank;mscank;c:\windows\system32\DRIVERS\mscank.sys [2012-07-27 33136] R2 Core Scanning ServerEx;Core Scanning ServerEx;c:\program files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [2012-07-27 206320] R2 WiseBootAssistant;Wise Boot Assistant;c:\program files\Wise\Wise Care 365\BootTime.exe [2014-01-21 580232] R3 28139;28139;c:\users\VIDYAS~1\AppData\Local\Temp\34845337\28139.sys [x] R3 llio;llio;c:\windows\system32\DRIVERS\llio.sys [2013-08-14 55712] R4 Online Protection System;Online Protection System;c:\program files\Quick Heal\Quick Heal Total Security\opssvc.exe [2012-07-27 25584] S1 ggc;ggc;c:\windows\system32\DRIVERS\ggc.sys [2012-07-27 49904] S1 wsnf;Network Filter Driver;c:\windows\system32\DRIVERS\wsnf.sys [2012-07-10 38856] S1 wstif;wstif;c:\windows\system32\drivers\wstif.sys [2012-08-05 68448] S2 catflt;catflt;c:\windows\system32\DRIVERS\catflt.sys [2012-09-08 40416] S2 Core Mail Protection;Core Mail Protection;c:\program files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [2012-07-27 29680] S2 Core Scanning Server;Core Scanning Server;c:\program files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [2012-07-27 206320] S2 EMLSS;EMLSS;c:\windows\system32\drivers\emltdi.sys [2012-08-03 29424] S2 Quick Update Service;Quick Update Service;c:\program files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [2012-07-27 91120] S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x86.sys [2012-07-25 495104] . . Contents of the 'Scheduled Tasks' folder . 2014-02-15 c:\windows\Tasks\Quick Heal AntiMalware Scan.job - c:\program files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE [2012-07-27 20:21] . 2014-02-15 c:\windows\Tasks\Resume Quickup Download.job - c:\program files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE [2012-07-27 15:20] . 2014-02-10 c:\windows\Tasks\Wise Disk Cleaner Schedule Task.job - c:\program files\Wise Disk Cleaner\WiseDiskCleaner.exe [2014-02-10 08:30] . 2014-02-15 c:\windows\Tasks\Wise Turbo Checker.job - c:\program files\Wise\Wise Care 365\WiseTurbo.exe [2014-02-14 09:55] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = hxxp://www.google.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Vidya Samson\AppData\Roaming\Mozilla\Firefox\Profiles\jx62iwu2.default-1392285308308\ FF - prefs.js: browser.startup.homepage - hxxp://www.zoetrope.com/members/priv/index.cgi?show_page=discuss&owner=14437 . - - - - ORPHANS REMOVED - - - - . AddRemove-American Heritage Talking Dictionary - c:\program files\Compton's Home Library\ahtd\isl_ahtd.log . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE c:\windows\system32\taskhostex.exe c:\windows\system32\conhost.exe c:\program files\Classic Shell\ClassicStartMenu.exe c:\program files\Quick Heal\Quick Heal Total Security\onlinent.exe c:\windows\system32\msiexec.exe c:\windows\System32\WUDFHost.exe c:\windows\system32\SppExtComObj.exe . ************************************************************************** . Completion time: 2014-02-15 13:57:29 - machine was rebooted ComboFix-quarantined-files.txt 2014-02-15 08:27 . Pre-Run: 37,591,343,104 bytes free Post-Run: 37,524,180,992 bytes free . - - End Of File - - 301B9E9573B30A19E69D6386A9C1264D A36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites
crossword Posted February 15, 2014 Author Share Posted February 15, 2014 Now when I try to open Firefox I'm told: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." I only managed to open a window cos I rightclicked and clicked on a frequently used window. If there had been no such, I don’t know how I would have got it. I did as you said: "Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself." *** Still have the same problem with FF. When I scanned with farbar and clicked on fix I was told: No fixlisttxt found The fixlisttxt should be in the same folder/directory the tool is located. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01 Ran by Vidya Samson (administrator) on VIDYA on 15-02-2014 14:50:10 Running from C:\Users\Vidya Samson\Desktop Microsoft Windows 8 Enterprise (X86) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE (Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE (Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe (Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\onlinent.exe (CANON INC.) C:\Windows\system32\CNAB4RPK.EXE () C:\Program Files\WinRAR\WinRAR.exe () C:\Users\Vidya Samson\AppData\Local\temp\Rar$EX00.404\Everything-1.2.1.371.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe (SurfRight B.V.) C:\Users\Vidya Samson\Desktop\HitmanPro.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Quick Heal Core UI] - C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [161264 2012-08-04] (Quick Heal Technologies (P) Ltd.) HKU\S-1-5-21-2261785502-2541491869-2394418403-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US SearchScopes: HKLM - DefaultScope value is missing. BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\MSERO.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Vidya Samson\AppData\Roaming\Mozilla\Firefox\Profiles\jx62iwu2.default-1392285308308 FF Homepage: hxxp://www.zoetrope.com/members/priv/index.cgi?show_page=discuss&owner=14437 FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Oracle Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSWF32.dll () FF Extension: ImageBlock - C:\Users\Vidya Samson\AppData\Roaming\Mozilla\Firefox\Profiles\jx62iwu2.default-1392285308308\Extensions\[email protected] [2014-02-13] ========================== Services (Whitelisted) ================= R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [29680 2012-07-28] (Quick Heal Technologies (P) Ltd.) R2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [206320 2012-07-28] (Quick Heal Technologies (P) Ltd.) S2 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [206320 2012-07-28] (Quick Heal Technologies (P) Ltd.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-02-15] (SurfRight B.V.) R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [25584 2012-07-28] (Quick Heal Technologies (P) Ltd.) R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [91120 2012-07-28] (Quick Heal Technologies (P) Ltd.) R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [243320 2012-08-09] (Quick Heal Technologies (P) Ltd.) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13344 2013-01-29] (Microsoft Corporation) S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com) ==================== Drivers (Whitelisted) ==================== R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation) R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [40416 2012-09-08] (Quick Heal Technologies (P) Ltd.) R2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [29424 2012-08-04] (Quick Heal Technologies (P) Ltd.) R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [49904 2012-07-28] (Quick Heal Technologies (P) Ltd.) R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-02-15] () S3 llio; C:\Windows\system32\DRIVERS\llio.sys [55712 2013-08-14] (Quick Heal Technologies (P) Ltd.) S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [33136 2012-07-28] (Quick Heal Technologies (P) Ltd.) R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [16256 2013-05-17] () R1 wsnf; C:\Windows\system32\DRIVERS\wsnf.sys [38856 2012-07-10] (Quick Heal Technologies (P) Ltd.) R1 wstif; C:\Windows\System32\drivers\wstif.sys [68448 2012-08-06] (Quick Heal Technologies (P) Ltd.) S3 28139; \??\C:\Users\VIDYAS~1\AppData\Local\Temp\34845337\28139.sys [X] S3 catchme; \??\C:\Users\VIDYAS~1\AppData\Local\Temp\catchme.sys [X] U3 mbr; \??\C:\Users\VIDYAS~1\AppData\Local\Temp\mbr.sys [X] ========================== Drivers MD5 ======================= C:\Windows\System32\drivers\1394ohci.sys E7B9E170EFF01486D3118E372BA0AF21 C:\Windows\System32\drivers\3ware.sys 96191579DDB1A201A2FB79C1D05680B4 C:\Windows\System32\drivers\ACPI.sys 682595B152AA55B2237D40EB9A3271FC C:\Windows\System32\Drivers\acpiex.sys 3A5DA97644B9E2662CFF186A8798519C C:\Windows\System32\drivers\acpipagr.sys 87C4AE693CA8AB6E2A13B7C7453466DB C:\Windows\System32\drivers\acpipmi.sys C7D2BA04BA3C6CA702C2615A0C50469C C:\Windows\System32\drivers\acpitime.sys 38E110C96B2ACAB4D9A701777C9BCD98 C:\Windows\System32\drivers\adp94xx.sys 2FE756FD6E0336990D0B3652A07EBB9B C:\Windows\System32\drivers\adpahci.sys CC579EC50EE5435A4070306C0E4EF9E6 C:\Windows\System32\drivers\adpu320.sys 82743090D0259BF9F1373AD48372CBAC C:\Windows\system32\drivers\afd.sys 6043C72306D5C7B8BC823A1CC49F53B8 C:\Windows\System32\drivers\agp440.sys 73BB2C687305C4195ED7511587B041AA C:\Windows\System32\drivers\amdagp.sys E44885EA3E89A54BF14C78892CE85EA0 C:\Windows\System32\drivers\amdk8.sys E546E3E390EFD4C2AB908E29C5BEA55D C:\Windows\system32\DRIVERS\atikmdag.sys 0B2D841BE0E9BB975DE943A4072431FD C:\Windows\system32\DRIVERS\atikmpag.sys 77C11737D6F136F33F30FC4827A27F81 C:\Windows\System32\drivers\amdppm.sys DF8CD36E27310F425A7ABB586AB05550 C:\Windows\System32\drivers\amdsata.sys 8D5D89177552EDFD5C9730CCE79F7FCC C:\Windows\System32\drivers\amdsbs.sys 5725597CF5E002FB665C6C69787DAA8A C:\Windows\System32\drivers\amdxata.sys FB336B5F110770CF22F6BFEB1906E773 C:\Windows\system32\drivers\appid.sys CB3613E82A5B058AB6A69846B0DDC6C5 C:\Windows\System32\drivers\arc.sys A0982052EE6B01DC9B0CB7FEFD13040F C:\Windows\System32\drivers\arcsas.sys 7E17A734B0D33B8F9287F28F1C583DD7 C:\Windows\System32\DRIVERS\asyncmac.sys E12BC771325E70C2A875136B0BAF491E C:\Windows\System32\drivers\atapi.sys 48D8C3F2006698691F5AE0BB595FDCC8 C:\Windows\System32\drivers\BasicDisplay.sys A96A499B6C931B7242D964D5D695A506 C:\Windows\System32\drivers\BasicRender.sys D313E4D7DF0187CEDA121793F937EA89 C:\Windows\system32\Drivers\Beep.sys E53DDF8C101E3CB6A0483D592A8CC476 C:\Windows\System32\DRIVERS\bowser.sys D7148E90581185DB2CC6A2EED9C8281C C:\Windows\System32\drivers\BthAvrcpTg.sys 4F7981232826D677FBE4D3D37845ADD7 C:\Windows\System32\drivers\bthhfenum.sys 3EEEA1B69C16A8D159B53896EC78420C C:\Windows\System32\drivers\BthHFHid.sys 403C9BA247F4D4C0E4FF6FFA5F096EF6 C:\Windows\System32\drivers\bthmodem.sys 0C706A8B022A44413F6C36ECEAAA2838 C:\Windows\System32\DRIVERS\catflt.sys D49635CE0F6BE5DDA7F462987A050EF9 C:\Windows\System32\DRIVERS\cdfs.sys 00B4FA77732C7823D292ECD672660882 C:\Windows\System32\drivers\cdrom.sys 4E707EC5071DD8F5C29A7410780BD4C3 C:\Windows\System32\drivers\circlass.sys 17BE1CB162768E886B2BBA63F8B89371 C:\Windows\System32\drivers\CLFS.sys D5370A0D3A8F7E531FE9BA3E3C81BAC8 C:\Windows\System32\drivers\CmBatt.sys 16744C84320D33880E38DF7409585EBF C:\Windows\System32\Drivers\cng.sys FC5C6FC2D889D34CDFE50ECBCE0EDDD6 C:\Windows\System32\DRIVERS\cnghwassist.sys E65DF0F65ECD3F74012C5C6D4F0523FD C:\Windows\System32\drivers\CompositeBus.sys 357444DE560252A907F8B687005B3DCA C:\Windows\System32\drivers\condrv.sys F1B79B7B595B0D7990756C12FA64F00E C:\Windows\System32\drivers\csc.sys 8AF45624AD6EA2F4D44B06E7E06983AD C:\Windows\System32\drivers\dam.sys 05107EAC6D02D8789BABB79199152BC6 C:\Windows\System32\Drivers\dfsc.sys B21FDAC50FCD4CE53C203F097273532A C:\Windows\System32\drivers\discache.sys C0C87CCE88C4532B575AD60A95E7FD57 C:\Windows\System32\drivers\disk.sys 4E3237D8266580412CCA774321056111 C:\Windows\System32\drivers\dmvsc.sys 9B20A9DB154249E0E40036BC8BDC3E38 C:\Windows\system32\drivers\drmkaud.sys E48E86694E57723C67478F3AC082D42B C:\Windows\System32\drivers\dxgkrnl.sys A46E69E1AEC3CD106610CCF90A517C4A C:\Windows\System32\drivers\EhStorClass.sys BC7119CF5B5BC9F54C8FAE221C3227F2 C:\Windows\System32\drivers\EhStorTcgDrv.sys 1A5945FA87A05A97A1175657B7BA4EDB C:\Windows\System32\drivers\emltdi.sys 775B48998AF0B5FD614406F7E98AA7C9 C:\Windows\System32\drivers\errdev.sys 8B22B788A329645F08AB4F86B9580AF3 C:\Windows\system32\Drivers\exfat.sys B60B2A0E110D640440263268FC02C726 C:\Windows\system32\Drivers\fastfat.sys C8B18803E1521225BDBA86B5F7D2E9FC C:\Windows\System32\drivers\fdc.sys 9709867A1354A4D10046ADE31DA67511 C:\Windows\System32\drivers\fileinfo.sys 1018AE04A4D36BA60247C2C22D7BA7D1 C:\Windows\System32\drivers\filetrace.sys 3A2F87EF4400B5E542E2C2BA8FAB4222 C:\Windows\System32\drivers\flpydisk.sys F37314C92AB8C876DB478A36A6D9FF0E C:\Windows\System32\drivers\fltmgr.sys 13C0B6F6EFD0D5C6871C07B56CB5403D C:\Windows\System32\drivers\FsDepends.sys 16D4CC9AE485BC60B6AE026FF2497DE8 C:\Windows\system32\Drivers\Fs_Rec.sys 28E64CAC27FE3A7CA34E2F93E9A8092A C:\Windows\System32\DRIVERS\fvevol.sys D49DB3B4F82296B3BDF3336442A10516 C:\Windows\System32\drivers\fxppm.sys BD9C0C40ED4DEB4FC7562DD62FA18FD7 C:\Windows\System32\drivers\gagp30kx.sys B5AD0B13AD7FD1C749FC45D81392B9DF C:\Windows\System32\drivers\vmgencounter.sys A9608FF3B1B577BFC969A7B6797B1FC1 C:\Windows\System32\DRIVERS\ggc.sys 8350BA8454BDC8F47046F9C40CC88507 C:\Windows\System32\Drivers\msgpioclx.sys 9F3695F4FAEA73BE6D0BA856C4D5C3BD C:\Windows\system32\drivers\HdAudio.sys 7A63087EDE3504684055A57A45E2AFF9 C:\Windows\System32\drivers\HDAudBus.sys 0E3FC2062E796F6A9B1ED995E1CBB25E C:\Windows\System32\drivers\HidBatt.sys 8CBCFA78D2B43CCC23BF5A4C09A700CA C:\Windows\System32\drivers\hidbth.sys 9133AFFBA020B97100703DB8E598C73F C:\Windows\System32\drivers\hidi2c.sys 804019176228EBE260A821C5688CAFD2 C:\Windows\System32\drivers\hidir.sys 11A4D12F4CADD18CDA334C2756FE450A C:\Windows\System32\drivers\hidusb.sys 48ADFEFD445291AE7D619B3F4638B092 C:\Windows\system32\drivers\hitmanpro37.sys CE77439BAF613019D6B7658292D1E4A6 C:\Windows\System32\drivers\HpSAMD.sys D7544353157E11864C00A48BC90EF183 C:\Windows\System32\drivers\HTTP.sys 8FE9867871C32E9B9A3276C61A0FACC0 C:\Windows\System32\drivers\hwpolicy.sys 4A3E6732E5BEF6DF531A217B5EBB5C54 C:\Windows\System32\drivers\hyperkbd.sys 0F819743721DFB5906734243ED0CE935 C:\Windows\system32\DRIVERS\HyperVideo.sys A14A2EBA22929901F64B496C1D555982 C:\Windows\System32\drivers\i8042prt.sys 11EDC37780E8A2F8E311D73F7658A4D7 C:\Windows\System32\drivers\iaStorV.sys C444F83C318BE18719DC1FDAEFF10898 C:\Windows\System32\drivers\iirsp.sys 7BB542C7156FA72CC83C1177BB190F94 C:\Windows\System32\drivers\intelide.sys A43BC9416741ABEA2B8DF60D2C0EA6A2 C:\Windows\System32\drivers\intelppm.sys 9081A954273763F0AC25DE0C2B2DB593 C:\Windows\System32\DRIVERS\ipfltdrv.sys AB308167857138B84E4DECDF2000DD27 C:\Windows\System32\drivers\IPMIDrv.sys 7E4FEE6D5C5BC52199C481DAC564FE43 C:\Windows\System32\drivers\ipnat.sys 57B0C0D982013C72911A3F5CBA795034 C:\Windows\System32\drivers\irenum.sys 9D6DB34476AC6448B3CA59D8676F7CE6 C:\Windows\System32\drivers\isapnp.sys 2E1347C9CC7DDB43183AF725135ACF0D C:\Windows\System32\drivers\msiscsi.sys 0E3BDF6F27031D5BBC030E14EB7EACCB C:\Windows\System32\drivers\kbdclass.sys 4533BE9F8D67BDCF5FECA87DCC345448 C:\Windows\System32\drivers\kbdhid.sys 8F73A6DAEF7F7D102FBBA6F3EBC47F97 C:\Windows\system32\DRIVERS\kdnic.sys F7E302012680B0617C904B58594E0376 C:\Windows\System32\Drivers\ksecdd.sys 65AE68224E27425871354430E542252A C:\Windows\System32\Drivers\ksecpkg.sys 6FABC01A91D5F2D5B4DAD2F5F1C6C249 C:\Windows\system32\DRIVERS\llio.sys 3885A9AA8217D84A09A8DC21A414EFA3 C:\Windows\system32\DRIVERS\lltdio.sys AD581D8BA8C2CE46933D44392BA35C24 C:\Windows\System32\drivers\lsi_sas.sys 6B01CB678E1E390CEA9514D4774EFB51 C:\Windows\System32\drivers\lsi_sas2.sys 4C3AFBA9ED36535313054AC26532E9DE C:\Windows\System32\drivers\lsi_scsi.sys 0715DC27611C202D04BC0365D666DD27 C:\Windows\System32\drivers\lsi_sss.sys DB6B9554AA4F83212E80D5107D8C53EE C:\Windows\system32\drivers\luafv.sys F731770C339FEB6563397D410793A756 C:\Windows\System32\drivers\megasas.sys 125C3C5A315500A1AD54F0B4766AF815 C:\Windows\System32\drivers\MegaSR.sys 05457CC7F5586C6E8D02FFA7F23FCEDF C:\Windows\System32\drivers\modem.sys 049E433162AFE9B08C05D81D2C62CD61 C:\Windows\System32\drivers\monitor.sys 81F2FEE55660E51820C93A388AE8FEB9 C:\Windows\System32\drivers\mouclass.sys 9D3F069A705325E7B7CEA36BFB65E616 C:\Windows\System32\drivers\mouhid.sys 3C3C50AA12E2E48A9FEAA4BF5AA789A0 C:\Windows\System32\drivers\mountmgr.sys 13D8E3077EF0AE583F4634236D9A0992 C:\Windows\System32\drivers\mpsdrv.sys C8D0E7A4C5033EF0A7DD076F08CF2F70 C:\Windows\system32\drivers\mrxdav.sys 329E3ACBFC616666D3D04C6FDC1B71E0 C:\Windows\System32\DRIVERS\mrxsmb.sys 5FAC7AC77D9ADD42579EDF678F08DF9F C:\Windows\System32\DRIVERS\mrxsmb10.sys B9F3DA35CDE171B5CBA70319AD7D5E59 C:\Windows\System32\DRIVERS\mrxsmb20.sys 96E88C54A0CF32A74483819DA7DA3A15 C:\Windows\system32\DRIVERS\bridge.sys 61E23CF0A54EDBAE5CFE3322E960ECC9 C:\Windows\System32\DRIVERS\mscank.sys 17E08A26EF51CFA71BA6007DFE884759 C:\Windows\system32\Drivers\Msfs.sys 651DEF4337DD77E6A607CEE49D3C4B30 C:\Windows\System32\drivers\msgpiowin32.sys 8F47F5F31F001C4F97840DB723618DD0 C:\Windows\System32\drivers\mshidkmdf.sys 26BBD77D23FFABB14C3291A1B8555EA5 C:\Windows\System32\drivers\mshidumdf.sys 51808FEF911B77758A6CF7CEB469AF9E C:\Windows\System32\drivers\msisadrv.sys F103DF830D370B7535FDA3D477C8D8A0 C:\Windows\system32\drivers\MSKSSRV.sys 3FCF6AA904516872CF70ED248F86889B C:\Windows\system32\DRIVERS\mslldp.sys 10C229EAC28FDB8550EE93D955932F83 C:\Windows\system32\drivers\MSPCLOCK.sys BA786F089895196E18120F66F996A3D2 C:\Windows\system32\drivers\MSPQM.sys 362950A5F7B1794DA9CB985AF7BBCC4B C:\Windows\system32\Drivers\MsRPC.sys 79A14AB6C6A5B01E9CE99937D1304D13 C:\Windows\System32\drivers\mssmbios.sys A819A3006C27870AF05E408AD06FACFF C:\Windows\system32\drivers\MSTEE.sys FB1D61A2998A5C4456C6B73DD41D5352 C:\Windows\System32\drivers\MTConfig.sys 3CC687876469F0FD3B2D936FA7A6EC59 C:\Windows\system32\DRIVERS\ASACPI.sys 98F1A21FEB21AA86402AD35CB09074D4 C:\Windows\System32\Drivers\mup.sys 6779B2A319A563C68B56DE8491E9EA76 C:\Windows\System32\drivers\mvumis.sys 1DEF95DC467131BF4AB52A8F72C42D89 C:\Windows\system32\DRIVERS\nwifi.sys D48E3B33BD911BA28413A4337456724F C:\Windows\System32\drivers\ndis.sys 714F5CAA4510805BD29DF7BE4587F770 C:\Windows\system32\DRIVERS\ndiscap.sys 9B8BC481DEEAA07C51DA214D2CEF2FC9 C:\Windows\system32\DRIVERS\NdisImPlatform.sys 1EA68DB9E05248EF9B940D6D0A0725B3 C:\Windows\system32\DRIVERS\ndistapi.sys 71F6E2AF63B0E52B36CEE7F0AE076A18 C:\Windows\system32\DRIVERS\ndisuio.sys DDC67239BFE82DC5A878039B464B1968 C:\Windows\system32\DRIVERS\ndiswan.sys 556DB924D61BC4A5E0F95D383E9B1009 C:\Windows\system32\DRIVERS\ndiswan.sys 556DB924D61BC4A5E0F95D383E9B1009 C:\Windows\system32\Drivers\NDProxy.sys B8C10B9DE50120E8CA3E995F94CA80D7 C:\Windows\System32\drivers\Ndu.sys 583F95CEFCD5D896B5531BD338030401 C:\Windows\System32\DRIVERS\netbios.sys 4CA677A214248DB8227F8035B546F7D0 C:\Windows\System32\DRIVERS\netbt.sys 303A053C25E468B9925C22288BEF8484 C:\Windows\System32\drivers\nfrd960.sys 4B539272E9F5C3B8D9714D137FD340A6 C:\Windows\system32\Drivers\Npfs.sys EAC569A77BE92B247FCA51E498B17DF1 C:\Windows\System32\drivers\npsvctrig.sys 6E994702ED294CDBED7621590EC75735 C:\Windows\System32\drivers\nsiproxy.sys 9588CCD14571FA22F8F2ECCF198AB448 C:\Windows\system32\Drivers\Ntfs.sys 99C73E3FE9B36275BD91D2009F2BA2E0 C:\Windows\system32\Drivers\Null.sys 0F965AF67042AF539274738FFD0C8C71 C:\Windows\System32\drivers\nvraid.sys BD23FF50A9A59AAF48052F5E7D0682B0 C:\Windows\System32\drivers\nvstor.sys 108DD54A5B1E73F583AF7DC94CCE52B8 C:\Windows\System32\drivers\nv_agp.sys 5ED87C9C51CFE59B1DDFF8290719E0E4 C:\Windows\System32\drivers\parport.sys 8BCE63AF5B52642E832630F862DE96EF C:\Windows\System32\drivers\partmgr.sys 7289BE4566F0E5126868EB6E4292CC3C C:\Windows\System32\drivers\parvdm.sys 49A439FEAB060F74B8EC7DBF44D4A7BA C:\Windows\System32\drivers\pci.sys EA828C84C8948D0E4994C1E0A45EB05F C:\Windows\System32\drivers\pciide.sys B4444133ED61F87FD49A2ADD28285115 C:\Windows\System32\drivers\pcmcia.sys 6E11FDE71F2015007CDD4AE9D2D700C9 C:\Windows\System32\drivers\pcw.sys 8A56B080B12950D448D556FE4BA6C68C C:\Windows\System32\drivers\pdc.sys 58F99F74C33B7615ABEECF70BAD5FE1E C:\Windows\System32\drivers\peauth.sys 8C7EE53A9F6A5F01E77DBB81654E5B66 C:\Windows\system32\DRIVERS\raspptp.sys 03D522782A0BB5108C8A43A10EE51CB0 C:\Windows\System32\drivers\processr.sys 03B982CAD4C2661076061F726200699E C:\Windows\system32\DRIVERS\pacer.sys 42E46DC7767F5AB664E3F6B36D9764AD C:\Windows\system32\drivers\qwavedrv.sys 29E548E1C511BFBE56FA6438488DE0E0 C:\Windows\System32\DRIVERS\rasacd.sys C07E9331431C78D41F30E62A15E1D324 C:\Windows\system32\DRIVERS\AgileVpn.sys F63755B2DCE1BE7927F5CEAB7991EFED C:\Windows\system32\DRIVERS\rasl2tp.sys 6E0649D7325D85C47C844EB3267E4625 C:\Windows\system32\DRIVERS\raspppoe.sys 5BA6DB7AD04A8EADE0A41E6C8427582B C:\Windows\system32\DRIVERS\rassstp.sys 3A421DDA09E3BF96E9D698D13FDC139E C:\Windows\System32\DRIVERS\rdbss.sys ED1CBB55D5946520994FCD8CA9596D9D C:\Windows\System32\drivers\rdpbus.sys 4FB0345ADE5C2E15EA1A22F173E71D37 C:\Windows\System32\drivers\rdpdr.sys 2CAD2A13569741C67CD9C52F97E0F992 C:\Windows\System32\drivers\rdpvideominiport.sys DD7A269C2E3CDEBDBC872A1BBB547FFD C:\Windows\system32\Drivers\RDPWD.sys EA0E833A1418C28E6085DFFA68731EA5 C:\Windows\System32\drivers\rdyboost.sys 38A8012D03150D6852B9CDDB24280F1A C:\Windows\system32\DRIVERS\rspndr.sys C7BD738B9BF45E797A6089AF946BAC47 C:\Windows\system32\DRIVERS\Rt630x86.sys BF93264AE817867448A1A8D9F650A288 C:\Windows\System32\drivers\vms3cap.sys E21867D4A8FF3824150E56979E333610 C:\Windows\System32\drivers\sbp2port.sys 434F805B0B3840A52C19C96A7BB64AA3 C:\Windows\System32\DRIVERS\scfilter.sys 3F21FBE0550B41240B6A864F6C8C15E4 C:\Windows\System32\drivers\sdbus.sys 725EF6FE7EDB150BF25B3D8EA7819FD4 C:\Windows\System32\drivers\sdstor.sys BCAE716C7A79CCE1012BF6BF910D31A3 C:\Windows\system32\Drivers\secdrv.sys A8CC993CED4DF9710ADAABC9DA66B660 C:\Windows\System32\drivers\SerCx.sys 3DE395F302C4DCD3D4792EB786A7B402 C:\Windows\System32\drivers\serenum.sys C706C88BAEE6B23C86C791EF47D901D4 C:\Windows\System32\drivers\serial.sys F492965E2EDDB1BCA2E000A1085BE082 C:\Windows\System32\drivers\sermouse.sys 409C91880A6A70FDD33CFEDC43D0F808 C:\Windows\System32\drivers\sfloppy.sys BDF7F7AC3700DAF0A19D19C008D408C0 C:\Windows\System32\drivers\sisagp.sys A5A3C56B5E46F77E6992A3772F8E4C8D C:\Windows\System32\drivers\SiSRaid2.sys 39763193254A265FDA6F08EF375549DF C:\Windows\System32\drivers\sisraid4.sys 2A95CC135283B3C56B783171532B62D0 C:\Windows\System32\drivers\spaceport.sys 5C9F014F1D52160CEC897C7A684673AA C:\Windows\System32\drivers\SpbCx.sys C8E9372645392E23CF36B4C1686B1509 C:\Windows\System32\DRIVERS\srv.sys 8B20E19AF56E21E9549D4CA496BB78D6 C:\Windows\System32\DRIVERS\srv2.sys DD81ABA1081A9A4E2999568C0DB61A49 C:\Windows\System32\DRIVERS\srvnet.sys C4006F04178E58192FFD0A82A5E5E897 C:\Windows\System32\drivers\stexstor.sys CC17B7A7C4DD72BE2B10DAF254147A2B C:\Windows\System32\drivers\storahci.sys EC9B71B41184284E65F496B39C572F30 C:\Windows\System32\DRIVERS\vmstorfl.sys B00DA575ADF228C1D33269CDE92A68EC C:\Windows\System32\drivers\storvsc.sys 5C538C4975B53C31500BC535FF436CDC C:\Windows\System32\drivers\swenum.sys 8DCA45AD5E2D83E00A1952BE2B541A27 C:\Windows\System32\drivers\Synth3dVsc.sys 997F0D578CDB5D25EB242B84FC24E0D4 C:\Windows\System32\drivers\tcpip.sys 04FF6793A4083FA17B224D316A5B0BF8 C:\Windows\system32\DRIVERS\tcpip.sys 04FF6793A4083FA17B224D316A5B0BF8 C:\Windows\System32\drivers\tcpipreg.sys D40FB114D559FDDE599293E1B5107644 C:\Windows\System32\DRIVERS\tdx.sys 0886D9F1B5A5334FBB143A260E4BFB5C C:\Windows\System32\drivers\terminpt.sys 0E099CC6D72DD47CAB9CC3D5DDF0A93E C:\Windows\system32\drivers\tpm.sys A3E6E1E7DA37D0C919D2A0EA1C18A9F9 C:\Windows\System32\drivers\tsusbflt.sys B9E622309DE8C780E6818531586F2221 C:\Windows\System32\drivers\TsUsbGD.sys 074440A1C04913F7DF81839565A47917 C:\Windows\System32\drivers\tsusbhub.sys 8E998D0E9AFFC3712FC86C484A17827C C:\Windows\system32\DRIVERS\tunnel.sys 62EE13D4EE7DB793C13F33F51A21170E C:\Windows\System32\drivers\uagp35.sys E0750A399E378C8433165C843FD7F732 C:\Windows\System32\drivers\uaspstor.sys B3B9DDEEFC3B823B3067DCADCD80014D C:\Windows\System32\drivers\ucx01000.sys B4475F3B30A06B0E977F44AA3745765C C:\Windows\System32\DRIVERS\udfs.sys 942D7B29F95DC6C5D14B8758044627C1 C:\Windows\System32\drivers\uliagpkx.sys C4FE9CC8AA769B1D140C07308574969D C:\Windows\System32\drivers\umbus.sys D54E16CE5FF8493E611CFF34F96F5A00 C:\Windows\System32\drivers\umpass.sys 4F92FB5D2353C1B75F0C3138C1822FC3 C:\Windows\System32\drivers\usbccgp.sys ABFF3E6009343A2613D31FDC241A6D6E C:\Windows\System32\drivers\usbcir.sys 614BDD1AB210F6DCE5EDFE0624717C94 C:\Windows\System32\drivers\usbehci.sys E7614B639357ADCB056D5FAAB9E2FB00 C:\Windows\System32\drivers\usbhub.sys A091EDE464BB2406BB78DAE7B35B590C C:\Windows\System32\drivers\UsbHub3.sys DD0AA53DFBCE547020AB57A107B2B7A7 C:\Windows\System32\drivers\usbohci.sys D3641BCE4BE9858423CF0FA843A77AC1 C:\Windows\System32\drivers\usbprint.sys 81F2E53B5945995FD5D459180EB21AE7 C:\Windows\System32\drivers\USBSTOR.SYS 727CE341DF7EFDC94F2868393549F497 C:\Windows\System32\drivers\usbuhci.sys 599D7D0A2DD4F5517DA1ADEAAF0B468F C:\Windows\System32\drivers\USBXHCI.SYS 3C4D95B57D60FC6871FCE49ADE7CA2EF C:\Windows\System32\drivers\vdrvroot.sys 0AA85E1C967652071D283147AC4B17CD C:\Windows\System32\drivers\VerifierExt.sys F70882757673FA7D4E466D811E1AC029 C:\Windows\System32\drivers\vhdmp.sys 01F65399F930E5F26D39F18C1F665B03 C:\Windows\System32\drivers\viaagp.sys 91A67D2DDDD75D173A6590B75E305E3C C:\Windows\System32\drivers\viac7.sys 0C3370E2CFE0C1A51C37B58A1938837F C:\Windows\System32\drivers\viaide.sys 11283532CE62BA51557D00E09262ED78 C:\Windows\System32\drivers\vmbus.sys 2E4777120FC246CCF76A69C7BB4AEF57 C:\Windows\System32\drivers\VMBusHID.sys FA7B57977E55B60409FD9E36FC57395C C:\Windows\System32\drivers\volmgr.sys 7E8BCEEA56197925D944CA7D230596F7 C:\Windows\System32\drivers\volmgrx.sys 9C21037D3983D9B93190D2AA16570395 C:\Windows\System32\drivers\volsnap.sys 8E15C3D58A8ADE841060661DBA6E7A9B C:\Windows\System32\drivers\vsmraid.sys C5B79DA9C82C01EEFAABA713A858649E C:\Windows\System32\drivers\vstxraid.sys AB5F5CC034E31E496606E666657F3CC2 C:\Windows\System32\drivers\vwifibus.sys 23044877230094EE20D057BC63ED19F0 C:\Windows\System32\drivers\wacompen.sys B4254668F5806AAA051A320FE88146F6 C:\Windows\system32\DRIVERS\wanarp.sys 44D1EF3CDB0B286FD73A7C0144CC6B1E C:\Windows\system32\DRIVERS\wanarp.sys 44D1EF3CDB0B286FD73A7C0144CC6B1E C:\Windows\System32\drivers\wd.sys 9BF0CE1E215789664EB563A52EC0B83B C:\Windows\system32\drivers\WdBoot.sys 4B4BCF47C86C10322046952D6B4B80E0 C:\Windows\System32\drivers\Wdf01000.sys CEA67D4279BF8A268062F08330179738 C:\Windows\system32\drivers\WdFilter.sys 5CA29AF6E4C46E73311E68FB63066B09 C:\Windows\System32\DRIVERS\wfplwfs.sys B7ADB3799F1B6D8172DFDCE1DA8937F5 C:\Windows\System32\drivers\wimmount.sys 8B7BBA41B67E92B73BAFEBDF570B3703 C:\Windows\System32\drivers\wmiacpi.sys F8A31500A1B7EFDB95E5103A7C7275C1 C:\Windows\System32\DRIVERS\wpcfltr.sys 9C3F5C7B716247756575235A3218FD38 C:\Windows\System32\drivers\WpdUpFltr.sys E5DCECD5A6A21AE48E94F6C9DC0E093C C:\Windows\system32\drivers\ws2ifsl.sys D646A22FA57F29BB06018CB7C6E0CD6A C:\Windows\system32\DRIVERS\wsnf.sys C3824F134EE64A70F3F401AB455616B9 C:\Windows\System32\drivers\wstif.sys C22FD7EEEBE7B666AD093E070CB74493 C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070 C:\Windows\System32\drivers\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF C:\Windows\system32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-15 14:50 - 2014-02-15 14:50 - 00027902 _____ () C:\Users\Vidya Samson\Desktop\FRST.txt 2014-02-15 14:50 - 2014-02-15 14:50 - 00000000 ____D () C:\FRST 2014-02-15 14:41 - 2014-02-15 14:41 - 01141248 _____ (Farbar) C:\Users\Vidya Samson\Desktop\FRST.exe 2014-02-15 14:40 - 2014-02-15 14:40 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2014-02-15 13:57 - 2014-02-15 13:57 - 00010209 _____ () C:\ComboFix.txt 2014-02-15 13:49 - 2014-02-15 13:57 - 00000000 ____D () C:\Qoobox 2014-02-15 13:49 - 2014-02-15 13:56 - 00000000 ____D () C:\Windows\erdnt 2014-02-15 13:49 - 2011-06-26 12:15 - 00256000 _____ () C:\Windows\PEV.exe 2014-02-15 13:49 - 2010-11-07 22:50 - 00208896 _____ () C:\Windows\MBR.exe 2014-02-15 13:49 - 2009-04-20 10:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-02-15 13:49 - 2000-08-31 05:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-02-15 13:49 - 2000-08-31 05:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-02-15 13:49 - 2000-08-31 05:30 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe 2014-02-15 13:49 - 2000-08-31 05:30 - 00098816 _____ () C:\Windows\sed.exe 2014-02-15 13:49 - 2000-08-31 05:30 - 00080412 _____ () C:\Windows\grep.exe 2014-02-15 13:49 - 2000-08-31 05:30 - 00068096 _____ () C:\Windows\zip.exe 2014-02-15 12:56 - 2014-02-15 12:57 - 05183211 ____R (Swearware) C:\Users\Vidya Samson\Desktop\ComboFix.exe 2014-02-15 08:41 - 2014-02-15 13:06 - 00005129 _____ () C:\Users\Vidya Samson\Documents\virus removal instructions.txt 2014-02-15 07:20 - 2014-02-15 13:55 - 00014924 _____ () C:\Windows\PFRO.log 2014-02-15 07:20 - 2014-02-15 07:20 - 00460312 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-14 23:49 - 2014-02-15 14:06 - 00085634 _____ () C:\Windows\WindowsUpdate.log 2014-02-14 23:21 - 2014-02-14 23:56 - 00000000 ____D () C:\Users\Vidya Samson\Desktop\RK_Quarantine 2014-02-14 23:20 - 2014-02-14 23:20 - 03813376 _____ () C:\Users\Vidya Samson\Desktop\RogueKiller.exe 2014-02-14 22:09 - 2014-02-15 07:20 - 00000404 _____ () C:\Windows\Tasks\Wise Turbo Checker.job 2014-02-14 22:08 - 2014-02-15 13:56 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise Care 365 2014-02-14 22:05 - 2014-02-14 22:05 - 00001118 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk 2014-02-14 21:55 - 2014-02-14 22:05 - 00000000 ____D () C:\Program Files\Wise 2014-02-14 21:55 - 2014-02-14 21:55 - 00001115 _____ () C:\Users\Public\Desktop\Wise PC 1stAid.lnk 2014-02-14 21:55 - 2014-02-14 21:55 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise PC 1stAid 2014-02-14 10:13 - 2014-02-14 10:13 - 00930440 _____ (CNET Download.com) C:\Users\Vidya Samson\Desktop\cbsidlm-cbsi176-Wise_Care_365_Free-BP-75744630.exe 2014-02-14 10:12 - 2014-02-14 10:12 - 04749448 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Desktop\WPCASetup.exe 2014-02-14 10:11 - 2014-02-14 10:11 - 04749448 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Downloads\WPCASetup.exe 2014-02-14 10:05 - 2014-02-14 10:05 - 00930440 _____ (CNET Download.com) C:\Users\Vidya Samson\Desktop\cbsidlm-cbsi176-Wise_Registry_Cleaner-BP-10605508.exe 2014-02-14 09:57 - 2014-02-14 09:58 - 03917960 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Desktop\WDCFree.exe 2014-02-13 22:14 - 2014-02-13 22:14 - 04721920 _____ (Piriform Ltd) C:\Users\Vidya Samson\Desktop\ccsetup410.exe 2014-02-13 18:39 - 2014-02-13 18:39 - 00000852 _____ () C:\Users\Vidya Samson\Desktop\JRT.txt 2014-02-13 18:28 - 2014-02-13 18:33 - 00000368 _____ () C:\Windows\system32\.crusader 2014-02-13 16:31 - 2014-02-13 16:31 - 00000000 ____D () C:\Windows\ERUNT 2014-02-13 16:30 - 2014-02-13 16:30 - 01037530 _____ (Thisisu) C:\Users\Vidya Samson\Desktop\JunkwareRemovalTool.exe 2014-02-13 16:15 - 2014-02-15 14:40 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-02-13 16:15 - 2014-02-13 16:15 - 00000000 ____D () C:\Program Files\HitmanPro 2014-02-13 15:59 - 2014-02-14 13:23 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-02-13 15:52 - 2014-02-13 15:57 - 09988304 _____ (SurfRight B.V.) C:\Users\Vidya Samson\Desktop\HitmanPro.exe 2014-02-13 15:35 - 2014-02-13 15:35 - 00009203 _____ () C:\Users\Vidya Samson\Desktop\dds.txt 2014-02-13 15:35 - 2014-02-13 15:35 - 00002843 _____ () C:\Users\Vidya Samson\Desktop\attach.txt 2014-02-13 15:30 - 2014-02-13 15:30 - 00001353 _____ () C:\AdwCleaner[s3].txt 2014-02-13 15:30 - 2014-02-13 15:30 - 00001293 _____ () C:\AdwCleaner[R7].txt 2014-02-13 15:25 - 2014-02-13 15:25 - 00000000 ____D () C:\Users\Vidya Samson\Desktop\Old Firefox Data 2014-02-12 10:44 - 2014-02-15 14:25 - 00001139 _____ () C:\Users\Vidya Samson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-02-12 09:48 - 2014-02-12 09:48 - 00001219 _____ () C:\AdwCleaner[s2].txt 2014-02-12 09:47 - 2014-02-12 09:48 - 00001158 _____ () C:\AdwCleaner[R6].txt 2014-02-12 09:46 - 2014-02-12 09:47 - 00001098 _____ () C:\AdwCleaner[R5].txt 2014-02-12 09:44 - 2013-06-12 07:45 - 00648201 _____ () C:\Users\Vidya Samson\Desktop\AdwCleaner.exe 2014-02-12 09:30 - 2014-02-13 15:28 - 00000000 ____D () C:\Program Files\AdwareRemovalToolv3.7 2014-02-12 01:18 - 2014-02-12 01:18 - 00001070 _____ () C:\AdwCleaner[R4].txt 2014-02-12 01:15 - 2014-02-12 01:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-12 01:15 - 2014-02-12 01:15 - 00000983 _____ () C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk 2014-02-12 01:15 - 2014-02-12 01:15 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Malwarebytes 2014-02-12 01:15 - 2014-02-12 01:15 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-12 01:15 - 2009-09-10 14:54 - 00038224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-02-12 01:15 - 2009-09-10 14:53 - 00019160 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-12 01:10 - 2014-02-12 01:11 - 00001009 _____ () C:\AdwCleaner[R3].txt 2014-02-12 01:05 - 2014-02-12 01:05 - 00005115 _____ () C:\AdwCleaner[s1].txt 2014-02-12 01:04 - 2014-02-12 01:04 - 00004910 _____ () C:\AdwCleaner[R2].txt 2014-02-12 01:04 - 2014-02-12 01:04 - 00004850 _____ () C:\AdwCleaner[R1].txt 2014-02-11 18:00 - 2014-02-11 18:00 - 01043533 _____ () C:\Users\Vidya Samson\AppData\Local\census.cache 2014-02-11 18:00 - 2014-02-11 18:00 - 00142741 _____ () C:\Users\Vidya Samson\AppData\Local\ars.cache 2014-02-11 16:15 - 2014-02-11 16:15 - 00000036 _____ () C:\Users\Vidya Samson\AppData\Local\housecall.guid.cache 2014-02-11 09:12 - 2014-02-11 09:12 - 00688992 ____R (Swearware) C:\Users\Vidya Samson\Desktop\dds.com 2014-02-10 11:36 - 2014-02-10 11:40 - 03917960 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Downloads\WDCFree.exe 2014-02-10 11:34 - 2014-02-14 21:51 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise Registry Cleaner 2014-02-10 11:20 - 2014-02-10 13:06 - 00000426 _____ () C:\Windows\Tasks\Wise Disk Cleaner Schedule Task.job 2014-02-10 11:17 - 2014-02-13 22:14 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-02-10 11:17 - 2014-02-13 22:14 - 00000000 ____D () C:\Program Files\CCleaner 2014-02-10 11:11 - 2014-02-14 10:01 - 00000000 ____D () C:\Program Files\Wise Registry Cleaner 2014-02-10 11:11 - 2014-02-10 11:21 - 00001090 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk 2014-02-10 11:09 - 2014-02-14 22:51 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise Disk Cleaner 2014-02-10 11:09 - 2014-02-14 10:07 - 00001067 _____ () C:\Users\Public\Desktop\Wise Disk Cleaner.lnk 2014-02-10 11:09 - 2014-02-14 10:07 - 00000000 ____D () C:\Program Files\Wise Disk Cleaner 2014-02-05 11:10 - 2014-02-05 11:10 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\OpenOffice.org 2014-02-05 11:07 - 2014-02-10 10:34 - 00000000 ____D () C:\Program Files\OpenOffice.org 3 2014-02-05 10:56 - 2014-02-10 10:40 - 00000000 ____D () C:\Program Files\File Type Assistant 2014-02-05 10:56 - 2014-02-05 10:56 - 16617352 _____ (Bitberry Software ) C:\Users\Vidya Samson\Downloads\FreeFileViewerSetup [1].exe 2014-02-05 10:55 - 2014-02-05 10:55 - 00000046 _____ () C:\Users\Vidya Samson\AppData\Roaming\WB.CFG 2014-02-05 10:52 - 2014-02-05 10:51 - 00139800 _____ () C:\Users\Vidya Samson\Downloads\My Deadly Prince Charming Edits.pages 2014-01-30 12:33 - 2014-01-30 12:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Windows\PCHEALTH Link to post Share on other sites
Juliet Posted February 15, 2014 Share Posted February 15, 2014 I can see Hitmanpro37 on the computer, you also have Quick Heal Total Security. This means you have 2 antivirus fighting each other for resources and your machine will not function properly. Make a decission which to keep and which one to uninstall. We do not recommend the use of registry cleaners. No registry cleaner is completely safe since most do not even create a backup the potential is ever present to cause more problems than they claim to fix. If you do not have knowledge of the registry, then you would probably be better off leaving it alone, and definitely not placing blind trust in a program to do the job for you. Our colleague miekiemoes has an excellent writeup here http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html We suggest uninstalling them via Add or Remove Programs in your Control Panel. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow) start SearchScopes: HKLM - DefaultScope value is missing. S3 28139; \??\C:\Users\VIDYAS~1\AppData\Local\Temp\34845337\28139.sys [X] DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab C:\Windows\System32\Tasks\AutoKMS end Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Download the latest version of TDSSKiller from here and save it to your Desktop. Doubleclick on TDSSKiller.exe to run the application Then click on Change parameters. Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK. Click the Start Scan button. If a suspicious object is detected, the default action will be Skip, click on Continue. If malicious objects are found, they will show in the Scan results and offer three (3) options. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process. Get the report by selecting Reports Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed. **************** Please copy and paste the fixlist.txt and TDSSKiller log in your next reply. Link to post Share on other sites
crossword Posted February 15, 2014 Author Share Posted February 15, 2014 I Uninstalled Hitmanpro37 but not the registry cleaners. I will no longer use registry cleaners to clean the registry. But I kept Wise Registry cleaner since it has Registry defrag and I assume defragging the registry would be good? I assume it won't delete any item, unlike the cleaner function? I did try to Download the latest version of TDSSKiller from the site. Its another site my comp won't connect to. So I ran the version I already had on my comp. it may be the latest; I downloaded it some months ago. Its version 3.0.0.10 The scan showed no threats were found. I did click on report but see no way to copy and paste it since when I right click, nothing happens. I can highlight the report and thats it. I see no copy button anywhere. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-02-2014 01 Ran by Vidya Samson at 2014-02-15 22:25:13 Run:1 Running from C:\Users\Vidya Samson\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start SearchScopes: HKLM - DefaultScope value is missing. S3 28139; \??\C:\Users\VIDYAS~1\AppData\Local\Temp\34845337\28139.sys [X] DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab C:\Windows\System32\Tasks\AutoKMS end ***************** HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. 28139 => Service deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully. HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} => Key deleted successfully. HKCR\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key deleted successfully. HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key deleted successfully. C:\Windows\System32\Tasks\AutoKMS => Moved successfully. ==== End of Fixlog ==== Link to post Share on other sites
Juliet Posted February 15, 2014 Share Posted February 15, 2014 I did try to Download the latest version of TDSSKiller from the site. Its another site my comp won't connect to. So I ran the version I already had on my comp. it may be the latest; I downloaded it some months ago. Its version 3.0.0.10 No, it would not be an updated copy. 1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/ 2. Unzip the File to a convenient location. (Recommend the Desktop) 3. Open the folder where the contents were unzipped to run mbar.exe 4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image: 5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.) 6. The following image opens, select Next. 7. The following image opens, select Update 8. When the Update completes, select Next 9. In the following window ensure "Targets" are ticked. Then select "Scan" 10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example: 11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows: 12. Select "Yes" to close down the program. If NO infections were found you will see the following image: 13. Select "Exit" to close down. 14. Copy and paste the two following logs from the mbar folder: System - log Mbar - log Date and time of scan will also be shown Post those two logs in your reply. Link to post Share on other sites
crossword Posted February 16, 2014 Author Share Posted February 16, 2014 i was surprised to see it said no malware found. does that mean what i have is so deep and tricky even this software cant find it? or is it good news? logs: Malwarebytes Anti-Rootkit BETA 1.07.0.1009www.malwarebytes.orgDatabase version: v2014.02.15.09Windows 8 x86 NTFSInternet Explorer 10.0.9200.16635Vidya Samson :: VIDYA [administrator]2/16/2014 6:04:20 AMmbar-log-2014-02-16 (06-04-20).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled:Objects scanned: 216732Time elapsed: 11 minute(s), 32 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)Physical Sectors Detected: 0(No malicious items detected)(end) ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1009© Malwarebytes Corporation 2011-2012OS version: 6.2.9200 Windows 8 x86Account is AdministrativeInternet Explorer version: 10.0.9200.16635File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXEDCPU speed: 3.415000 GHzMemory total: 3487682560, free: 1927036928=======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1009© Malwarebytes Corporation 2011-2012OS version: 6.2.9200 Windows 8 x86Account is AdministrativeInternet Explorer version: 10.0.9200.16635File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXEDCPU speed: 3.415000 GHzMemory total: 3487682560, free: 1970987008Downloaded database version: v2014.02.15.09Downloaded database version: v2013.12.18.01Initializing...======================------------ Kernel report ------------ 02/16/2014 06:04:13------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\halmacpi.dll\SystemRoot\system32\kd.dll\SystemRoot\system32\mcupdate_AuthenticAMD.dll\SystemRoot\System32\drivers\CLFS.SYS\SystemRoot\System32\drivers\tm.sys\SystemRoot\system32\PSHED.dll\SystemRoot\system32\BOOTVID.dll\SystemRoot\system32\CI.dll\SystemRoot\System32\drivers\msrpc.sys\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\System32\Drivers\acpiex.sys\SystemRoot\System32\Drivers\WppRecorder.sys\SystemRoot\System32\drivers\ACPI.sys\SystemRoot\System32\drivers\WMILIB.SYS\SystemRoot\System32\drivers\msisadrv.sys\SystemRoot\System32\drivers\pci.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\system32\drivers\tpm.sys\SystemRoot\System32\drivers\vdrvroot.sys\SystemRoot\system32\drivers\pdc.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\System32\drivers\spaceport.sys\SystemRoot\System32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\pciide.sys\SystemRoot\System32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\System32\drivers\atapi.sys\SystemRoot\System32\drivers\ataport.SYS\SystemRoot\System32\drivers\storahci.sys\SystemRoot\System32\drivers\storport.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\System32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\DRIVERS\wfplwfs.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\System32\drivers\volsnap.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\disk.sys\SystemRoot\System32\drivers\CLASSPNP.SYS\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\drivers\cdrom.sys\SystemRoot\system32\DRIVERS\ggc.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\BasicRender.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\System32\drivers\BasicDisplay.sys\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\wstif.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\wsnf.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\csc.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\System32\drivers\npsvctrig.sys\SystemRoot\System32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\System32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\kdnic.sys\SystemRoot\System32\drivers\umbus.sys\SystemRoot\System32\drivers\amdppm.sys\SystemRoot\system32\DRIVERS\atikmpag.sys\SystemRoot\system32\DRIVERS\atikmdag.sys\SystemRoot\system32\DRIVERS\Rt630x86.sys\SystemRoot\System32\drivers\usbohci.sys\SystemRoot\System32\drivers\USBPORT.SYS\SystemRoot\System32\drivers\usbehci.sys\SystemRoot\System32\drivers\HDAudBus.sys\SystemRoot\System32\drivers\parport.sys\SystemRoot\system32\DRIVERS\ASACPI.sys\SystemRoot\System32\drivers\i8042prt.sys\SystemRoot\System32\drivers\kbdclass.sys\SystemRoot\System32\drivers\serial.sys\SystemRoot\System32\drivers\serenum.sys\SystemRoot\System32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\System32\drivers\swenum.sys\SystemRoot\System32\drivers\ks.sys\SystemRoot\System32\drivers\rdpbus.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\System32\drivers\usbhub.sys\SystemRoot\System32\drivers\USBD.SYS\SystemRoot\system32\drivers\HdAudio.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\System32\drivers\hidusb.sys\SystemRoot\System32\drivers\HIDCLASS.SYS\SystemRoot\System32\drivers\HIDPARSE.SYS\SystemRoot\System32\drivers\mouhid.sys\SystemRoot\System32\drivers\mouclass.sys\SystemRoot\System32\drivers\USBSTOR.SYS\SystemRoot\System32\win32k.sys\SystemRoot\System32\Drivers\dump_diskdump.sys\SystemRoot\System32\Drivers\dump_storahci.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\drivers\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\catflt.sys\SystemRoot\system32\drivers\emltdi.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\drivers\parvdm.sys\SystemRoot\system32\drivers\Ndu.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\drivers\condrv.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\System32\drivers\WpdUpFltr.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\SystemRoot\system32\DRIVERS\mslldp.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xffffffff84bff7a8Upper Device Driver Name: \Driver\disk\Lower Device Name: \Device\0000003e\Lower Device Object: 0xffffffff84bc4410Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff85a71a80Upper Device Driver Name: \Driver\disk\Lower Device Name: \Device\0000002f\Lower Device Object: 0xffffffff85575b48Lower Device Driver Name: \Driver\storahci\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff85a71a80, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\--------- Disk Stack ------DevicePointer: 0xffffffff85a71700, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff85a71a80, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\DevicePointer: 0xffffffff85575b48, DeviceName: \Device\0000002f\, DriverName: \Driver\storahci\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesRead File: File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 8855C9B1Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 716800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 718848 Numsec = 132403200 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 133122048 Numsec = 147329024 Partition 3 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 280451072 Numsec = 696320000Disk Size: 500107862016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Physical Sector Size: 512Drive: 1, DevicePointer: 0xffffffff84bff7a8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\--------- Disk Stack ------DevicePointer: 0xffffffff84bc5c80, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff84bff7a8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\DevicePointer: 0xffffffff84bc4410, DeviceName: \Device\0000003e\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 1E8BC546Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 512007552 Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 512007615 Numsec = 464760450 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 500107862016 bytesSector size: 512 bytesDone!Scan finished=======================================Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...Removal finished Link to post Share on other sites
Juliet Posted February 16, 2014 Share Posted February 16, 2014 i was surprised to see it said no malware found. does that mean what i have is so deep and tricky even this software cant find it?I was surprised too. I can't help but think your security software is causing some issues here. Can we experiment? Can you uninstall it, download a free version of Microsoft Security Essentials AVAST Home Edition AntiVir Personal to see if you can access sites? Only if you feel you can download and install again QuickHeal Anti virus/security suite. What I would also like to do is, remove/delete the tools we have used so far and download fresh updated ones. Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com) There are 6 different versions. If one of them won't run then download and try to run the other one. Vista and Win7 users need to right click and choose Run as Admin You only need to get one of them to run, not all of them. rkill.exe rkill.com rkill.scr rkill.pif WiNlOgOn.exe uSeRiNiT.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Open AdwCleaner double click on adwcleaner.exe to run the tool. Click on Uninstall, then confirm with yes to remove AdwCleaner from your computer. Now, let's try an updated copy -AdwCleaner-by Xplode Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advertisment. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click on Scan. After the scan is complete click on "Clean" Confirm each time with Ok. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile with your next answer. You can find the logfile at C:\AdwCleaner[s1].txt as well. Link to post Share on other sites
crossword Posted February 16, 2014 Author Share Posted February 16, 2014 I can try all that but heres the thing: Even when I tried just now to get to gmail and my writing sites, I got redirected. Yes I'm unable to access certain sites but the issue is that I see by the bar at the bottom of the screen that I'm actually getting redirected to other sites though those sites don’t load either and the page just hangs there. I read its malware that casues sites to redirect so they can steal some info. So in that scenario, could it really be my quickheal that ispreventing me acessings ites? Isnt it more likely the malware that is doing it and that I must get rid of? Or do you feel that my QuickHeal Anti virus has been so compromised I should uninstall it? When I ran Hitman pro the first time, I remember it found some problem with quickheal but then I clicked on it to see more and it sort of froze and when I shut down and opened hitman again it didn’t say anything about quickheal. Earlier it had found 5 problems, then it froze. Then when I reopened it found some new prob which it cleaned. My friend who looked up QuickHeal on wiki said: "As far as QuickHeal, I found this comment on wikipedia concerning: 2005 • Took a technological leap with the introduction of DNAScan technology capable of detecting unknown viruses in real time without depending on latest signature patterns. Also this: 2013 • Detected Ransomware that demands a $300 Ransom http://en.wikipedia.org/wiki/Quick_Heal What I really don't like about Quickheal is the strange way it is 'advertised' on wikipedia- as if it was written by them and not users. No other Security Suite that I know makes those claims- especially about ransomware- and would not have allowed you to accidentally install a problematic program without a warning notice or two." Link to post Share on other sites
Juliet Posted February 16, 2014 Share Posted February 16, 2014 There is something else we can try but it involves using a clean computer to transfer over files to yours? What I have not been able to do is see the results of logs needed to help delete malicious files from scans we use daily. it is very possible Quickheal and it's added inside tools can be harmful to your computer but, until now and with your computer I have not seen this before. It is also possible to be used on many machines in your country. So at this time it is hard to say. I do not want you on the internet without security. On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive. Note: You need to run the version compatible with your system. Plug the flashdrive into the infected PC. If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt. If you are using Vista or Windows 7 enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Use the arrow keys to select the Repair your computer menu item. Select US as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account an click Next. Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used. To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html To enter System Recovery Options by using Windows installation disc: Insert the installation disc. Restart your computer. If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings. Click Repair your computer. Select US as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account and click Next. On the System Recovery Options menu you will get the following options: Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt Select Command Prompt Once in the Command Prompt: In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive. The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt Link to post Share on other sites
Juliet Posted February 16, 2014 Share Posted February 16, 2014 (edited) Let me add, until researching it for your computer, I had not seen Quick Heal antivirus. I have found reference to it now but I am still unsure of it's claims. Edited February 16, 2014 by Juliet typo Link to post Share on other sites
crossword Posted February 16, 2014 Author Share Posted February 16, 2014 I don’t have another machine. "What I have not been able to do is see the results of logs needed to help delete malicious files from scans we use daily." What logs do you want to see? If it is something I was unable to download earlier I could try again if you tell me what you want. Sometimes sites load for me, sometimes they don’t. I know I'm not teh expert but as I said before I think this MAY be the main thing causing the problem: I searched again for Right Surf in my finder EVERYTHING. Found the same 4 instances. they're all .exe files and all the path names have a "prefetch" at teh end. Two are in C Folder, 2 in H, which is my ext drive. I had had my drive plugged in when I got the virus and never removed it since I figured antivirus scans etc would benefit the drive too. Now I'm worried. How do I remove this malware from my comp and also my ext drive? Maybe if I only could delete this all my probs could be solved? Worth a try, I think. Link to post Share on other sites
Juliet Posted February 16, 2014 Share Posted February 16, 2014 I dont have another machine. You would have to use a friend's computer and it would need to be clean. What logs do you want to see? I would like to see the results of Farbar Recovery Scan Tool, If you could please try to download it one more time Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. Press Scan button. It will produce a log called FRST.txt in the same directory the tool is run from. Please copy and paste log back here. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. ~~~~~~~~~~~~~~~~~~~~~~~~~~ Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform FULL Scan", then click Scan. A small window might open, be sure to also include your external drive to be scanned. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If you are not able to do the above we can next try: Download OTL to your desktop. Double click on the icon to run it. Vista / Windows 7/8 users right-click and select Run As Administrator. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in. Link to post Share on other sites
crossword Posted February 16, 2014 Author Share Posted February 16, 2014 i have an old version of malwarebytes. I had run it earlier; it showed no threats. When I try to click update it keeps saying error occurred. will try again later. I'm puzzled. I think I did post the Farbar logs earlier. I still have them on my desktop; were there any other you wanted or are these the ones: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01Ran by Vidya Samson (administrator) on VIDYA on 16-02-2014 20:39:23Running from C:\Users\Vidya Samson\DesktopMicrosoft Windows 8 Enterprise (X86) OS Language: English(US)Internet Explorer Version 10Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\onlinent.exe(Microsoft Corporation) C:\Program Files\Microsoft Encarta\Encarta Reference Library DVD 2003\EDICT.EXE(CANON INC.) C:\Windows\system32\CNAB4RPK.EXE(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE(Microsoft Corporation) C:\Windows\splwow64.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE==================== Registry (Whitelisted) ==================HKLM\...\Run: [Quick Heal Core UI] - C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [161264 2012-08-04] (Quick Heal Technologies (P) Ltd.)HKU\S-1-5-21-2261785502-2541491869-2394418403-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USBHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\MSERO.DLL (Microsoft Corporation)Hosts: 127.0.0.1 localhostTcpip\Parameters: [DhcpNameServer] 192.168.1.1FireFox:========FF ProfilePath: C:\Users\Vidya Samson\AppData\Roaming\Mozilla\Firefox\Profiles\jx62iwu2.default-1392285308308FF Homepage: hxxp://www.zoetrope.com/members/priv/index.cgi?show_page=discuss&owner=14437FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Oracle Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSWF32.dll ()FF Extension: ImageBlock - C:\Users\Vidya Samson\AppData\Roaming\Mozilla\Firefox\Profiles\jx62iwu2.default-1392285308308\Extensions\[email protected] [2014-02-13]========================== Services (Whitelisted) =================R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [29680 2012-07-28] (Quick Heal Technologies (P) Ltd.)S2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [206320 2012-07-28] (Quick Heal Technologies (P) Ltd.)R2 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [206320 2012-07-28] (Quick Heal Technologies (P) Ltd.)R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [25584 2012-07-28] (Quick Heal Technologies (P) Ltd.)R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [91120 2012-07-28] (Quick Heal Technologies (P) Ltd.)R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [243320 2012-08-09] (Quick Heal Technologies (P) Ltd.)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13344 2013-01-29] (Microsoft Corporation)S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com)==================== Drivers (Whitelisted) ====================R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation)R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [40416 2012-09-08] (Quick Heal Technologies (P) Ltd.)R2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [29424 2012-08-04] (Quick Heal Technologies (P) Ltd.)R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [49904 2012-07-28] (Quick Heal Technologies (P) Ltd.)S3 llio; C:\Windows\system32\DRIVERS\llio.sys [55712 2013-08-14] (Quick Heal Technologies (P) Ltd.)S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [33136 2012-07-28] (Quick Heal Technologies (P) Ltd.)R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [16256 2013-05-17] ()R1 wsnf; C:\Windows\system32\DRIVERS\wsnf.sys [38856 2012-07-10] (Quick Heal Technologies (P) Ltd.)R1 wstif; C:\Windows\System32\drivers\wstif.sys [68448 2012-08-06] (Quick Heal Technologies (P) Ltd.)S3 catchme; \??\C:\Users\VIDYAS~1\AppData\Local\Temp\catchme.sys [X]========================== Drivers MD5 =======================C:\Windows\System32\drivers\1394ohci.sys E7B9E170EFF01486D3118E372BA0AF21C:\Windows\System32\drivers\3ware.sys 96191579DDB1A201A2FB79C1D05680B4C:\Windows\System32\drivers\ACPI.sys 682595B152AA55B2237D40EB9A3271FCC:\Windows\System32\Drivers\acpiex.sys 3A5DA97644B9E2662CFF186A8798519CC:\Windows\System32\drivers\acpipagr.sys 87C4AE693CA8AB6E2A13B7C7453466DBC:\Windows\System32\drivers\acpipmi.sys C7D2BA04BA3C6CA702C2615A0C50469CC:\Windows\System32\drivers\acpitime.sys 38E110C96B2ACAB4D9A701777C9BCD98C:\Windows\System32\drivers\adp94xx.sys 2FE756FD6E0336990D0B3652A07EBB9BC:\Windows\System32\drivers\adpahci.sys CC579EC50EE5435A4070306C0E4EF9E6C:\Windows\System32\drivers\adpu320.sys 82743090D0259BF9F1373AD48372CBACC:\Windows\system32\drivers\afd.sys 6043C72306D5C7B8BC823A1CC49F53B8C:\Windows\System32\drivers\agp440.sys 73BB2C687305C4195ED7511587B041AAC:\Windows\System32\drivers\amdagp.sys E44885EA3E89A54BF14C78892CE85EA0C:\Windows\System32\drivers\amdk8.sys E546E3E390EFD4C2AB908E29C5BEA55DC:\Windows\system32\DRIVERS\atikmdag.sys 0B2D841BE0E9BB975DE943A4072431FDC:\Windows\system32\DRIVERS\atikmpag.sys 77C11737D6F136F33F30FC4827A27F81C:\Windows\System32\drivers\amdppm.sys DF8CD36E27310F425A7ABB586AB05550C:\Windows\System32\drivers\amdsata.sys 8D5D89177552EDFD5C9730CCE79F7FCCC:\Windows\System32\drivers\amdsbs.sys 5725597CF5E002FB665C6C69787DAA8AC:\Windows\System32\drivers\amdxata.sys FB336B5F110770CF22F6BFEB1906E773C:\Windows\system32\drivers\appid.sys CB3613E82A5B058AB6A69846B0DDC6C5C:\Windows\System32\drivers\arc.sys A0982052EE6B01DC9B0CB7FEFD13040FC:\Windows\System32\drivers\arcsas.sys 7E17A734B0D33B8F9287F28F1C583DD7C:\Windows\System32\DRIVERS\asyncmac.sys E12BC771325E70C2A875136B0BAF491EC:\Windows\System32\drivers\atapi.sys 48D8C3F2006698691F5AE0BB595FDCC8C:\Windows\System32\drivers\BasicDisplay.sys A96A499B6C931B7242D964D5D695A506C:\Windows\System32\drivers\BasicRender.sys D313E4D7DF0187CEDA121793F937EA89C:\Windows\system32\Drivers\Beep.sys E53DDF8C101E3CB6A0483D592A8CC476C:\Windows\System32\DRIVERS\bowser.sys D7148E90581185DB2CC6A2EED9C8281CC:\Windows\System32\drivers\BthAvrcpTg.sys 4F7981232826D677FBE4D3D37845ADD7C:\Windows\System32\drivers\bthhfenum.sys 3EEEA1B69C16A8D159B53896EC78420CC:\Windows\System32\drivers\BthHFHid.sys 403C9BA247F4D4C0E4FF6FFA5F096EF6C:\Windows\System32\drivers\bthmodem.sys 0C706A8B022A44413F6C36ECEAAA2838C:\Windows\System32\DRIVERS\catflt.sys D49635CE0F6BE5DDA7F462987A050EF9C:\Windows\System32\DRIVERS\cdfs.sys 00B4FA77732C7823D292ECD672660882C:\Windows\System32\drivers\cdrom.sys 4E707EC5071DD8F5C29A7410780BD4C3C:\Windows\System32\drivers\circlass.sys 17BE1CB162768E886B2BBA63F8B89371C:\Windows\System32\drivers\CLFS.sys D5370A0D3A8F7E531FE9BA3E3C81BAC8C:\Windows\System32\drivers\CmBatt.sys 16744C84320D33880E38DF7409585EBFC:\Windows\System32\Drivers\cng.sys FC5C6FC2D889D34CDFE50ECBCE0EDDD6C:\Windows\System32\DRIVERS\cnghwassist.sys E65DF0F65ECD3F74012C5C6D4F0523FDC:\Windows\System32\drivers\CompositeBus.sys 357444DE560252A907F8B687005B3DCAC:\Windows\System32\drivers\condrv.sys F1B79B7B595B0D7990756C12FA64F00EC:\Windows\System32\drivers\csc.sys 8AF45624AD6EA2F4D44B06E7E06983ADC:\Windows\System32\drivers\dam.sys 05107EAC6D02D8789BABB79199152BC6C:\Windows\System32\Drivers\dfsc.sys B21FDAC50FCD4CE53C203F097273532AC:\Windows\System32\drivers\discache.sys C0C87CCE88C4532B575AD60A95E7FD57C:\Windows\System32\drivers\disk.sys 4E3237D8266580412CCA774321056111C:\Windows\System32\drivers\dmvsc.sys 9B20A9DB154249E0E40036BC8BDC3E38C:\Windows\system32\drivers\drmkaud.sys E48E86694E57723C67478F3AC082D42BC:\Windows\System32\drivers\dxgkrnl.sys A46E69E1AEC3CD106610CCF90A517C4AC:\Windows\System32\drivers\EhStorClass.sys BC7119CF5B5BC9F54C8FAE221C3227F2C:\Windows\System32\drivers\EhStorTcgDrv.sys 1A5945FA87A05A97A1175657B7BA4EDBC:\Windows\System32\drivers\emltdi.sys 775B48998AF0B5FD614406F7E98AA7C9C:\Windows\System32\drivers\errdev.sys 8B22B788A329645F08AB4F86B9580AF3C:\Windows\system32\Drivers\exfat.sys B60B2A0E110D640440263268FC02C726C:\Windows\system32\Drivers\fastfat.sys C8B18803E1521225BDBA86B5F7D2E9FCC:\Windows\System32\drivers\fdc.sys 9709867A1354A4D10046ADE31DA67511C:\Windows\System32\drivers\fileinfo.sys 1018AE04A4D36BA60247C2C22D7BA7D1C:\Windows\System32\drivers\filetrace.sys 3A2F87EF4400B5E542E2C2BA8FAB4222C:\Windows\System32\drivers\flpydisk.sys F37314C92AB8C876DB478A36A6D9FF0EC:\Windows\System32\drivers\fltmgr.sys 13C0B6F6EFD0D5C6871C07B56CB5403DC:\Windows\System32\drivers\FsDepends.sys 16D4CC9AE485BC60B6AE026FF2497DE8C:\Windows\system32\Drivers\Fs_Rec.sys 28E64CAC27FE3A7CA34E2F93E9A8092AC:\Windows\System32\DRIVERS\fvevol.sys D49DB3B4F82296B3BDF3336442A10516C:\Windows\System32\drivers\fxppm.sys BD9C0C40ED4DEB4FC7562DD62FA18FD7C:\Windows\System32\drivers\gagp30kx.sys B5AD0B13AD7FD1C749FC45D81392B9DFC:\Windows\System32\drivers\vmgencounter.sys A9608FF3B1B577BFC969A7B6797B1FC1C:\Windows\System32\DRIVERS\ggc.sys 8350BA8454BDC8F47046F9C40CC88507C:\Windows\System32\Drivers\msgpioclx.sys 9F3695F4FAEA73BE6D0BA856C4D5C3BDC:\Windows\system32\drivers\HdAudio.sys 7A63087EDE3504684055A57A45E2AFF9C:\Windows\System32\drivers\HDAudBus.sys 0E3FC2062E796F6A9B1ED995E1CBB25EC:\Windows\System32\drivers\HidBatt.sys 8CBCFA78D2B43CCC23BF5A4C09A700CAC:\Windows\System32\drivers\hidbth.sys 9133AFFBA020B97100703DB8E598C73FC:\Windows\System32\drivers\hidi2c.sys 804019176228EBE260A821C5688CAFD2C:\Windows\System32\drivers\hidir.sys 11A4D12F4CADD18CDA334C2756FE450AC:\Windows\System32\drivers\hidusb.sys 48ADFEFD445291AE7D619B3F4638B092C:\Windows\System32\drivers\HpSAMD.sys D7544353157E11864C00A48BC90EF183C:\Windows\System32\drivers\HTTP.sys 8FE9867871C32E9B9A3276C61A0FACC0C:\Windows\System32\drivers\hwpolicy.sys 4A3E6732E5BEF6DF531A217B5EBB5C54C:\Windows\System32\drivers\hyperkbd.sys 0F819743721DFB5906734243ED0CE935C:\Windows\system32\DRIVERS\HyperVideo.sys A14A2EBA22929901F64B496C1D555982C:\Windows\System32\drivers\i8042prt.sys 11EDC37780E8A2F8E311D73F7658A4D7C:\Windows\System32\drivers\iaStorV.sys C444F83C318BE18719DC1FDAEFF10898C:\Windows\System32\drivers\iirsp.sys 7BB542C7156FA72CC83C1177BB190F94C:\Windows\System32\drivers\intelide.sys A43BC9416741ABEA2B8DF60D2C0EA6A2C:\Windows\System32\drivers\intelppm.sys 9081A954273763F0AC25DE0C2B2DB593C:\Windows\System32\DRIVERS\ipfltdrv.sys AB308167857138B84E4DECDF2000DD27C:\Windows\System32\drivers\IPMIDrv.sys 7E4FEE6D5C5BC52199C481DAC564FE43C:\Windows\System32\drivers\ipnat.sys 57B0C0D982013C72911A3F5CBA795034C:\Windows\System32\drivers\irenum.sys 9D6DB34476AC6448B3CA59D8676F7CE6C:\Windows\System32\drivers\isapnp.sys 2E1347C9CC7DDB43183AF725135ACF0DC:\Windows\System32\drivers\msiscsi.sys 0E3BDF6F27031D5BBC030E14EB7EACCBC:\Windows\System32\drivers\kbdclass.sys 4533BE9F8D67BDCF5FECA87DCC345448C:\Windows\System32\drivers\kbdhid.sys 8F73A6DAEF7F7D102FBBA6F3EBC47F97C:\Windows\system32\DRIVERS\kdnic.sys F7E302012680B0617C904B58594E0376C:\Windows\System32\Drivers\ksecdd.sys 65AE68224E27425871354430E542252AC:\Windows\System32\Drivers\ksecpkg.sys 6FABC01A91D5F2D5B4DAD2F5F1C6C249C:\Windows\system32\DRIVERS\llio.sys 3885A9AA8217D84A09A8DC21A414EFA3C:\Windows\system32\DRIVERS\lltdio.sys AD581D8BA8C2CE46933D44392BA35C24C:\Windows\System32\drivers\lsi_sas.sys 6B01CB678E1E390CEA9514D4774EFB51C:\Windows\System32\drivers\lsi_sas2.sys 4C3AFBA9ED36535313054AC26532E9DEC:\Windows\System32\drivers\lsi_scsi.sys 0715DC27611C202D04BC0365D666DD27C:\Windows\System32\drivers\lsi_sss.sys DB6B9554AA4F83212E80D5107D8C53EEC:\Windows\system32\drivers\luafv.sys F731770C339FEB6563397D410793A756C:\Windows\System32\drivers\megasas.sys 125C3C5A315500A1AD54F0B4766AF815C:\Windows\System32\drivers\MegaSR.sys 05457CC7F5586C6E8D02FFA7F23FCEDFC:\Windows\System32\drivers\modem.sys 049E433162AFE9B08C05D81D2C62CD61C:\Windows\System32\drivers\monitor.sys 81F2FEE55660E51820C93A388AE8FEB9C:\Windows\System32\drivers\mouclass.sys 9D3F069A705325E7B7CEA36BFB65E616C:\Windows\System32\drivers\mouhid.sys 3C3C50AA12E2E48A9FEAA4BF5AA789A0C:\Windows\System32\drivers\mountmgr.sys 13D8E3077EF0AE583F4634236D9A0992C:\Windows\System32\drivers\mpsdrv.sys C8D0E7A4C5033EF0A7DD076F08CF2F70C:\Windows\system32\drivers\mrxdav.sys 329E3ACBFC616666D3D04C6FDC1B71E0C:\Windows\System32\DRIVERS\mrxsmb.sys 5FAC7AC77D9ADD42579EDF678F08DF9FC:\Windows\System32\DRIVERS\mrxsmb10.sys B9F3DA35CDE171B5CBA70319AD7D5E59C:\Windows\System32\DRIVERS\mrxsmb20.sys 96E88C54A0CF32A74483819DA7DA3A15C:\Windows\system32\DRIVERS\bridge.sys 61E23CF0A54EDBAE5CFE3322E960ECC9C:\Windows\System32\DRIVERS\mscank.sys 17E08A26EF51CFA71BA6007DFE884759C:\Windows\system32\Drivers\Msfs.sys 651DEF4337DD77E6A607CEE49D3C4B30C:\Windows\System32\drivers\msgpiowin32.sys 8F47F5F31F001C4F97840DB723618DD0C:\Windows\System32\drivers\mshidkmdf.sys 26BBD77D23FFABB14C3291A1B8555EA5C:\Windows\System32\drivers\mshidumdf.sys 51808FEF911B77758A6CF7CEB469AF9EC:\Windows\System32\drivers\msisadrv.sys F103DF830D370B7535FDA3D477C8D8A0C:\Windows\system32\drivers\MSKSSRV.sys 3FCF6AA904516872CF70ED248F86889BC:\Windows\system32\DRIVERS\mslldp.sys 10C229EAC28FDB8550EE93D955932F83C:\Windows\system32\drivers\MSPCLOCK.sys BA786F089895196E18120F66F996A3D2C:\Windows\system32\drivers\MSPQM.sys 362950A5F7B1794DA9CB985AF7BBCC4BC:\Windows\system32\Drivers\MsRPC.sys 79A14AB6C6A5B01E9CE99937D1304D13C:\Windows\System32\drivers\mssmbios.sys A819A3006C27870AF05E408AD06FACFFC:\Windows\system32\drivers\MSTEE.sys FB1D61A2998A5C4456C6B73DD41D5352C:\Windows\System32\drivers\MTConfig.sys 3CC687876469F0FD3B2D936FA7A6EC59C:\Windows\system32\DRIVERS\ASACPI.sys 98F1A21FEB21AA86402AD35CB09074D4C:\Windows\System32\Drivers\mup.sys 6779B2A319A563C68B56DE8491E9EA76C:\Windows\System32\drivers\mvumis.sys 1DEF95DC467131BF4AB52A8F72C42D89C:\Windows\system32\DRIVERS\nwifi.sys D48E3B33BD911BA28413A4337456724FC:\Windows\System32\drivers\ndis.sys 714F5CAA4510805BD29DF7BE4587F770C:\Windows\system32\DRIVERS\ndiscap.sys 9B8BC481DEEAA07C51DA214D2CEF2FC9C:\Windows\system32\DRIVERS\NdisImPlatform.sys 1EA68DB9E05248EF9B940D6D0A0725B3C:\Windows\system32\DRIVERS\ndistapi.sys 71F6E2AF63B0E52B36CEE7F0AE076A18C:\Windows\system32\DRIVERS\ndisuio.sys DDC67239BFE82DC5A878039B464B1968C:\Windows\system32\DRIVERS\ndiswan.sys 556DB924D61BC4A5E0F95D383E9B1009C:\Windows\system32\DRIVERS\ndiswan.sys 556DB924D61BC4A5E0F95D383E9B1009C:\Windows\system32\Drivers\NDProxy.sys B8C10B9DE50120E8CA3E995F94CA80D7C:\Windows\System32\drivers\Ndu.sys 583F95CEFCD5D896B5531BD338030401C:\Windows\System32\DRIVERS\netbios.sys 4CA677A214248DB8227F8035B546F7D0C:\Windows\System32\DRIVERS\netbt.sys 303A053C25E468B9925C22288BEF8484C:\Windows\System32\drivers\nfrd960.sys 4B539272E9F5C3B8D9714D137FD340A6C:\Windows\system32\Drivers\Npfs.sys EAC569A77BE92B247FCA51E498B17DF1C:\Windows\System32\drivers\npsvctrig.sys 6E994702ED294CDBED7621590EC75735C:\Windows\System32\drivers\nsiproxy.sys 9588CCD14571FA22F8F2ECCF198AB448C:\Windows\system32\Drivers\Ntfs.sys 99C73E3FE9B36275BD91D2009F2BA2E0C:\Windows\system32\Drivers\Null.sys 0F965AF67042AF539274738FFD0C8C71C:\Windows\System32\drivers\nvraid.sys BD23FF50A9A59AAF48052F5E7D0682B0C:\Windows\System32\drivers\nvstor.sys 108DD54A5B1E73F583AF7DC94CCE52B8C:\Windows\System32\drivers\nv_agp.sys 5ED87C9C51CFE59B1DDFF8290719E0E4C:\Windows\System32\drivers\parport.sys 8BCE63AF5B52642E832630F862DE96EFC:\Windows\System32\drivers\partmgr.sys 7289BE4566F0E5126868EB6E4292CC3CC:\Windows\System32\drivers\parvdm.sys 49A439FEAB060F74B8EC7DBF44D4A7BAC:\Windows\System32\drivers\pci.sys EA828C84C8948D0E4994C1E0A45EB05FC:\Windows\System32\drivers\pciide.sys B4444133ED61F87FD49A2ADD28285115C:\Windows\System32\drivers\pcmcia.sys 6E11FDE71F2015007CDD4AE9D2D700C9C:\Windows\System32\drivers\pcw.sys 8A56B080B12950D448D556FE4BA6C68CC:\Windows\System32\drivers\pdc.sys 58F99F74C33B7615ABEECF70BAD5FE1EC:\Windows\System32\drivers\peauth.sys 8C7EE53A9F6A5F01E77DBB81654E5B66C:\Windows\system32\DRIVERS\raspptp.sys 03D522782A0BB5108C8A43A10EE51CB0C:\Windows\System32\drivers\processr.sys 03B982CAD4C2661076061F726200699EC:\Windows\system32\DRIVERS\pacer.sys 42E46DC7767F5AB664E3F6B36D9764ADC:\Windows\system32\drivers\qwavedrv.sys 29E548E1C511BFBE56FA6438488DE0E0C:\Windows\System32\DRIVERS\rasacd.sys C07E9331431C78D41F30E62A15E1D324C:\Windows\system32\DRIVERS\AgileVpn.sys F63755B2DCE1BE7927F5CEAB7991EFEDC:\Windows\system32\DRIVERS\rasl2tp.sys 6E0649D7325D85C47C844EB3267E4625C:\Windows\system32\DRIVERS\raspppoe.sys 5BA6DB7AD04A8EADE0A41E6C8427582BC:\Windows\system32\DRIVERS\rassstp.sys 3A421DDA09E3BF96E9D698D13FDC139EC:\Windows\System32\DRIVERS\rdbss.sys ED1CBB55D5946520994FCD8CA9596D9DC:\Windows\System32\drivers\rdpbus.sys 4FB0345ADE5C2E15EA1A22F173E71D37C:\Windows\System32\drivers\rdpdr.sys 2CAD2A13569741C67CD9C52F97E0F992C:\Windows\System32\drivers\rdpvideominiport.sys DD7A269C2E3CDEBDBC872A1BBB547FFDC:\Windows\system32\Drivers\RDPWD.sys EA0E833A1418C28E6085DFFA68731EA5C:\Windows\System32\drivers\rdyboost.sys 38A8012D03150D6852B9CDDB24280F1AC:\Windows\system32\DRIVERS\rspndr.sys C7BD738B9BF45E797A6089AF946BAC47C:\Windows\system32\DRIVERS\Rt630x86.sys BF93264AE817867448A1A8D9F650A288C:\Windows\System32\drivers\vms3cap.sys E21867D4A8FF3824150E56979E333610C:\Windows\System32\drivers\sbp2port.sys 434F805B0B3840A52C19C96A7BB64AA3C:\Windows\System32\DRIVERS\scfilter.sys 3F21FBE0550B41240B6A864F6C8C15E4C:\Windows\System32\drivers\sdbus.sys 725EF6FE7EDB150BF25B3D8EA7819FD4C:\Windows\System32\drivers\sdstor.sys BCAE716C7A79CCE1012BF6BF910D31A3C:\Windows\system32\Drivers\secdrv.sys A8CC993CED4DF9710ADAABC9DA66B660C:\Windows\System32\drivers\SerCx.sys 3DE395F302C4DCD3D4792EB786A7B402C:\Windows\System32\drivers\serenum.sys C706C88BAEE6B23C86C791EF47D901D4C:\Windows\System32\drivers\serial.sys F492965E2EDDB1BCA2E000A1085BE082C:\Windows\System32\drivers\sermouse.sys 409C91880A6A70FDD33CFEDC43D0F808C:\Windows\System32\drivers\sfloppy.sys BDF7F7AC3700DAF0A19D19C008D408C0C:\Windows\System32\drivers\sisagp.sys A5A3C56B5E46F77E6992A3772F8E4C8DC:\Windows\System32\drivers\SiSRaid2.sys 39763193254A265FDA6F08EF375549DFC:\Windows\System32\drivers\sisraid4.sys 2A95CC135283B3C56B783171532B62D0C:\Windows\System32\drivers\spaceport.sys 5C9F014F1D52160CEC897C7A684673AAC:\Windows\System32\drivers\SpbCx.sys C8E9372645392E23CF36B4C1686B1509C:\Windows\System32\DRIVERS\srv.sys 8B20E19AF56E21E9549D4CA496BB78D6C:\Windows\System32\DRIVERS\srv2.sys DD81ABA1081A9A4E2999568C0DB61A49C:\Windows\System32\DRIVERS\srvnet.sys C4006F04178E58192FFD0A82A5E5E897C:\Windows\System32\drivers\stexstor.sys CC17B7A7C4DD72BE2B10DAF254147A2BC:\Windows\System32\drivers\storahci.sys EC9B71B41184284E65F496B39C572F30C:\Windows\System32\DRIVERS\vmstorfl.sys B00DA575ADF228C1D33269CDE92A68ECC:\Windows\System32\drivers\storvsc.sys 5C538C4975B53C31500BC535FF436CDCC:\Windows\System32\drivers\swenum.sys 8DCA45AD5E2D83E00A1952BE2B541A27C:\Windows\System32\drivers\Synth3dVsc.sys 997F0D578CDB5D25EB242B84FC24E0D4C:\Windows\System32\drivers\tcpip.sys 04FF6793A4083FA17B224D316A5B0BF8C:\Windows\system32\DRIVERS\tcpip.sys 04FF6793A4083FA17B224D316A5B0BF8C:\Windows\System32\drivers\tcpipreg.sys D40FB114D559FDDE599293E1B5107644C:\Windows\System32\DRIVERS\tdx.sys 0886D9F1B5A5334FBB143A260E4BFB5CC:\Windows\System32\drivers\terminpt.sys 0E099CC6D72DD47CAB9CC3D5DDF0A93EC:\Windows\system32\drivers\tpm.sys A3E6E1E7DA37D0C919D2A0EA1C18A9F9C:\Windows\System32\drivers\tsusbflt.sys B9E622309DE8C780E6818531586F2221C:\Windows\System32\drivers\TsUsbGD.sys 074440A1C04913F7DF81839565A47917C:\Windows\System32\drivers\tsusbhub.sys 8E998D0E9AFFC3712FC86C484A17827CC:\Windows\system32\DRIVERS\tunnel.sys 62EE13D4EE7DB793C13F33F51A21170EC:\Windows\System32\drivers\uagp35.sys E0750A399E378C8433165C843FD7F732C:\Windows\System32\drivers\uaspstor.sys B3B9DDEEFC3B823B3067DCADCD80014DC:\Windows\System32\drivers\ucx01000.sys B4475F3B30A06B0E977F44AA3745765CC:\Windows\System32\DRIVERS\udfs.sys 942D7B29F95DC6C5D14B8758044627C1C:\Windows\System32\drivers\uliagpkx.sys C4FE9CC8AA769B1D140C07308574969DC:\Windows\System32\drivers\umbus.sys D54E16CE5FF8493E611CFF34F96F5A00C:\Windows\System32\drivers\umpass.sys 4F92FB5D2353C1B75F0C3138C1822FC3C:\Windows\System32\drivers\usbccgp.sys ABFF3E6009343A2613D31FDC241A6D6EC:\Windows\System32\drivers\usbcir.sys 614BDD1AB210F6DCE5EDFE0624717C94C:\Windows\System32\drivers\usbehci.sys E7614B639357ADCB056D5FAAB9E2FB00C:\Windows\System32\drivers\usbhub.sys A091EDE464BB2406BB78DAE7B35B590CC:\Windows\System32\drivers\UsbHub3.sys DD0AA53DFBCE547020AB57A107B2B7A7C:\Windows\System32\drivers\usbohci.sys D3641BCE4BE9858423CF0FA843A77AC1C:\Windows\System32\drivers\usbprint.sys 81F2E53B5945995FD5D459180EB21AE7C:\Windows\System32\drivers\USBSTOR.SYS 727CE341DF7EFDC94F2868393549F497C:\Windows\System32\drivers\usbuhci.sys 599D7D0A2DD4F5517DA1ADEAAF0B468FC:\Windows\System32\drivers\USBXHCI.SYS 3C4D95B57D60FC6871FCE49ADE7CA2EFC:\Windows\System32\drivers\vdrvroot.sys 0AA85E1C967652071D283147AC4B17CDC:\Windows\System32\drivers\VerifierExt.sys F70882757673FA7D4E466D811E1AC029C:\Windows\System32\drivers\vhdmp.sys 01F65399F930E5F26D39F18C1F665B03C:\Windows\System32\drivers\viaagp.sys 91A67D2DDDD75D173A6590B75E305E3CC:\Windows\System32\drivers\viac7.sys 0C3370E2CFE0C1A51C37B58A1938837FC:\Windows\System32\drivers\viaide.sys 11283532CE62BA51557D00E09262ED78C:\Windows\System32\drivers\vmbus.sys 2E4777120FC246CCF76A69C7BB4AEF57C:\Windows\System32\drivers\VMBusHID.sys FA7B57977E55B60409FD9E36FC57395CC:\Windows\System32\drivers\volmgr.sys 7E8BCEEA56197925D944CA7D230596F7C:\Windows\System32\drivers\volmgrx.sys 9C21037D3983D9B93190D2AA16570395C:\Windows\System32\drivers\volsnap.sys 8E15C3D58A8ADE841060661DBA6E7A9BC:\Windows\System32\drivers\vsmraid.sys C5B79DA9C82C01EEFAABA713A858649EC:\Windows\System32\drivers\vstxraid.sys AB5F5CC034E31E496606E666657F3CC2C:\Windows\System32\drivers\vwifibus.sys 23044877230094EE20D057BC63ED19F0C:\Windows\System32\drivers\wacompen.sys B4254668F5806AAA051A320FE88146F6C:\Windows\system32\DRIVERS\wanarp.sys 44D1EF3CDB0B286FD73A7C0144CC6B1EC:\Windows\system32\DRIVERS\wanarp.sys 44D1EF3CDB0B286FD73A7C0144CC6B1EC:\Windows\System32\drivers\wd.sys 9BF0CE1E215789664EB563A52EC0B83BC:\Windows\system32\drivers\WdBoot.sys 4B4BCF47C86C10322046952D6B4B80E0C:\Windows\System32\drivers\Wdf01000.sys CEA67D4279BF8A268062F08330179738C:\Windows\system32\drivers\WdFilter.sys 5CA29AF6E4C46E73311E68FB63066B09C:\Windows\System32\DRIVERS\wfplwfs.sys B7ADB3799F1B6D8172DFDCE1DA8937F5C:\Windows\System32\drivers\wimmount.sys 8B7BBA41B67E92B73BAFEBDF570B3703C:\Windows\System32\drivers\wmiacpi.sys F8A31500A1B7EFDB95E5103A7C7275C1C:\Windows\System32\DRIVERS\wpcfltr.sys 9C3F5C7B716247756575235A3218FD38C:\Windows\System32\drivers\WpdUpFltr.sys E5DCECD5A6A21AE48E94F6C9DC0E093CC:\Windows\system32\drivers\ws2ifsl.sys D646A22FA57F29BB06018CB7C6E0CD6AC:\Windows\system32\DRIVERS\wsnf.sys C3824F134EE64A70F3F401AB455616B9C:\Windows\System32\drivers\wstif.sys C22FD7EEEBE7B666AD093E070CB74493C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070C:\Windows\System32\drivers\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DFC:\Windows\system32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-02-16 09:36 - 2014-02-12 09:30 - 00414944 _____ () C:\Users\Vidya Samson\Desktop\Adware-Removal-Tool-V3.7.exe2014-02-16 09:32 - 2014-02-16 09:32 - 00001473 _____ () C:\AdwCleaner[s4].txt2014-02-16 09:31 - 2014-02-16 09:32 - 00001413 _____ () C:\AdwCleaner[R8].txt2014-02-16 09:31 - 2014-02-16 09:31 - 00030301 _____ () C:\Users\Vidya Samson\Desktop\RKreport[0]_D_02162014_093102.txt2014-02-16 09:31 - 2014-02-16 09:31 - 00000998 _____ () C:\Users\Vidya Samson\Desktop\RKreport[0]_H_02162014_093106.txt2014-02-16 09:31 - 2014-02-16 09:31 - 00000909 _____ () C:\Users\Vidya Samson\Desktop\RKreport[0]_PR_02162014_093108.txt2014-02-16 09:31 - 2014-02-16 09:31 - 00000873 _____ () C:\Users\Vidya Samson\Desktop\RKreport[0]_DN_02162014_093110.txt2014-02-16 09:29 - 2014-02-16 09:29 - 00030257 _____ () C:\Users\Vidya Samson\Desktop\RKreport[0]_S_02162014_092942.txt2014-02-16 06:04 - 2014-02-16 09:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-02-16 06:01 - 2014-02-16 09:16 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-02-16 05:40 - 2014-02-16 05:40 - 00001833 _____ () C:\Users\Vidya Samson\Desktop\malwarebytes rootkit tool.txt2014-02-16 05:13 - 2014-02-16 05:14 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Vidya Samson\Desktop\mbar-1.07.0.1009.exe2014-02-15 14:52 - 2014-02-15 22:24 - 00017433 _____ () C:\Users\Vidya Samson\Desktop\Addition.txt2014-02-15 14:50 - 2014-02-16 20:39 - 00026889 _____ () C:\Users\Vidya Samson\Desktop\FRST.txt2014-02-15 14:50 - 2014-02-16 20:39 - 00000000 ____D () C:\FRST2014-02-15 14:41 - 2014-02-15 14:41 - 01141248 _____ (Farbar) C:\Users\Vidya Samson\Desktop\FRST.exe2014-02-15 13:57 - 2014-02-15 13:57 - 00010209 _____ () C:\ComboFix.txt2014-02-15 13:49 - 2014-02-15 13:57 - 00000000 ____D () C:\Qoobox2014-02-15 13:49 - 2014-02-15 13:56 - 00000000 ____D () C:\Windows\erdnt2014-02-15 13:49 - 2011-06-26 12:15 - 00256000 _____ () C:\Windows\PEV.exe2014-02-15 13:49 - 2010-11-07 22:50 - 00208896 _____ () C:\Windows\MBR.exe2014-02-15 13:49 - 2009-04-20 10:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-02-15 13:49 - 2000-08-31 05:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-02-15 13:49 - 2000-08-31 05:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-02-15 13:49 - 2000-08-31 05:30 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe2014-02-15 13:49 - 2000-08-31 05:30 - 00098816 _____ () C:\Windows\sed.exe2014-02-15 13:49 - 2000-08-31 05:30 - 00080412 _____ () C:\Windows\grep.exe2014-02-15 13:49 - 2000-08-31 05:30 - 00068096 _____ () C:\Windows\zip.exe2014-02-15 12:56 - 2014-02-15 12:57 - 05183211 ____R (Swearware) C:\Users\Vidya Samson\Desktop\ComboFix.exe2014-02-15 08:41 - 2014-02-15 13:06 - 00005129 _____ () C:\Users\Vidya Samson\Documents\virus removal instructions.txt2014-02-15 07:20 - 2014-02-16 05:07 - 00015484 _____ () C:\Windows\PFRO.log2014-02-15 07:20 - 2014-02-15 07:20 - 00460312 _____ () C:\Windows\system32\FNTCACHE.DAT2014-02-14 23:49 - 2014-02-16 18:01 - 00251566 _____ () C:\Windows\WindowsUpdate.log2014-02-14 23:21 - 2014-02-16 09:31 - 00000000 ____D () C:\Users\Vidya Samson\Desktop\RK_Quarantine2014-02-14 23:20 - 2014-02-14 23:20 - 03813376 _____ () C:\Users\Vidya Samson\Desktop\RogueKiller.exe2014-02-14 22:09 - 2014-02-15 07:20 - 00000404 _____ () C:\Windows\Tasks\Wise Turbo Checker.job2014-02-14 22:08 - 2014-02-16 17:52 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise Care 3652014-02-14 22:05 - 2014-02-14 22:05 - 00001118 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk2014-02-14 21:55 - 2014-02-14 22:05 - 00000000 ____D () C:\Program Files\Wise2014-02-14 21:55 - 2014-02-14 21:55 - 00001115 _____ () C:\Users\Public\Desktop\Wise PC 1stAid.lnk2014-02-14 21:55 - 2014-02-14 21:55 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise PC 1stAid2014-02-14 10:13 - 2014-02-14 10:13 - 00930440 _____ (CNET Download.com) C:\Users\Vidya Samson\Desktop\cbsidlm-cbsi176-Wise_Care_365_Free-BP-75744630.exe2014-02-14 10:12 - 2014-02-14 10:12 - 04749448 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Desktop\WPCASetup.exe2014-02-14 10:11 - 2014-02-14 10:11 - 04749448 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Downloads\WPCASetup.exe2014-02-14 10:05 - 2014-02-14 10:05 - 00930440 _____ (CNET Download.com) C:\Users\Vidya Samson\Desktop\cbsidlm-cbsi176-Wise_Registry_Cleaner-BP-10605508.exe2014-02-14 09:57 - 2014-02-14 09:58 - 03917960 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Desktop\WDCFree.exe2014-02-13 22:14 - 2014-02-13 22:14 - 04721920 _____ (Piriform Ltd) C:\Users\Vidya Samson\Desktop\ccsetup410.exe2014-02-13 18:39 - 2014-02-13 18:39 - 00000852 _____ () C:\Users\Vidya Samson\Desktop\JRT.txt2014-02-13 18:28 - 2014-02-13 18:33 - 00000368 _____ () C:\Windows\system32\.crusader2014-02-13 16:31 - 2014-02-13 16:31 - 00000000 ____D () C:\Windows\ERUNT2014-02-13 16:30 - 2014-02-13 16:30 - 01037530 _____ (Thisisu) C:\Users\Vidya Samson\Desktop\JunkwareRemovalTool.exe2014-02-13 16:15 - 2014-02-15 21:46 - 00000000 ____D () C:\Program Files\HitmanPro2014-02-13 15:59 - 2014-02-14 13:23 - 00000000 ____D () C:\ProgramData\HitmanPro2014-02-13 15:52 - 2014-02-13 15:57 - 09988304 _____ (SurfRight B.V.) C:\Users\Vidya Samson\Desktop\HitmanPro.exe2014-02-13 15:35 - 2014-02-13 15:35 - 00009203 _____ () C:\Users\Vidya Samson\Desktop\dds.txt2014-02-13 15:35 - 2014-02-13 15:35 - 00002843 _____ () C:\Users\Vidya Samson\Desktop\attach.txt2014-02-13 15:30 - 2014-02-13 15:30 - 00001353 _____ () C:\AdwCleaner[s3].txt2014-02-13 15:30 - 2014-02-13 15:30 - 00001293 _____ () C:\AdwCleaner[R7].txt2014-02-13 15:25 - 2014-02-13 15:25 - 00000000 ____D () C:\Users\Vidya Samson\Desktop\Old Firefox Data2014-02-12 10:44 - 2014-02-15 14:25 - 00001139 _____ () C:\Users\Vidya Samson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2014-02-12 09:48 - 2014-02-12 09:48 - 00001219 _____ () C:\AdwCleaner[s2].txt2014-02-12 09:47 - 2014-02-12 09:48 - 00001158 _____ () C:\AdwCleaner[R6].txt2014-02-12 09:46 - 2014-02-12 09:47 - 00001098 _____ () C:\AdwCleaner[R5].txt2014-02-12 09:44 - 2013-06-12 07:45 - 00648201 _____ () C:\Users\Vidya Samson\Desktop\AdwCleaner.exe2014-02-12 09:30 - 2014-02-16 09:36 - 00000000 ____D () C:\Program Files\AdwareRemovalToolv3.72014-02-12 01:18 - 2014-02-12 01:18 - 00001070 _____ () C:\AdwCleaner[R4].txt2014-02-12 01:15 - 2014-02-16 09:17 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys2014-02-12 01:15 - 2014-02-12 01:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware2014-02-12 01:15 - 2014-02-12 01:15 - 00000983 _____ () C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk2014-02-12 01:15 - 2014-02-12 01:15 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Malwarebytes2014-02-12 01:15 - 2014-02-12 01:15 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-02-12 01:15 - 2009-09-10 14:53 - 00019160 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-02-12 01:10 - 2014-02-12 01:11 - 00001009 _____ () C:\AdwCleaner[R3].txt2014-02-12 01:05 - 2014-02-12 01:05 - 00005115 _____ () C:\AdwCleaner[s1].txt2014-02-12 01:04 - 2014-02-12 01:04 - 00004910 _____ () C:\AdwCleaner[R2].txt2014-02-12 01:04 - 2014-02-12 01:04 - 00004850 _____ () C:\AdwCleaner[R1].txt2014-02-11 18:00 - 2014-02-11 18:00 - 01043533 _____ () C:\Users\Vidya Samson\AppData\Local\census.cache2014-02-11 18:00 - 2014-02-11 18:00 - 00142741 _____ () C:\Users\Vidya Samson\AppData\Local\ars.cache2014-02-11 16:15 - 2014-02-11 16:15 - 00000036 _____ () C:\Users\Vidya Samson\AppData\Local\housecall.guid.cache2014-02-11 09:12 - 2014-02-11 09:12 - 00688992 ____R (Swearware) C:\Users\Vidya Samson\Desktop\dds.com2014-02-10 11:36 - 2014-02-10 11:40 - 03917960 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Downloads\WDCFree.exe2014-02-10 11:34 - 2014-02-14 21:51 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise Registry Cleaner2014-02-10 11:20 - 2014-02-10 13:06 - 00000426 _____ () C:\Windows\Tasks\Wise Disk Cleaner Schedule Task.job2014-02-10 11:17 - 2014-02-13 22:14 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-02-10 11:17 - 2014-02-13 22:14 - 00000000 ____D () C:\Program Files\CCleaner2014-02-10 11:11 - 2014-02-14 10:01 - 00000000 ____D () C:\Program Files\Wise Registry Cleaner2014-02-10 11:11 - 2014-02-10 11:21 - 00001090 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk2014-02-10 11:09 - 2014-02-14 22:51 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise Disk Cleaner2014-02-10 11:09 - 2014-02-14 10:07 - 00001067 _____ () C:\Users\Public\Desktop\Wise Disk Cleaner.lnk2014-02-10 11:09 - 2014-02-14 10:07 - 00000000 ____D () C:\Program Files\Wise Disk Cleaner2014-02-05 11:10 - 2014-02-05 11:10 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\OpenOffice.org2014-02-05 11:07 - 2014-02-10 10:34 - 00000000 ____D () C:\Program Files\OpenOffice.org 32014-02-05 10:56 - 2014-02-10 10:40 - 00000000 ____D () C:\Program Files\File Type Assistant2014-02-05 10:56 - 2014-02-05 10:56 - 16617352 _____ (Bitberry Software ) C:\Users\Vidya Samson\Downloads\FreeFileViewerSetup [1].exe2014-02-05 10:55 - 2014-02-05 10:55 - 00000046 _____ () C:\Users\Vidya Samson\AppData\Roaming\WB.CFG2014-02-05 10:52 - 2014-02-05 10:51 - 00139800 _____ () C:\Users\Vidya Samson\Downloads\My Deadly Prince Charming Edits.pages2014-01-30 12:33 - 2014-01-30 12:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Windows\PCHEALTH2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 82014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services2014-01-30 12:31 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft Office2014-01-30 12:31 - 2014-01-30 12:31 - 00000000 ___RD () C:\MSOCache==================== One Month Modified Files and Folders =======2014-02-16 20:39 - 2014-02-15 14:50 - 00026889 _____ () C:\Users\Vidya Samson\Desktop\FRST.txt2014-02-16 20:39 - 2014-02-15 14:50 - 00000000 ____D () C:\FRST2014-02-16 20:30 - 2012-07-26 12:23 - 00000000 ____D () C:\Windows\system32\sru2014-02-16 20:16 - 2013-07-30 14:46 - 00000468 _____ () C:\Windows\Tasks\Resume Quickup Download.job2014-02-16 20:07 - 2013-07-31 22:59 - 00000000 ____D () C:\Users\Vidya Samson\Desktop\files to save on CD 22014-02-16 18:56 - 2013-08-02 15:50 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\ClassicShell2014-02-16 18:16 - 2013-07-30 14:46 - 00000492 _____ () C:\Windows\Tasks\Quick Heal AntiMalware Scan.job2014-02-16 18:01 - 2014-02-14 23:49 - 00251566 _____ () C:\Windows\WindowsUpdate.log2014-02-16 17:55 - 2013-07-30 14:32 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI2014-02-16 17:52 - 2014-02-14 22:08 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise Care 3652014-02-16 17:51 - 2012-07-26 11:34 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-02-16 11:10 - 2012-07-26 12:23 - 00000000 ____D () C:\Windows\AUInstallAgent2014-02-16 10:29 - 2012-07-26 12:23 - 00000000 ____D () C:\Windows\Microsoft.NET2014-02-16 09:36 - 2014-02-12 09:30 - 00000000 ____D () C:\Program Files\AdwareRemovalToolv3.72014-02-16 09:32 - 2014-02-16 09:32 - 00001473 _____ () C:\AdwCleaner[s4].txt2014-02-16 09:32 - 2014-02-16 09:31 - 00001413 _____ () C:\AdwCleaner[R8].txt2014-02-16 09:31 - 2014-02-16 09:31 - 00030301 _____ () C:\Users\Vidya Samson\Desktop\RKreport[0]_D_02162014_093102.txt2014-02-16 09:31 - 2014-02-16 09:31 - 00000998 _____ () C:\Users\Vidya Samson\Desktop\RKreport[0]_H_02162014_093106.txt2014-02-16 09:31 - 2014-02-16 09:31 - 00000909 _____ () C:\Users\Vidya Samson\Desktop\RKreport[0]_PR_02162014_093108.txt2014-02-16 09:31 - 2014-02-16 09:31 - 00000873 _____ () C:\Users\Vidya Samson\Desktop\RKreport[0]_DN_02162014_093110.txt2014-02-16 09:31 - 2014-02-14 23:21 - 00000000 ____D () C:\Users\Vidya Samson\Desktop\RK_Quarantine2014-02-16 09:29 - 2014-02-16 09:29 - 00030257 _____ () C:\Users\Vidya Samson\Desktop\RKreport[0]_S_02162014_092942.txt2014-02-16 09:26 - 2014-02-16 06:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-02-16 09:17 - 2014-02-12 01:15 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys2014-02-16 09:16 - 2014-02-16 06:01 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-02-16 05:40 - 2014-02-16 05:40 - 00001833 _____ () C:\Users\Vidya Samson\Desktop\malwarebytes rootkit tool.txt2014-02-16 05:14 - 2014-02-16 05:13 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Vidya Samson\Desktop\mbar-1.07.0.1009.exe2014-02-16 05:07 - 2014-02-15 07:20 - 00015484 _____ () C:\Windows\PFRO.log2014-02-16 05:06 - 2013-07-30 14:33 - 00000000 ____D () C:\Windows\system32\gprodat2014-02-15 22:24 - 2014-02-15 14:52 - 00017433 _____ () C:\Users\Vidya Samson\Desktop\Addition.txt2014-02-15 21:46 - 2014-02-13 16:15 - 00000000 ____D () C:\Program Files\HitmanPro2014-02-15 14:41 - 2014-02-15 14:41 - 01141248 _____ (Farbar) C:\Users\Vidya Samson\Desktop\FRST.exe2014-02-15 14:25 - 2014-02-12 10:44 - 00001139 _____ () C:\Users\Vidya Samson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2014-02-15 13:57 - 2014-02-15 13:57 - 00010209 _____ () C:\ComboFix.txt2014-02-15 13:57 - 2014-02-15 13:49 - 00000000 ____D () C:\Qoobox2014-02-15 13:57 - 2012-07-26 10:13 - 00000000 __RHD () C:\Users\Default2014-02-15 13:57 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Public2014-02-15 13:56 - 2014-02-15 13:49 - 00000000 ____D () C:\Windows\erdnt2014-02-15 13:56 - 2012-07-26 09:47 - 00000215 _____ () C:\Windows\system.ini2014-02-15 13:06 - 2014-02-15 08:41 - 00005129 _____ () C:\Users\Vidya Samson\Documents\virus removal instructions.txt2014-02-15 12:57 - 2014-02-15 12:56 - 05183211 ____R (Swearware) C:\Users\Vidya Samson\Desktop\ComboFix.exe2014-02-15 07:20 - 2014-02-15 07:20 - 00460312 _____ () C:\Windows\system32\FNTCACHE.DAT2014-02-15 07:20 - 2014-02-14 22:09 - 00000404 _____ () C:\Windows\Tasks\Wise Turbo Checker.job2014-02-15 07:20 - 2013-07-30 14:23 - 00000000 ____D () C:\Users\Vidya Samson2014-02-14 23:49 - 2013-07-30 15:19 - 00000000 ____D () C:\Windows\Panther2014-02-14 23:20 - 2014-02-14 23:20 - 03813376 _____ () C:\Users\Vidya Samson\Desktop\RogueKiller.exe2014-02-14 22:51 - 2014-02-10 11:09 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise Disk Cleaner2014-02-14 22:05 - 2014-02-14 22:05 - 00001118 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk2014-02-14 22:05 - 2014-02-14 21:55 - 00000000 ____D () C:\Program Files\Wise2014-02-14 21:55 - 2014-02-14 21:55 - 00001115 _____ () C:\Users\Public\Desktop\Wise PC 1stAid.lnk2014-02-14 21:55 - 2014-02-14 21:55 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise PC 1stAid2014-02-14 21:51 - 2014-02-10 11:34 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Wise Registry Cleaner2014-02-14 16:59 - 2013-10-21 21:41 - 00000000 ____D () C:\Users\Vidya Samson\Desktop\SAMSON 22014-02-14 13:23 - 2014-02-13 15:59 - 00000000 ____D () C:\ProgramData\HitmanPro2014-02-14 10:13 - 2014-02-14 10:13 - 00930440 _____ (CNET Download.com) C:\Users\Vidya Samson\Desktop\cbsidlm-cbsi176-Wise_Care_365_Free-BP-75744630.exe2014-02-14 10:12 - 2014-02-14 10:12 - 04749448 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Desktop\WPCASetup.exe2014-02-14 10:11 - 2014-02-14 10:11 - 04749448 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Downloads\WPCASetup.exe2014-02-14 10:07 - 2014-02-10 11:09 - 00001067 _____ () C:\Users\Public\Desktop\Wise Disk Cleaner.lnk2014-02-14 10:07 - 2014-02-10 11:09 - 00000000 ____D () C:\Program Files\Wise Disk Cleaner2014-02-14 10:05 - 2014-02-14 10:05 - 00930440 _____ (CNET Download.com) C:\Users\Vidya Samson\Desktop\cbsidlm-cbsi176-Wise_Registry_Cleaner-BP-10605508.exe2014-02-14 10:01 - 2014-02-10 11:11 - 00000000 ____D () C:\Program Files\Wise Registry Cleaner2014-02-14 09:58 - 2014-02-14 09:57 - 03917960 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Desktop\WDCFree.exe2014-02-13 22:14 - 2014-02-13 22:14 - 04721920 _____ (Piriform Ltd) C:\Users\Vidya Samson\Desktop\ccsetup410.exe2014-02-13 22:14 - 2014-02-10 11:17 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-02-13 22:14 - 2014-02-10 11:17 - 00000000 ____D () C:\Program Files\CCleaner2014-02-13 18:39 - 2014-02-13 18:39 - 00000852 _____ () C:\Users\Vidya Samson\Desktop\JRT.txt2014-02-13 18:33 - 2014-02-13 18:28 - 00000368 _____ () C:\Windows\system32\.crusader2014-02-13 16:31 - 2014-02-13 16:31 - 00000000 ____D () C:\Windows\ERUNT2014-02-13 16:30 - 2014-02-13 16:30 - 01037530 _____ (Thisisu) C:\Users\Vidya Samson\Desktop\JunkwareRemovalTool.exe2014-02-13 15:57 - 2014-02-13 15:52 - 09988304 _____ (SurfRight B.V.) C:\Users\Vidya Samson\Desktop\HitmanPro.exe2014-02-13 15:35 - 2014-02-13 15:35 - 00009203 _____ () C:\Users\Vidya Samson\Desktop\dds.txt2014-02-13 15:35 - 2014-02-13 15:35 - 00002843 _____ () C:\Users\Vidya Samson\Desktop\attach.txt2014-02-13 15:30 - 2014-02-13 15:30 - 00001353 _____ () C:\AdwCleaner[s3].txt2014-02-13 15:30 - 2014-02-13 15:30 - 00001293 _____ () C:\AdwCleaner[R7].txt2014-02-13 15:25 - 2014-02-13 15:25 - 00000000 ____D () C:\Users\Vidya Samson\Desktop\Old Firefox Data2014-02-12 09:48 - 2014-02-12 09:48 - 00001219 _____ () C:\AdwCleaner[s2].txt2014-02-12 09:48 - 2014-02-12 09:47 - 00001158 _____ () C:\AdwCleaner[R6].txt2014-02-12 09:47 - 2014-02-12 09:46 - 00001098 _____ () C:\AdwCleaner[R5].txt2014-02-12 09:30 - 2014-02-16 09:36 - 00414944 _____ () C:\Users\Vidya Samson\Desktop\Adware-Removal-Tool-V3.7.exe2014-02-12 09:22 - 2012-07-26 12:23 - 00000024 _____ () C:\AUTOEXEC.BAT2014-02-12 01:18 - 2014-02-12 01:18 - 00001070 _____ () C:\AdwCleaner[R4].txt2014-02-12 01:16 - 2014-02-12 01:15 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware2014-02-12 01:15 - 2014-02-12 01:15 - 00000983 _____ () C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk2014-02-12 01:15 - 2014-02-12 01:15 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\Malwarebytes2014-02-12 01:15 - 2014-02-12 01:15 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-02-12 01:11 - 2014-02-12 01:10 - 00001009 _____ () C:\AdwCleaner[R3].txt2014-02-12 01:05 - 2014-02-12 01:05 - 00005115 _____ () C:\AdwCleaner[s1].txt2014-02-12 01:04 - 2014-02-12 01:04 - 00004910 _____ () C:\AdwCleaner[R2].txt2014-02-12 01:04 - 2014-02-12 01:04 - 00004850 _____ () C:\AdwCleaner[R1].txt2014-02-12 00:33 - 2013-07-30 07:39 - 00000539 _____ () C:\Windows\system32\nvscnrpt.log2014-02-11 18:00 - 2014-02-11 18:00 - 01043533 _____ () C:\Users\Vidya Samson\AppData\Local\census.cache2014-02-11 18:00 - 2014-02-11 18:00 - 00142741 _____ () C:\Users\Vidya Samson\AppData\Local\ars.cache2014-02-11 16:15 - 2014-02-11 16:15 - 00000036 _____ () C:\Users\Vidya Samson\AppData\Local\housecall.guid.cache2014-02-11 09:12 - 2014-02-11 09:12 - 00688992 ____R (Swearware) C:\Users\Vidya Samson\Desktop\dds.com2014-02-10 13:06 - 2014-02-10 11:20 - 00000426 _____ () C:\Windows\Tasks\Wise Disk Cleaner Schedule Task.job2014-02-10 13:06 - 2013-07-31 09:53 - 00000000 ____D () C:\Program Files\Scriptware for Windows2014-02-10 13:06 - 2013-07-30 19:03 - 00000000 ____D () C:\Program Files\Final Draft 52014-02-10 13:06 - 2013-07-29 23:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox2014-02-10 13:06 - 2013-07-29 23:56 - 00000000 ____D () C:\Program Files\WinRAR2014-02-10 13:05 - 2014-01-12 11:51 - 10223616 _____ () C:\Windows\system32\config\SYSTEM.bak2014-02-10 13:05 - 2013-07-30 00:14 - 47185920 _____ () C:\Windows\system32\config\SOFTWARE.bak2014-02-10 13:05 - 2012-07-26 09:47 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak2014-02-10 13:05 - 2012-07-26 09:47 - 00262144 _____ () C:\Windows\system32\config\SAM.bak2014-02-10 13:05 - 2012-07-26 09:47 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak2014-02-10 12:12 - 2013-12-11 14:31 - 00000000 ____D () C:\Users\Vidya Samson\Documents\My Kindle Content2014-02-10 12:02 - 2013-11-08 11:04 - 00002228 _____ () C:\Users\Vidya Samson\Desktop\Kindle.lnk2014-02-10 11:40 - 2014-02-10 11:36 - 03917960 _____ (WiseCleaner.com ) C:\Users\Vidya Samson\Downloads\WDCFree.exe2014-02-10 11:21 - 2014-02-10 11:11 - 00001090 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk2014-02-10 10:52 - 2013-07-30 00:01 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-02-10 10:40 - 2014-02-05 10:56 - 00000000 ____D () C:\Program Files\File Type Assistant2014-02-10 10:35 - 2014-01-16 13:20 - 00000000 ____D () C:\Program Files\Java2014-02-10 10:34 - 2014-02-05 11:07 - 00000000 ____D () C:\Program Files\OpenOffice.org 32014-02-09 23:42 - 2012-07-26 09:47 - 00262144 ___SH () C:\Windows\system32\config\BBI2014-02-09 04:39 - 2013-07-29 23:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service2014-02-05 13:23 - 2013-09-04 11:11 - 00000000 ____D () C:\Users\Vidya Samson\Desktop\SAMSON 32014-02-05 11:10 - 2014-02-05 11:10 - 00000000 ____D () C:\Users\Vidya Samson\AppData\Roaming\OpenOffice.org2014-02-05 10:56 - 2014-02-05 10:56 - 16617352 _____ (Bitberry Software ) C:\Users\Vidya Samson\Downloads\FreeFileViewerSetup [1].exe2014-02-05 10:55 - 2014-02-05 10:55 - 00000046 _____ () C:\Users\Vidya Samson\AppData\Roaming\WB.CFG2014-02-05 10:51 - 2014-02-05 10:52 - 00139800 _____ () C:\Users\Vidya Samson\Downloads\My Deadly Prince Charming Edits.pages2014-01-30 12:33 - 2014-01-30 12:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER2014-01-30 12:33 - 2013-07-30 00:04 - 00000000 ____D () C:\Program Files\MSBuild2014-01-30 12:33 - 2012-07-26 12:23 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Windows\PCHEALTH2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 82014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition2014-01-30 12:32 - 2014-01-30 12:32 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services2014-01-30 12:32 - 2014-01-30 12:31 - 00000000 ____D () C:\Program Files\Microsoft Office2014-01-30 12:32 - 2012-07-26 12:23 - 00000000 ____D () C:\Program Files\Microsoft.NET2014-01-30 12:32 - 2012-07-26 12:23 - 00000000 ____D () C:\Program Files\Common Files\System2014-01-30 12:32 - 2012-07-26 12:19 - 00000000 ____D () C:\Windows\ShellNew2014-01-30 12:32 - 2012-07-26 09:47 - 00000167 _____ () C:\Windows\win.ini2014-01-30 12:31 - 2014-01-30 12:31 - 00000000 ___RD () C:\MSOCache==================== Bamital & volsnap Check =================C:\Windows\explorer.exe[2012-07-26 04:41] - [2012-07-26 09:20] - 2114936 ____A (Microsoft Corporation) 5B6ED1B57DBFF18D405A0260559B571EC:\Windows\system32\winlogon.exe[2012-07-26 05:25] - [2012-07-26 08:51] - 0411648 ____A (Microsoft Corporation) C06BA1F360CEF6AB51F41B3D0D5FE92DC:\Windows\system32\wininit.exe => MD5 is legitC:\Windows\system32\svchost.exe[2012-07-26 05:31] - [2012-07-26 08:50] - 0023040 ____A (Microsoft Corporation) 0A175AF8B65797BD22C11903A8BFEB2DC:\Windows\system32\services.exe[2012-07-26 09:47] - [2012-07-26 09:47] - 0333312 ____A (Microsoft Corporation) 575FB4211BB07DB7D2179B1B05FE7EFDC:\Windows\system32\User32.dll[2012-07-26 05:33] - [2012-07-26 08:50] - 1171968 ____A (Microsoft Corporation) 4A18E559ECE09C7A1021CEFEC22F0BE6C:\Windows\system32\userinit.exe => MD5 is legitC:\Windows\system32\rpcss.dll => MD5 is legitC:\Windows\system32\Drivers\volsnap.sys => MD5 is legit==================== BCD ================================Windows Boot Manager--------------------identifier {bootmgr}device partition=\Device\HarddiskVolume1description Windows Boot Managerlocale en-USinherit {globalsettings}integrityservices Enabledefault {current}resumeobject {4fbeb3d4-f8fd-11e2-a3dc-fa0863b6e204}displayorder {current}toolsdisplayorder {memdiag}timeout 30Windows Boot Loader-------------------identifier {current}device partition=C:path \Windows\system32\winload.exedescription Windows 8locale en-USinherit {bootloadersettings}recoverysequence {4fbeb3d6-f8fd-11e2-a3dc-fa0863b6e204}integrityservices Enablerecoveryenabled Yesallowedinmemorysettings 0x15000075osdevice partition=C:systemroot \Windowsresumeobject {4fbeb3d4-f8fd-11e2-a3dc-fa0863b6e204}nx OptInbootmenupolicy StandardWindows Boot Loader-------------------identifier {4fbeb3d6-f8fd-11e2-a3dc-fa0863b6e204}device ramdisk=[\Device\HarddiskVolume1]\Recovery\4fbeb3d6-f8fd-11e2-a3dc-fa0863b6e204\Winre.wim,{4fbeb3d7-f8fd-11e2-a3dc-fa0863b6e204}path \windows\system32\winload.exedescription Windows Recovery Environmentlocale en-USinherit {bootloadersettings}displaymessage Recoveryosdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\4fbeb3d6-f8fd-11e2-a3dc-fa0863b6e204\Winre.wim,{4fbeb3d7-f8fd-11e2-a3dc-fa0863b6e204}systemroot \windowsnx OptInbootmenupolicy Standardwinpe YesResume from Hibernate---------------------identifier {4fbeb3d4-f8fd-11e2-a3dc-fa0863b6e204}device partition=C:path \Windows\system32\winresume.exedescription Windows Resume Applicationlocale en-USinherit {resumeloadersettings}recoverysequence {4fbeb3d6-f8fd-11e2-a3dc-fa0863b6e204}recoveryenabled Yesallowedinmemorysettings 0x15000075filedevice partition=C:filepath \hiberfil.sysbootmenupolicy Standardpae Yesdebugoptionenabled NoWindows Memory Tester---------------------identifier {memdiag}device partition=\Device\HarddiskVolume1path \boot\memtest.exedescription Windows Memory Diagnosticlocale en-USinherit {globalsettings}badmemoryaccess YesEMS Settings------------identifier {emssettings}bootems NoDebugger Settings-----------------identifier {dbgsettings}debugtype Serialdebugport 1baudrate 115200RAM Defects-----------identifier {badmemory}Global Settings---------------identifier {globalsettings}inherit {dbgsettings} {emssettings} {badmemory}Boot Loader Settings--------------------identifier {bootloadersettings}inherit {globalsettings} {hypervisorsettings}Hypervisor Settings-------------------identifier {hypervisorsettings}hypervisordebugtype Serialhypervisordebugport 1hypervisorbaudrate 115200Resume Loader Settings----------------------identifier {resumeloadersettings}inherit {globalsettings}Device options--------------identifier {4fbeb3d7-f8fd-11e2-a3dc-fa0863b6e204}description Windows Recoveryramdisksdidevice partition=\Device\HarddiskVolume1ramdisksdipath \Recovery\4fbeb3d6-f8fd-11e2-a3dc-fa0863b6e204\boot.sdiLastRegBack: 2014-02-16 08:07==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01Ran by Vidya Samson at 2014-02-15 22:24:02Running from C:\Users\Vidya Samson\DesktopBoot Mode: Normal============================================================================== Security Center ========================AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: Quick Heal Total Security 2013 (Enabled - Up to date) {D8418B0E-EE80-1320-B172-3D5DEB3CE14F}AS: Quick Heal Total Security 2013 (Enabled - Up to date) {63206AEA-C8BA-1CAE-8BC2-062F90BBABF2}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Quick Heal Firewall (Enabled) {E07A0A2B-A4EF-1278-9A2D-946815EFA634}==================== Installed Programs ======================Adobe Reader X (10.1.9) (Versi Link to post Share on other sites
Juliet Posted February 16, 2014 Share Posted February 16, 2014 OK That shows no remaining malware, it does show your security package as in how heavy it's in your system and appears to be running as you think. For the external drives we could use EsetOnlineScanner.. But be aware this may take a considerable amount of time as it does a very thorough scan The drives will need to be connected ESET Online Scanner: Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here. Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu. Please go here to run the scan. http://www.eset.com/us/online-scanner/run Online Virus Scanner Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install. All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked. Now click on Advanced Settings and select the following: Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology Now click on: The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection. When completed the Online Scan will begin automatically. Do not touch either the Mouse or keyboard during the scan otherwise it may stall. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first! Now click on: Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. Copy and paste that log as a reply to this topic. Note: Do not forget to re-enable your Anti-Virus application after running the above scan! Link to post Share on other sites
crossword Posted February 17, 2014 Author Share Posted February 17, 2014 "That shows no remaining malware, it does show your security package as in how heavy it's in your system and appears to be running as you think." But if there is no remaining malware, then why am I still unabe to acess my sites and why does it still keep redirecting to other sites like facebook and google analytics, which I read is a sign of malware? From what you said I assumed it was my ext drive causing the problem, so I disconnected it. But the problem remains. "For the external drives we could use EsetOnlineScanner." Yes I'll do that but what about my computer itself? Why is no program finding any malware yet my problem remains? Link to post Share on other sites
Juliet Posted February 17, 2014 Share Posted February 17, 2014 I am trying to help you find the cause of all these issues, we do rootkit/bootkit scans and it returns nothing found. You could download and run HitmanPro again and save the log? HitmanPro Please download HitmanPro. Launch the program by double clicking on the icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator). Click on the next button. You must agree with the terms of EULA. Check the box beside "No, I only want to perform a one-time scan to check this computer". Click on the next button. The program will start to scan the computer. The scan will typically take no more than 2-3 minutes. When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!! Click on the next button. Click on the "Export scan results to XML file". Save that file to your desktop and zip and attach it in your next reply. ~~~~~~~~~~~~~~~~~~~~~~~~~~~`3. Reset the IP/DNS settings of your interent connection: Go to Start -> Control Panel -> Double click on Network Connections. Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties. Select the General tab. Double click on Internet Protocol (TCP/IP).?Under General tab: Select "Obtain an IP address automatically". Select "Obtain DNS server address automatically". Click OK twice to save the settings. Reboot if you had to change any setting. 4. Flush the DNS cache:Click the Start logo in the bottom left corner of the screen Click on Run or press Windows Logo+R In the command window copy/paste the following (one at a time): ipconfig /flushdns netsh winsock reset Then hit enter. Exit the command window. 5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~` Please download aswMBR ( 511KB ) to your desktop. Double click the aswMBR.exe icon to run it Click the Scan button to start the scan On completion of the scan, click the save log button, save it to your desktop and post it in your next reply. Link to post Share on other sites
Juliet Posted February 19, 2014 Share Posted February 19, 2014 It has been 2 days since you have replied, do you still need help? Link to post Share on other sites
Recommended Posts